From: Tom Rix <[email protected]>
Clang static analysis reports this error
amdgpu_debugfs.c:1690:9: warning: 1st function call
argument is an uninitialized value
tmp = krealloc_array(tmp, i + 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~
realloc uses tmp, so tmp can not be garbage.
And the return needs to be checked.
Fixes: 5ce5a584cb82 ("drm/amdgpu: add debugfs for reset registers list")
Signed-off-by: Tom Rix <[email protected]>
---
v2:
use 'new' to hold/check the ralloc return
fix commit log mistake on ralloc freeing to using input ptr
drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
index 9eb9b440bd438..2f4f8c5618d81 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
@@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
{
struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private;
char reg_offset[11];
- uint32_t *tmp;
+ uint32_t *new, *tmp = NULL;
int ret, i = 0, len = 0;
do {
@@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
goto error_free;
}
- tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
+ new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
+ if (!new) {
+ ret = -ENOMEM;
+ goto error_free;
+ }
+ tmp = new;
if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) {
ret = -EINVAL;
goto error_free;
--
2.26.3
Am 27.02.22 um 16:33 schrieb [email protected]:
> From: Tom Rix <[email protected]>
>
> Clang static analysis reports this error
> amdgpu_debugfs.c:1690:9: warning: 1st function call
> argument is an uninitialized value
> tmp = krealloc_array(tmp, i + 1,
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> realloc uses tmp, so tmp can not be garbage.
> And the return needs to be checked.
>
> Fixes: 5ce5a584cb82 ("drm/amdgpu: add debugfs for reset registers list")
> Signed-off-by: Tom Rix <[email protected]>
Yeah, stuff I missed because of the long review. I was already wondering
what semantics krealloc_array is following for freeing up the pointer on
error.
Reviewed-by: Christian König <[email protected]>
Thanks,
Christian.
> ---
> v2:
> use 'new' to hold/check the ralloc return
> fix commit log mistake on ralloc freeing to using input ptr
>
> drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> index 9eb9b440bd438..2f4f8c5618d81 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> @@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
> {
> struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private;
> char reg_offset[11];
> - uint32_t *tmp;
> + uint32_t *new, *tmp = NULL;
> int ret, i = 0, len = 0;
>
> do {
> @@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
> goto error_free;
> }
>
> - tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> + new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> + if (!new) {
> + ret = -ENOMEM;
> + goto error_free;
> + }
> + tmp = new;
> if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) {
> ret = -EINVAL;
> goto error_free;
Applied. Thanks!
Alex
On Mon, Feb 28, 2022 at 5:55 AM Christian König
<[email protected]> wrote:
>
> Am 27.02.22 um 16:33 schrieb [email protected]:
> > From: Tom Rix <[email protected]>
> >
> > Clang static analysis reports this error
> > amdgpu_debugfs.c:1690:9: warning: 1st function call
> > argument is an uninitialized value
> > tmp = krealloc_array(tmp, i + 1,
> > ^~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > realloc uses tmp, so tmp can not be garbage.
> > And the return needs to be checked.
> >
> > Fixes: 5ce5a584cb82 ("drm/amdgpu: add debugfs for reset registers list")
> > Signed-off-by: Tom Rix <[email protected]>
>
> Yeah, stuff I missed because of the long review. I was already wondering
> what semantics krealloc_array is following for freeing up the pointer on
> error.
>
> Reviewed-by: Christian König <[email protected]>
>
> Thanks,
> Christian.
>
> > ---
> > v2:
> > use 'new' to hold/check the ralloc return
> > fix commit log mistake on ralloc freeing to using input ptr
> >
> > drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 9 +++++++--
> > 1 file changed, 7 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> > index 9eb9b440bd438..2f4f8c5618d81 100644
> > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> > @@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
> > {
> > struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private;
> > char reg_offset[11];
> > - uint32_t *tmp;
> > + uint32_t *new, *tmp = NULL;
> > int ret, i = 0, len = 0;
> >
> > do {
> > @@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
> > goto error_free;
> > }
> >
> > - tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> > + new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> > + if (!new) {
> > + ret = -ENOMEM;
> > + goto error_free;
> > + }
> > + tmp = new;
> > if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) {
> > ret = -EINVAL;
> > goto error_free;
>