2019-12-05 08:26:38

by kernel test robot

[permalink] [raw]
Subject: include/linux/dmaengine.h:1370:10: warning: 'caps.descriptor_reuse' is used uninitialized in this function

tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 2f13437b8917627119d163d62f73e7a78a92303a
commit: 8259bf667a0f9ea1a37bb71c7af9ebd550e9251d spi: bcm2835: Speed up TX-only DMA transfers by clearing RX FIFO
date: 3 months ago
config: x86_64-randconfig-s0-20191205 (attached as .config)
compiler: gcc-4.9 (Debian 4.9.2-10+deb8u1) 4.9.2
reproduce:
git checkout 8259bf667a0f9ea1a37bb71c7af9ebd550e9251d
# save the attached .config to linux build tree
make ARCH=x86_64

If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <[email protected]>

All warnings (new ones prefixed by >>):

In file included from drivers/spi/spi-bcm2835.c:19:0:
drivers/spi/spi-bcm2835.c: In function 'dmaengine_desc_set_reuse':
>> include/linux/dmaengine.h:1370:10: warning: 'caps.descriptor_reuse' is used uninitialized in this function [-Wuninitialized]
if (caps.descriptor_reuse) {
^
--
In file included from drivers//spi/spi-bcm2835.c:19:0:
drivers//spi/spi-bcm2835.c: In function 'dmaengine_desc_set_reuse':
>> include/linux/dmaengine.h:1370:10: warning: 'caps.descriptor_reuse' is used uninitialized in this function [-Wuninitialized]
if (caps.descriptor_reuse) {
^

vim +1370 include/linux/dmaengine.h

a8135d0d79e9d0 Peter Ujfalusi 2015-12-14 1363
272420214d261e Vinod Koul 2015-08-05 1364 static inline int dmaengine_desc_set_reuse(struct dma_async_tx_descriptor *tx)
272420214d261e Vinod Koul 2015-08-05 1365 {
272420214d261e Vinod Koul 2015-08-05 1366 struct dma_slave_caps caps;
272420214d261e Vinod Koul 2015-08-05 1367
272420214d261e Vinod Koul 2015-08-05 1368 dma_get_slave_caps(tx->chan, &caps);
272420214d261e Vinod Koul 2015-08-05 1369
272420214d261e Vinod Koul 2015-08-05 @1370 if (caps.descriptor_reuse) {
272420214d261e Vinod Koul 2015-08-05 1371 tx->flags |= DMA_CTRL_REUSE;
272420214d261e Vinod Koul 2015-08-05 1372 return 0;
272420214d261e Vinod Koul 2015-08-05 1373 } else {
272420214d261e Vinod Koul 2015-08-05 1374 return -EPERM;
272420214d261e Vinod Koul 2015-08-05 1375 }
272420214d261e Vinod Koul 2015-08-05 1376 }
272420214d261e Vinod Koul 2015-08-05 1377

:::::: The code at line 1370 was first introduced by commit
:::::: 272420214d261e97f08a4c555defb3924de06ae8 dmaengine: Add DMA_CTRL_REUSE

:::::: TO: Vinod Koul <[email protected]>
:::::: CC: Vinod Koul <[email protected]>

---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/[email protected] Intel Corporation


Attachments:
(No filename) (2.68 kB)
.config.gz (30.75 kB)
Download all attachments

2019-12-05 12:05:17

by Lukas Wunner

[permalink] [raw]
Subject: [PATCH] dmaengine: Fix access to uninitialized dma_slave_caps

dmaengine_desc_set_reuse() allocates a struct dma_slave_caps on the
stack, populates it using dma_get_slave_caps() and then accesses one
of its members.

However dma_get_slave_caps() may fail and this isn't accounted for,
leading to a legitimate warning of gcc-4.9 (but not newer versions):

In file included from drivers/spi/spi-bcm2835.c:19:0:
drivers/spi/spi-bcm2835.c: In function 'dmaengine_desc_set_reuse':
>> include/linux/dmaengine.h:1370:10: warning: 'caps.descriptor_reuse' is used uninitialized in this function [-Wuninitialized]
if (caps.descriptor_reuse) {

Fix it, thereby also silencing the gcc-4.9 warning.

The issue has been present for 4 years but surfaces only now that
the first caller of dmaengine_desc_set_reuse() has been added in
spi-bcm2835.c. Another user of reusable DMA descriptors has existed
for a while in pxa_camera.c, but it sets the DMA_CTRL_REUSE flag
directly instead of calling dmaengine_desc_set_reuse(). Nevertheless,
tag this commit for stable in case there are out-of-tree users.

Fixes: 272420214d26 ("dmaengine: Add DMA_CTRL_REUSE")
Reported-by: kbuild test robot <[email protected]>
Signed-off-by: Lukas Wunner <[email protected]>
Cc: [email protected] # v4.3+
---
include/linux/dmaengine.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
index 8fcdee1c0cf9..dad4a68fa009 100644
--- a/include/linux/dmaengine.h
+++ b/include/linux/dmaengine.h
@@ -1364,8 +1364,11 @@ static inline int dma_get_slave_caps(struct dma_chan *chan,
static inline int dmaengine_desc_set_reuse(struct dma_async_tx_descriptor *tx)
{
struct dma_slave_caps caps;
+ int ret;

- dma_get_slave_caps(tx->chan, &caps);
+ ret = dma_get_slave_caps(tx->chan, &caps);
+ if (ret)
+ return ret;

if (caps.descriptor_reuse) {
tx->flags |= DMA_CTRL_REUSE;
--
2.24.0

2019-12-11 10:34:25

by Vinod Koul

[permalink] [raw]
Subject: Re: [PATCH] dmaengine: Fix access to uninitialized dma_slave_caps

On 05-12-19, 12:54, Lukas Wunner wrote:
> dmaengine_desc_set_reuse() allocates a struct dma_slave_caps on the
> stack, populates it using dma_get_slave_caps() and then accesses one
> of its members.
>
> However dma_get_slave_caps() may fail and this isn't accounted for,
> leading to a legitimate warning of gcc-4.9 (but not newer versions):
>
> In file included from drivers/spi/spi-bcm2835.c:19:0:
> drivers/spi/spi-bcm2835.c: In function 'dmaengine_desc_set_reuse':
> >> include/linux/dmaengine.h:1370:10: warning: 'caps.descriptor_reuse' is used uninitialized in this function [-Wuninitialized]
> if (caps.descriptor_reuse) {
>
> Fix it, thereby also silencing the gcc-4.9 warning.
>
> The issue has been present for 4 years but surfaces only now that
> the first caller of dmaengine_desc_set_reuse() has been added in
> spi-bcm2835.c. Another user of reusable DMA descriptors has existed
> for a while in pxa_camera.c, but it sets the DMA_CTRL_REUSE flag
> directly instead of calling dmaengine_desc_set_reuse(). Nevertheless,
> tag this commit for stable in case there are out-of-tree users.

Applied, thanks

--
~Vinod