Colin Ian King wrote:
In the case where a request_mem_region call fails and pointer r is null
the error exit path via label 'out' will check for a non-null pointer
p and try to iounmap it. However, pointer p has not been assigned a
value at this point, so it may potentially contain any garbage value.
Fix this by ensuring pointer p is initialized to NULL.
Fixes: 1a35c88302a3 ("ACPI: APEI: EINJ: Fix kernel test sparse warnings")
Signed-off-by: Colin Ian King <colin.i.king@xxxxxxxxx>
---
drivers/acpi/apei/einj-core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/acpi/apei/einj-core.c b/drivers/acpi/apei/einj-core.c
index 7930acd1d3f3..fc801587df8e 100644
--- a/drivers/acpi/apei/einj-core.c
+++ b/drivers/acpi/apei/einj-core.c
@@ -401,7 +401,7 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
u32 table_size;
int rc = -EIO;
struct acpi_generic_address *trigger_param_region = NULL;
- struct acpi_einj_trigger __iomem *p;
+ struct acpi_einj_trigger __iomem *p = NULL;
Apparently my review of these was pretty weak... :-/
That said; Why not skip a goto as well?
Ira
diff --git a/drivers/acpi/apei/einj-core.c b/drivers/acpi/apei/einj-core.c
index d6d7e36e3647..fae01795e7f6 100644
--- a/drivers/acpi/apei/einj-core.c
+++ b/drivers/acpi/apei/einj-core.c
@@ -410,7 +410,7 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
(unsigned long long)trigger_paddr,
(unsigned long long)trigger_paddr +
sizeof(trigger_tab) - 1);
- goto out;
+ return -EIO;
}
p = ioremap_cache(trigger_paddr, sizeof(*p));
if (!p) {
@@ -502,7 +502,6 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
table_size - sizeof(trigger_tab));
out_rel_header:
release_mem_region(trigger_paddr, sizeof(trigger_tab));
-out:
if (p)
iounmap(p);
Attachment:
OpenPGP_0x68C287DFC6A80226.asc
Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature