diff options
| author | Dan Carpenter <dan.carpenter@linaro.org> | 2023-04-21 13:42:41 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-05-30 13:55:32 +0100 |
| commit | ff151810fb952865047bb5e596540a3a89df6cf5 (patch) | |
| tree | 3eb501738e02692f05b32c4189a1e768ccb838e0 | |
| parent | 24cf1147437691104441d97fa98da87b875f96d0 (diff) | |
| download | linux-stable-ff151810fb952865047bb5e596540a3a89df6cf5.tar.gz linux-stable-ff151810fb952865047bb5e596540a3a89df6cf5.tar.bz2 linux-stable-ff151810fb952865047bb5e596540a3a89df6cf5.zip | |
coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
commit f67bc15e526bb9920683ad6c1891ff9e08981335 upstream.
This code generates a Smatch warning:
drivers/hwtracing/coresight/coresight-tmc-etr.c:947 tmc_etr_buf_insert_barrier_packet()
error: uninitialized symbol 'bufp'.
The problem is that if tmc_sg_table_get_data() returns -EINVAL, then
when we test if "len < CORESIGHT_BARRIER_PKT_SIZE", the negative "len"
value is type promoted to a high unsigned long value which is greater
than CORESIGHT_BARRIER_PKT_SIZE. Fix this bug by adding an explicit
check for error codes.
Fixes: 75f4e3619fe2 ("coresight: tmc-etr: Add transparent buffer management")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/7d33e244-d8b9-4c27-9653-883a13534b01@kili.mountain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/hwtracing/coresight/coresight-tmc-etr.c b/drivers/hwtracing/coresight/coresight-tmc-etr.c index acdb59e0e661..0000d0c6068f 100644 --- a/drivers/hwtracing/coresight/coresight-tmc-etr.c +++ b/drivers/hwtracing/coresight/coresight-tmc-etr.c @@ -926,7 +926,7 @@ tmc_etr_buf_insert_barrier_packet(struct etr_buf *etr_buf, u64 offset) len = tmc_etr_buf_get_data(etr_buf, offset, CORESIGHT_BARRIER_PKT_SIZE, &bufp); - if (WARN_ON(len < CORESIGHT_BARRIER_PKT_SIZE)) + if (WARN_ON(len < 0 || len < CORESIGHT_BARRIER_PKT_SIZE)) return -EINVAL; coresight_insert_barrier_packet(bufp); return offset + CORESIGHT_BARRIER_PKT_SIZE; |