From 2cc40ee7ae30fa12c3ee3f18e6c0e81cced2cdcc Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Fri, 30 Sep 2016 18:19:01 +0200 Subject: [PATCH] dmaengine: edma: avoid uninitialized variable use If edma_read_slot() gets an invalid argument, it does not set a result, as found by "gcc -Wmaybe-uninitialized" drivers/dma/edma.c: In function 'dma_ccerr_handler': drivers/dma/edma.c:1499:21: error: 'p.a_b_cnt' may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/dma/edma.c:1499:21: error: 'p.ccnt' may be used uninitialized in this function [-Werror=maybe-uninitialized] if (p.a_b_cnt == 0 && p.ccnt == 0) { If we change the function to return an error in this case, we can handle the failure more gracefully and treat this the same way as a null slot that we already catch. Signed-off-by: Arnd Bergmann Signed-off-by: Vinod Koul --- drivers/dma/edma.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/dma/edma.c b/drivers/dma/edma.c index 3d277fa..9d5dff4 100644 --- a/drivers/dma/edma.c +++ b/drivers/dma/edma.c @@ -464,13 +464,15 @@ static void edma_write_slot(struct edma_cc *ecc, unsigned slot, memcpy_toio(ecc->base + PARM_OFFSET(slot), param, PARM_SIZE); } -static void edma_read_slot(struct edma_cc *ecc, unsigned slot, +static int edma_read_slot(struct edma_cc *ecc, unsigned slot, struct edmacc_param *param) { slot = EDMA_CHAN_SLOT(slot); if (slot >= ecc->num_slots) - return; + return -EINVAL; memcpy_fromio(param, ecc->base + PARM_OFFSET(slot), PARM_SIZE); + + return 0; } /** @@ -1476,13 +1478,15 @@ static void edma_error_handler(struct edma_chan *echan) struct edma_cc *ecc = echan->ecc; struct device *dev = echan->vchan.chan.device->dev; struct edmacc_param p; + int err; if (!echan->edesc) return; spin_lock(&echan->vchan.lock); - edma_read_slot(ecc, echan->slot[0], &p); + err = edma_read_slot(ecc, echan->slot[0], &p); + /* * Issue later based on missed flag which will be sure * to happen as: @@ -1495,7 +1499,7 @@ static void edma_error_handler(struct edma_chan *echan) * lead to some nasty recursion when we are in a NULL * slot. So we avoid doing so and set the missed flag. */ - if (p.a_b_cnt == 0 && p.ccnt == 0) { + if (err || (p.a_b_cnt == 0 && p.ccnt == 0)) { dev_dbg(dev, "Error on null slot, setting miss\n"); echan->missed = 1; } else { -- 2.7.4