[PATCH v2] drm/amdgpu: Fix realloc of ptr

Mon Feb 28 10:55:38 UTC 2022

Am 27.02.22 um 16:33 schrieb trix at redhat.com:
> From: Tom Rix <trix at redhat.com>
>
> Clang static analysis reports this error
> amdgpu_debugfs.c:1690:9: warning: 1st function call
>    argument is an uninitialized value
>    tmp = krealloc_array(tmp, i + 1,
>          ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> realloc uses tmp, so tmp can not be garbage.
> And the return needs to be checked.
>
> Fixes: 5ce5a584cb82 ("drm/amdgpu: add debugfs for reset registers list")
> Signed-off-by: Tom Rix <trix at redhat.com>

Yeah, stuff I missed because of the long review. I was already wondering 
what semantics krealloc_array is following for freeing up the pointer on 
error.

Reviewed-by: Christian König <christian.koenig at amd.com>

Thanks,
Christian.

> ---
> v2:
>    use 'new' to hold/check the ralloc return
>    fix commit log mistake on ralloc freeing to using input ptr
>    
>   drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> index 9eb9b440bd438..2f4f8c5618d81 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> @@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
>   {
>   	struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private;
>   	char reg_offset[11];
> -	uint32_t *tmp;
> +	uint32_t *new, *tmp = NULL;
>   	int ret, i = 0, len = 0;
>   
>   	do {
> @@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
>   			goto error_free;
>   		}
>   
> -		tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> +		new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> +		if (!new) {
> +			ret = -ENOMEM;
> +			goto error_free;
> +		}
> +		tmp = new;
>   		if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) {
>   			ret = -EINVAL;
>   			goto error_free;