Re: [PATCH][next] ACPI: APEI: EINJ: Fix check and iounmap of uninitialized pointer p

"Colin King (gmail)" <colin.i.king@xxxxxxxxx> · Wed, 25 Jun 2025 22:43:26 +0100

On 25/06/2025 22:40, Ira Weiny wrote:
Colin Ian King wrote:
In the case where a request_mem_region call fails and pointer r is null
the error exit path via label 'out' will check for a non-null pointer
p and try to iounmap it. However, pointer p has not been assigned a
value at this point, so it may potentially contain any garbage value.
Fix this by ensuring pointer p is initialized to NULL.

Fixes: 1a35c88302a3 ("ACPI: APEI: EINJ: Fix kernel test sparse warnings")
Signed-off-by: Colin Ian King <colin.i.king@xxxxxxxxx>
---
  drivers/acpi/apei/einj-core.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/acpi/apei/einj-core.c b/drivers/acpi/apei/einj-core.c
index 7930acd1d3f3..fc801587df8e 100644
--- a/drivers/acpi/apei/einj-core.c
+++ b/drivers/acpi/apei/einj-core.c
@@ -401,7 +401,7 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
  	u32 table_size;
  	int rc = -EIO;
  	struct acpi_generic_address *trigger_param_region = NULL;
-	struct acpi_einj_trigger __iomem *p;
+	struct acpi_einj_trigger __iomem *p = NULL;

Apparently my review of these was pretty weak...  :-/

That said; Why not skip a goto as well?

Because the goto uses a shared return path and hence reduces the amount 
of return epilogue used in the generated code.

Colin


Ira

diff --git a/drivers/acpi/apei/einj-core.c b/drivers/acpi/apei/einj-core.c
index d6d7e36e3647..fae01795e7f6 100644
--- a/drivers/acpi/apei/einj-core.c
+++ b/drivers/acpi/apei/einj-core.c
@@ -410,7 +410,7 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
                        (unsigned long long)trigger_paddr,
                        (unsigned long long)trigger_paddr +
                             sizeof(trigger_tab) - 1);
-               goto out;
+               return -EIO;
         }
         p = ioremap_cache(trigger_paddr, sizeof(*p));
         if (!p) {
@@ -502,7 +502,6 @@ static int __einj_error_trigger(u64 trigger_paddr, u32 type,
                            table_size - sizeof(trigger_tab));
  out_rel_header:
         release_mem_region(trigger_paddr, sizeof(trigger_tab));
-out:
         if (p)
                 iounmap(p);
  

Attachment:
OpenPGP_0x68C287DFC6A80226.asc

Description: OpenPGP public key
Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature




