coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
commit f67bc15e526bb9920683ad6c1891ff9e08981335 upstream.
This code generates a Smatch warning:
drivers/hwtracing/coresight/coresight-tmc-etr.c:947 tmc_etr_buf_insert_barrier_packet()
error: uninitialized symbol 'bufp'.
The problem is that if tmc_sg_table_get_data() returns -EINVAL, then
when we test if "len < CORESIGHT_BARRIER_PKT_SIZE", the negative "len"
value is type promoted to a high unsigned long value which is greater
than CORESIGHT_BARRIER_PKT_SIZE. Fix this bug by adding an explicit
check for error codes.
Fixes: 75f4e3619f
("coresight: tmc-etr: Add transparent buffer management")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/7d33e244-d8b9-4c27-9653-883a13534b01@kili.mountain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
f6b610730e
commit
9b13972e4f
@ -909,7 +909,7 @@ tmc_etr_buf_insert_barrier_packet(struct etr_buf *etr_buf, u64 offset)
|
||||
|
||||
len = tmc_etr_buf_get_data(etr_buf, offset,
|
||||
CORESIGHT_BARRIER_PKT_SIZE, &bufp);
|
||||
if (WARN_ON(len < CORESIGHT_BARRIER_PKT_SIZE))
|
||||
if (WARN_ON(len < 0 || len < CORESIGHT_BARRIER_PKT_SIZE))
|
||||
return -EINVAL;
|
||||
coresight_insert_barrier_packet(bufp);
|
||||
return offset + CORESIGHT_BARRIER_PKT_SIZE;
|
||||
|
Loading…
Reference in New Issue
Block a user