Re: [PATCH v3 11/12] misc: fastrpc: Add dma handle implementation

From: Dan Carpenter
Date: Fri Jan 28 2022 - 02:10:39 EST

Hi Srinivas,

url: https://github.com/0day-ci/linux/commits/Srinivas-Kandagatla/misc-fastrpc-Add-missing-DSP-FastRPC-features/20220126-215705
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git 515a2f507491e7c3818e74ef4f4e088c1fecb190
config: openrisc-randconfig-m031-20220124 (https://download.01.org/0day-ci/archive/20220127/202201272146.Ci8W6Th6-lkp@xxxxxxxxx/config)
compiler: or1k-linux-gcc (GCC) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

New smatch warnings:
drivers/misc/fastrpc.c:1856 fastrpc_req_mem_map() warn: variable dereferenced before check 'map' (see line 1834)

vim +/map +1856 drivers/misc/fastrpc.c

b1c0b7969aa491 Jeya R 2022-01-26 1784 static int fastrpc_req_mem_map(struct fastrpc_user *fl, char __user *argp)
b1c0b7969aa491 Jeya R 2022-01-26 1785 {
b1c0b7969aa491 Jeya R 2022-01-26 1786 struct fastrpc_invoke_args args[4] = { [0 ... 3] = { 0 } };
b1c0b7969aa491 Jeya R 2022-01-26 1787 struct fastrpc_mem_map_req_msg req_msg = { 0 };
b1c0b7969aa491 Jeya R 2022-01-26 1788 struct fastrpc_mmap_rsp_msg rsp_msg = { 0 };
b1c0b7969aa491 Jeya R 2022-01-26 1789 struct fastrpc_mem_unmap req_unmap = { 0 };
b1c0b7969aa491 Jeya R 2022-01-26 1790 struct fastrpc_phy_page pages = { 0 };
b1c0b7969aa491 Jeya R 2022-01-26 1791 struct fastrpc_mem_map req;
b1c0b7969aa491 Jeya R 2022-01-26 1792 struct device *dev = fl->sctx->dev;
b1c0b7969aa491 Jeya R 2022-01-26 1793 struct fastrpc_map *map = NULL;
b1c0b7969aa491 Jeya R 2022-01-26 1794 int err;
b1c0b7969aa491 Jeya R 2022-01-26 1795 u32 sc;
b1c0b7969aa491 Jeya R 2022-01-26 1796
b1c0b7969aa491 Jeya R 2022-01-26 1797 if (copy_from_user(&req, argp, sizeof(req)))
b1c0b7969aa491 Jeya R 2022-01-26 1798 return -EFAULT;
b1c0b7969aa491 Jeya R 2022-01-26 1799
b1c0b7969aa491 Jeya R 2022-01-26 1800 /* create SMMU mapping */
e52e7cb4a5a6f3 Srinivas Kandagatla 2022-01-26 1801 err = fastrpc_map_create(fl, req.fd, req.length, 0, &map);
b1c0b7969aa491 Jeya R 2022-01-26 1802 if (err) {
b1c0b7969aa491 Jeya R 2022-01-26 1803 dev_err(dev, "failed to map buffer, fd = %d\n", req.fd);
b1c0b7969aa491 Jeya R 2022-01-26 1804 return err;
b1c0b7969aa491 Jeya R 2022-01-26 1805 }
b1c0b7969aa491 Jeya R 2022-01-26 1806
b1c0b7969aa491 Jeya R 2022-01-26 1807 req_msg.pgid = fl->tgid;
b1c0b7969aa491 Jeya R 2022-01-26 1808 req_msg.fd = req.fd;
b1c0b7969aa491 Jeya R 2022-01-26 1809 req_msg.offset = req.offset;
b1c0b7969aa491 Jeya R 2022-01-26 1810 req_msg.vaddrin = req.vaddrin;
b1c0b7969aa491 Jeya R 2022-01-26 1811 map->va = (void *) req.vaddrin;
b1c0b7969aa491 Jeya R 2022-01-26 1812 req_msg.flags = req.flags;
b1c0b7969aa491 Jeya R 2022-01-26 1813 req_msg.num = sizeof(pages);
b1c0b7969aa491 Jeya R 2022-01-26 1814 req_msg.data_len = 0;
b1c0b7969aa491 Jeya R 2022-01-26 1815
b1c0b7969aa491 Jeya R 2022-01-26 1816 args[0].ptr = (u64) &req_msg;
b1c0b7969aa491 Jeya R 2022-01-26 1817 args[0].length = sizeof(req_msg);
b1c0b7969aa491 Jeya R 2022-01-26 1818
b1c0b7969aa491 Jeya R 2022-01-26 1819 pages.addr = map->phys;
b1c0b7969aa491 Jeya R 2022-01-26 1820 pages.size = map->size;
b1c0b7969aa491 Jeya R 2022-01-26 1821
b1c0b7969aa491 Jeya R 2022-01-26 1822 args[1].ptr = (u64) &pages;
b1c0b7969aa491 Jeya R 2022-01-26 1823 args[1].length = sizeof(pages);
b1c0b7969aa491 Jeya R 2022-01-26 1824
b1c0b7969aa491 Jeya R 2022-01-26 1825 args[2].ptr = (u64) &pages;
b1c0b7969aa491 Jeya R 2022-01-26 1826 args[2].length = 0;
b1c0b7969aa491 Jeya R 2022-01-26 1827
b1c0b7969aa491 Jeya R 2022-01-26 1828 args[3].ptr = (u64) &rsp_msg;
b1c0b7969aa491 Jeya R 2022-01-26 1829 args[3].length = sizeof(rsp_msg);
b1c0b7969aa491 Jeya R 2022-01-26 1830
b1c0b7969aa491 Jeya R 2022-01-26 1831 sc = FASTRPC_SCALARS(FASTRPC_RMID_INIT_MEM_MAP, 3, 1);
b1c0b7969aa491 Jeya R 2022-01-26 1832 err = fastrpc_internal_invoke(fl, true, FASTRPC_INIT_HANDLE, sc, &args[0]);
b1c0b7969aa491 Jeya R 2022-01-26 1833 if (err) {
b1c0b7969aa491 Jeya R 2022-01-26 @1834 dev_err(dev, "mem mmap error, fd %d, vaddr %llx, size %lld\n",
b1c0b7969aa491 Jeya R 2022-01-26 1835 req.fd, req.vaddrin, map->size);
b1c0b7969aa491 Jeya R 2022-01-26 1836 goto err_invoke;
b1c0b7969aa491 Jeya R 2022-01-26 1837 }
b1c0b7969aa491 Jeya R 2022-01-26 1838
b1c0b7969aa491 Jeya R 2022-01-26 1839 /* update the buffer to be able to deallocate the memory on the DSP */
b1c0b7969aa491 Jeya R 2022-01-26 1840 map->raddr = rsp_msg.vaddr;
b1c0b7969aa491 Jeya R 2022-01-26 1841
b1c0b7969aa491 Jeya R 2022-01-26 1842 /* let the client know the address to use */
b1c0b7969aa491 Jeya R 2022-01-26 1843 req.vaddrout = rsp_msg.vaddr;
b1c0b7969aa491 Jeya R 2022-01-26 1844
b1c0b7969aa491 Jeya R 2022-01-26 1845 if (copy_to_user((void __user *)argp, &req, sizeof(req))) {
b1c0b7969aa491 Jeya R 2022-01-26 1846 /* unmap the memory and release the buffer */
b1c0b7969aa491 Jeya R 2022-01-26 1847 req_unmap.vaddr = (uintptr_t) rsp_msg.vaddr;
b1c0b7969aa491 Jeya R 2022-01-26 1848 req_unmap.length = map->size;
b1c0b7969aa491 Jeya R 2022-01-26 1849 fastrpc_req_mem_unmap_impl(fl, &req_unmap);
b1c0b7969aa491 Jeya R 2022-01-26 1850 return -EFAULT;
b1c0b7969aa491 Jeya R 2022-01-26 1851 }
b1c0b7969aa491 Jeya R 2022-01-26 1852
b1c0b7969aa491 Jeya R 2022-01-26 1853 return 0;
b1c0b7969aa491 Jeya R 2022-01-26 1854
b1c0b7969aa491 Jeya R 2022-01-26 1855 err_invoke:
b1c0b7969aa491 Jeya R 2022-01-26 @1856 if (map)
b1c0b7969aa491 Jeya R 2022-01-26 1857 fastrpc_map_put(map);

"map" can't be NULL.

b1c0b7969aa491 Jeya R 2022-01-26 1858
b1c0b7969aa491 Jeya R 2022-01-26 1859 return err;
b1c0b7969aa491 Jeya R 2022-01-26 1860 }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx