Re: [PATCH] iommufd: Fix uninitialized rc in iommufd_access_rw()
From: Jason Gunthorpe
Date: Tue Mar 04 2025 - 08:41:28 EST
On Thu, Feb 27, 2025 at 12:07:29PM -0800, Nicolin Chen wrote:
> Reported by smatch:
> drivers/iommu/iommufd/device.c:1392 iommufd_access_rw() error: uninitialized symbol 'rc'.
>
> Fixes: 8d40205f6093 ("iommufd: Add kAPI toward external drivers for kernel access")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: kernel test robot <lkp@xxxxxxxxx>
> Reported-by: Dan Carpenter <error27@xxxxxxxxx>
> Closes: https://lore.kernel.org/r/202502271339.a2nWr9UA-lkp@xxxxxxxxx/
> [nicolinc: can't find an original report but only in "old smatch warnings"]
> Signed-off-by: Nicolin Chen <nicolinc@xxxxxxxxxx>
> ---
> drivers/iommu/iommufd/device.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iommu/iommufd/device.c b/drivers/iommu/iommufd/device.c
> index 6dccbf7217f5..b812ae40f382 100644
> --- a/drivers/iommu/iommufd/device.c
> +++ b/drivers/iommu/iommufd/device.c
> @@ -1348,7 +1348,7 @@ int iommufd_access_rw(struct iommufd_access *access, unsigned long iova,
> struct io_pagetable *iopt;
> struct iopt_area *area;
> unsigned long last_iova;
> - int rc;
> + int rc = 0;
This is a smatch error but it can't actually happen because:
if (!length)
return -EINVAL;
And:
if (!iopt_area_contig_done(&iter))
rc = -ENOENT;
Prevents an empty loop for iopt_for_each_contig_area()
And each loop does:
rc = iopt_pages_rw_access(
Which will zero rc.
If for some reason rc was used uninitialized then it would be an error
so it should be rc = -EINVAL. I fixed it up.
Jason