[lvc-project] [PATCH v2] dma: k3-udma - fix potential null dereference in k3_udma_glue_request_rx_chn_priv()
Fedor Pchelkin
pchelkin at ispras.ru
Tue Oct 7 13:10:56 MSK 2025
$ git log drivers/dma/ti/k3-udma-glue.c
С upstream префикс у них сейчас вроде такой
dmaengine: ti: k3-udma-glue: ...
On Mon, 06. Oct 15:43, Pavel Zhigulin wrote:
> This fix sets rx_chn->flow_num only after rx_chn->flows is successfully
> allocated, preventing the for loop from running if allocation fails.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Describe your changes in imperative mood, e.g. “make xyzzy do frotz” +
+ instead of “[This patch] makes xyzzy do frotz” or “[I] changed xyzzy +
+ to do frotz”, as if you are giving orders to the codebase to change +
+ its behaviour. +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
https://www.kernel.org/doc/html/latest/process/submitting-patches.html#describe-your-changes
> --- a/drivers/dma/ti/k3-udma-glue.c
> +++ b/drivers/dma/ti/k3-udma-glue.c
> @@ -1031,15 +1031,15 @@ k3_udma_glue_request_rx_chn_priv(struct device *dev, const char *name,
> rx_chn->flow_id_base = rx_chn->udma_rchan_id;
> }
>
> - rx_chn->flow_num = cfg->flow_id_num;
> -
> - rx_chn->flows = devm_kcalloc(dev, rx_chn->flow_num,
> + rx_chn->flows = devm_kcalloc(dev, cfg->flow_id_num,
> sizeof(*rx_chn->flows), GFP_KERNEL);
> if (!rx_chn->flows) {
> ret = -ENOMEM;
Если это может быть проблемой одного конкретного error-пути, можно на
нём только занулить значение поля
rx_chn->flow_num = 0;
В целом, дело предпочтений, тут как сами видите.
Предлагаю отправлять в сообщество, спасибо!
> goto err;
> }
>
> + rx_chn->flow_num = cfg->flow_id_num;
> +
> ret = k3_udma_glue_allocate_rx_flows(rx_chn, cfg);
> if (ret)
> goto err;
> --
> 2.43.0
More information about the lvc-project
mailing list