Bug 189021

Summary: Function eni_do_init() does not set the error code when the call to ioremap_nocache() fails
Product: Drivers Reporter: bianpan (bianpan2010)
Component: NetworkAssignee: drivers_network (drivers_network)
Status: RESOLVED CODE_FIX    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: linux-4.9-rc6 Subsystem:
Regression: No Bisected commit-id:
Attachments: The patch fixes the bug

Description bianpan 2016-11-25 11:17:50 UTC
Function ioremap_nocache() returns a NULL pointer if there is no enough memory. It is called in the function eni_do_init() defined in file drivers/atm/eni.c. Its return value is checked against NULL at line 1726. And if the return value is NULL, it returns variable error. Because variable error is checked at line 1717, the value of error must be 0 here. As a result, eni_do_init() returns 0 (indicates success) even if ioremap_nocache() fails. Though this error may occur rarely, I think it is better to return a correct error code (e.g. -ENOMEM) on the failure. Codes related to this bug are summarised as follows.

eni_do_init @@ drivers/atm/eni.c
1700 static int eni_do_init(struct atm_dev *dev)
1701 {
         ...
1707     int error,i,last;
         ...
1717     if ((error = pci_write_config_word(pci_dev,PCI_COMMAND,
1718         PCI_COMMAND_MEMORY |
1719         (eni_dev->asic ? PCI_COMMAND_PARITY | PCI_COMMAND_SERR : 0)))) {
1720         printk(KERN_ERR DEV_LABEL "(itf %d): can't enable memory "
1721             "(0x%02x)\n",dev->number,error);
1722         return -EIO;
1723     }
1724     printk(KERN_NOTICE DEV_LABEL "(itf %d): rev.%d,base=0x%lx,irq=%d,",
1725         dev->number,pci_dev->revision,real_base,eni_dev->irq);
1726     if (!(base = ioremap_nocache(real_base,MAP_MAX_SIZE))) {
1727         printk("\n");
1728         printk(KERN_ERR DEV_LABEL "(itf %d): can't set up page "
1729             "mapping\n",dev->number);
             // The value of error is 0. Insert "error = -ENOMEM;" ?
1730         return error;
1731     }
         ...
1787 out:
1788     return error;
1789 unmap:
1790     iounmap(base);
1791     goto out;
1792 }

Thanks very much!
Comment 1 bianpan 2017-05-12 00:25:40 UTC
Created attachment 256449 [details]
The patch fixes the bug

The patch has been merged into the latest version of the Linux kernel. So I will close the bug.