106261 – there exists a wrong return value of function asd_map_memio() when ioremap_nocache() fails

Bug 106261 - there exists a wrong return value of function asd_map_memio() when ioremap_nocache() fails

Summary: there exists a wrong return value of function asd_map_memio() when ioremap_no...

Status:	NEW

Alias:	None

Product:	SCSI Drivers
Classification:	Unclassified
Component:	AIC94XX (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	scsi_drivers-aic94xx

URL:
Keywords:

Duplicates (1):	106211 (view as bug list)
Depends on:
Blocks:

Reported:	2015-10-19 14:23 UTC by RUC_Soft_Sec
Modified:	2015-10-19 14:23 UTC (History)
CC List:	0 users

See Also:
Kernel Version:	4.2
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description RUC_Soft_Sec 2015-10-19 14:23:27 UTC

In function asd_map_memio() at drivers/scsi/aic94xx/aic94xx_init.c:80, the call to ioremap() in line 104 and ioremap_nocache in line 107 may fail, and thus function asd_map_memio() will return the value of variable 'err'. And, the function asd_map_memio() will return 0 at last when it runs well. However, when the call to pci_request_region() in line 97 succeeds, the value of 'err' is 0. So the function asd_map_memio() will return 0 to its caller functions when it runs error because of the failing call to ioremap() or ioremap_nocache(), leading to a wrong return value in function asd_map_memio().
The related code snippets in asd_map_memio are as following.
asd_map_memio @@drivers/scsi/aic94xx/aic94xx_init.c:80
80 static int asd_map_memio(struct asd_ha_struct *asd_ha)
 81 {
		    ......
 97                 err = pci_request_region(asd_ha->pcidev, i, ASD_DRIVER_NAME);
 98                 if (err) {
 99                         asd_printk("couldn't reserve memory region for %s\n",
100                                    pci_name(asd_ha->pcidev));
101                         goto Err;
102                 }
103                 if (io_handle->flags & IORESOURCE_CACHEABLE)
104                         io_handle->addr = ioremap(io_handle->start,
105                                                   io_handle->len);
106                 else
107                         io_handle->addr = ioremap_nocache(io_handle->start,
108                                                           io_handle->len);
109                 if (!io_handle->addr) {
110                         asd_printk("couldn't map MBAR%d of %s\n", i==0?0:1,
111                                    pci_name(asd_ha->pcidev));
112                         goto Err_unreq;
113                 }
114         }
115 
116         return 0;
117 Err_unreq:
118         pci_release_region(asd_ha->pcidev, i);
119 Err:
120         if (i > 0) {
121                 io_handle = &asd_ha->io_handle[0];
122                 iounmap(io_handle->addr);
123                 pci_release_region(asd_ha->pcidev, 0);
124         }
125         return err;
126 }


Generally, the return value of caller functions which call function ioremap_nocache() shall be set to a negative number when the call to ioremap_nocache() fails, like the following codes in another file.
pmc_setup_dev @@arch/x86/kernel/pmc_atom.c:296
296 static int pmc_setup_dev(struct pci_dev *pdev)
297 {
            ......
312         pmc->regmap = ioremap_nocache(pmc->base_addr, PMC_MMIO_REG_LEN);
313         if (!pmc->regmap) {
314                 dev_err(&pdev->dev, "error: ioremap failed\n");
315                 return -ENOMEM;
316         }
            ......
327 }

Thank you

RUC_Soft_Sec

Comment 1 RUC_Soft_Sec 2015-10-19 14:23:56 UTC

*** Bug 106211 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.