Hi Nitin,
On Fri, Jul 18, 2025 at 04:20:51PM +0530, Nitin Gote wrote:
> The current iosys_map_clear() implementation reads the potentially
> uninitialized 'is_iomem' boolean field to decide which union member
> to clear. This causes undefined behavior when called on uninitialized
> structures, as 'is_iomem' may contain garbage values like 0xFF.
>
> UBSAN detects this as:
> UBSAN: invalid-load in include/linux/iosys-map.h:267
> load of value 255 is not a valid value for type '_Bool'
>
> Fix by unconditionally clearing the entire structure with memset(),
> eliminating the need to read uninitialized data and ensuring all
> fields are set to known good values.
>
> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14639
> Fixes: 01fd30da0474 ("dma-buf: Add struct dma-buf-map for storing struct
> dma_buf.vaddr_ptr")
> Signed-off-by: Nitin Gote <nitin.r.g...@intel.com>
+Thomas and the dri-devel mailing list.
In any case, your patch makes sense to me:
Reviewed-by: Andi Shyti <andi.sh...@linux.intel.com>
Andi
> ---
> include/linux/iosys-map.h | 7 +------
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
> diff --git a/include/linux/iosys-map.h b/include/linux/iosys-map.h
> index 4696abfd311c..3e85afe794c0 100644
> --- a/include/linux/iosys-map.h
> +++ b/include/linux/iosys-map.h
> @@ -264,12 +264,7 @@ static inline bool iosys_map_is_set(const struct
> iosys_map *map)
> */
> static inline void iosys_map_clear(struct iosys_map *map)
> {
> - if (map->is_iomem) {
> - map->vaddr_iomem = NULL;
> - map->is_iomem = false;
> - } else {
> - map->vaddr = NULL;
> - }
> + memset(map, 0, sizeof(*map));
> }
>
> /**
> --
> 2.25.1
