apei(4): Fix uninitialized stack access in error branch.

PR kern/58046
2024-03-28 13:40:08 +00:00 · 2024-03-28 13:40:08 +00:00 · b2480288dc
parent 5a795c59e3
commit b2480288dc
1 changed files with 12 additions and 11 deletions
--- a/sys/dev/acpi/apei_einj.c
+++ b/sys/dev/acpi/apei_einj.c
@ -1,4 +1,4 @@
-/*	$NetBSD: apei_einj.c,v 1.6 2024/03/26 22:01:03 rillig Exp $	*/
+/*	$NetBSD: apei_einj.c,v 1.7 2024/03/28 13:40:08 riastradh Exp $	*/

 /*-
 * Copyright (c) 2024 The NetBSD Foundation, Inc.
@ -44,7 +44,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: apei_einj.c,v 1.6 2024/03/26 22:01:03 rillig Exp $");
+__KERNEL_RCSID(0, "$NetBSD: apei_einj.c,v 1.7 2024/03/28 13:40:08 riastradh Exp $");

 #include <sys/types.h>

@ -515,6 +515,16 @@ apei_einj_trigger(struct apei_softc *sc, uint64_t x)
 	struct apei_einj_machine einj_machine, *const M = &einj_machine;
 	uint32_t i, nentries;

+	/*
+	 * Initialize the machine to execute the TRIGGER_ERROR action's
+	 * instructions.  Do this early to keep the error branches
+	 * simpler.
+	 */
+	memset(M, 0, sizeof(*M));
+	M->sc = sc;
+	M->x = x;		/* input */
+	M->y = 0;		/* output */
+
 	/*
 	 * Get the TRIGGER_ERROR action table's physical address.
 	 */
@ -587,15 +597,6 @@ apei_einj_trigger(struct apei_softc *sc, uint64_t x)
 	mapsize = tabsize;
 	teatab = AcpiOsMapMemory(teatab_pa, mapsize);

-	/*
-	 * Initialize the machine to execute the TRIGGER_ERROR action's
-	 * instructions.
-	 */
-	memset(M, 0, sizeof(*M));
-	M->sc = sc;
-	M->x = x;		/* input */
-	M->y = 0;		/* output */
-
 	/*
 	 * Now iterate over the EINJ-type entries and execute the
 	 * trigger error action instructions -- but skip if they're not