[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202205221009.XjbSXonE-lkp@intel.com>
Date: Mon, 23 May 2022 16:20:53 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: kbuild@...ts.01.org, Sunil Goutham <sgoutham@...vell.com>
Cc: lkp@...el.com, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org,
Subbaraya Sundeep <sbhatta@...vell.com>
Subject: drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:4360
rvu_mbox_handler_nix_bandprof_free() error: testing array offset 'idx' after
use.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: eaea45fc0e7b6ae439526b4a41d91230c8517336
commit: e8e095b3b37004a4048af69de60c9af2d2268a1d octeontx2-af: cn10k: Bandwidth profiles config support
config: s390-randconfig-m031-20220522 (https://download.01.org/0day-ci/archive/20220522/202205221009.XjbSXonE-lkp@intel.com/config)
compiler: s390-linux-gcc (GCC) 11.3.0
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
smatch warnings:
drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c:4360 rvu_mbox_handler_nix_bandprof_free() error: testing array offset 'idx' after use.
vim +/idx +4360 drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c
e8e095b3b37004 Sunil Goutham 2021-06-15 4318 int rvu_mbox_handler_nix_bandprof_free(struct rvu *rvu,
e8e095b3b37004 Sunil Goutham 2021-06-15 4319 struct nix_bandprof_free_req *req,
e8e095b3b37004 Sunil Goutham 2021-06-15 4320 struct msg_rsp *rsp)
e8e095b3b37004 Sunil Goutham 2021-06-15 4321 {
e8e095b3b37004 Sunil Goutham 2021-06-15 4322 int blkaddr, layer, prof_idx, idx, err;
e8e095b3b37004 Sunil Goutham 2021-06-15 4323 u16 pcifunc = req->hdr.pcifunc;
e8e095b3b37004 Sunil Goutham 2021-06-15 4324 struct nix_ipolicer *ipolicer;
e8e095b3b37004 Sunil Goutham 2021-06-15 4325 struct nix_hw *nix_hw;
e8e095b3b37004 Sunil Goutham 2021-06-15 4326
e8e095b3b37004 Sunil Goutham 2021-06-15 4327 if (req->free_all)
e8e095b3b37004 Sunil Goutham 2021-06-15 4328 return nix_free_all_bandprof(rvu, pcifunc);
e8e095b3b37004 Sunil Goutham 2021-06-15 4329
e8e095b3b37004 Sunil Goutham 2021-06-15 4330 if (!rvu->hw->cap.ipolicer)
e8e095b3b37004 Sunil Goutham 2021-06-15 4331 return NIX_AF_ERR_IPOLICER_NOTSUPP;
e8e095b3b37004 Sunil Goutham 2021-06-15 4332
e8e095b3b37004 Sunil Goutham 2021-06-15 4333 err = nix_get_struct_ptrs(rvu, pcifunc, &nix_hw, &blkaddr);
e8e095b3b37004 Sunil Goutham 2021-06-15 4334 if (err)
e8e095b3b37004 Sunil Goutham 2021-06-15 4335 return err;
e8e095b3b37004 Sunil Goutham 2021-06-15 4336
e8e095b3b37004 Sunil Goutham 2021-06-15 4337 mutex_lock(&rvu->rsrc_lock);
e8e095b3b37004 Sunil Goutham 2021-06-15 4338 /* Free the requested profile indices */
e8e095b3b37004 Sunil Goutham 2021-06-15 4339 for (layer = 0; layer < BAND_PROF_NUM_LAYERS; layer++) {
e8e095b3b37004 Sunil Goutham 2021-06-15 4340 if (layer == BAND_PROF_INVAL_LAYER)
e8e095b3b37004 Sunil Goutham 2021-06-15 4341 continue;
e8e095b3b37004 Sunil Goutham 2021-06-15 4342 if (!req->prof_count[layer])
e8e095b3b37004 Sunil Goutham 2021-06-15 4343 continue;
e8e095b3b37004 Sunil Goutham 2021-06-15 4344
e8e095b3b37004 Sunil Goutham 2021-06-15 4345 ipolicer = &nix_hw->ipolicer[layer];
e8e095b3b37004 Sunil Goutham 2021-06-15 4346 for (idx = 0; idx < req->prof_count[layer]; idx++) {
e8e095b3b37004 Sunil Goutham 2021-06-15 4347 prof_idx = req->prof_idx[layer][idx];
"idx" is used here
e8e095b3b37004 Sunil Goutham 2021-06-15 4348 if (prof_idx >= ipolicer->band_prof.max ||
e8e095b3b37004 Sunil Goutham 2021-06-15 4349 ipolicer->pfvf_map[prof_idx] != pcifunc)
e8e095b3b37004 Sunil Goutham 2021-06-15 4350 continue;
e8e095b3b37004 Sunil Goutham 2021-06-15 4351
e8e095b3b37004 Sunil Goutham 2021-06-15 4352 /* Clear ratelimit aggregation, if any */
e8e095b3b37004 Sunil Goutham 2021-06-15 4353 if (layer == BAND_PROF_LEAF_LAYER &&
e8e095b3b37004 Sunil Goutham 2021-06-15 4354 ipolicer->match_id[prof_idx])
e8e095b3b37004 Sunil Goutham 2021-06-15 4355 nix_clear_ratelimit_aggr(rvu, nix_hw, prof_idx);
e8e095b3b37004 Sunil Goutham 2021-06-15 4356
e8e095b3b37004 Sunil Goutham 2021-06-15 4357 ipolicer->pfvf_map[prof_idx] = 0x00;
e8e095b3b37004 Sunil Goutham 2021-06-15 4358 ipolicer->match_id[prof_idx] = 0;
e8e095b3b37004 Sunil Goutham 2021-06-15 4359 rvu_free_rsrc(&ipolicer->band_prof, prof_idx);
e8e095b3b37004 Sunil Goutham 2021-06-15 @4360 if (idx == MAX_BANDPROF_PER_PFFUNC)
So if it's == MAX_BANDPROF_PER_PFFUNC then we are already one element
beyond the end of the array.
e8e095b3b37004 Sunil Goutham 2021-06-15 4361 break;
e8e095b3b37004 Sunil Goutham 2021-06-15 4362 }
e8e095b3b37004 Sunil Goutham 2021-06-15 4363 }
e8e095b3b37004 Sunil Goutham 2021-06-15 4364 mutex_unlock(&rvu->rsrc_lock);
e8e095b3b37004 Sunil Goutham 2021-06-15 4365 return 0;
e8e095b3b37004 Sunil Goutham 2021-06-15 4366 }
--
0-DAY CI Kernel Test Service
https://01.org/lkp
Powered by blists - more mailing lists