lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9877974d-3943-42e6-b89b-cd2704cdf20d@suswa.mountain>
Date:   Thu, 7 Dec 2023 08:36:29 +0300
From:   Dan Carpenter <dan.carpenter@...aro.org>
To:     oe-kbuild@...ts.linux.dev, Daniel Wagner <dwagner@...e.de>,
        linux-nvme@...ts.infradead.org
Cc:     lkp@...el.com, oe-kbuild-all@...ts.linux.dev,
        linux-kernel@...r.kernel.org, Keith Busch <kbusch@...nel.org>,
        Christoph Hellwig <hch@....de>,
        Sagi Grimberg <sagi@...mberg.me>,
        Hannes Reinecke <hare@...e.de>, Daniel Wagner <dwagner@...e.de>
Subject: Re: [PATCH v3 3/4] nvme: move ns id info to struct nvme_ns_head

Hi Daniel,

kernel test robot noticed the following build warnings:

https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Daniel-Wagner/nvme-lookup-ctrl-from-request-instead-from-namespace/20231206-161455
base:   v6.7-rc4
patch link:    https://lore.kernel.org/r/20231206081244.32733-4-dwagner%40suse.de
patch subject: [PATCH v3 3/4] nvme: move ns id info to struct nvme_ns_head
config: i386-randconfig-141-20231207 (https://download.01.org/0day-ci/archive/20231207/202312071105.jkXzp8v9-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-12) 11.3.0
reproduce: (https://download.01.org/0day-ci/archive/20231207/202312071105.jkXzp8v9-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
| Closes: https://lore.kernel.org/r/202312071105.jkXzp8v9-lkp@intel.com/

smatch warnings:
drivers/nvme/target/passthru.c:354 nvmet_passthru_execute_cmd() warn: variable dereferenced before check 'ns' (see line 342)

vim +/ns +354 drivers/nvme/target/passthru.c

c1fef73f793b7f Logan Gunthorpe    2020-07-24  292  static void nvmet_passthru_execute_cmd(struct nvmet_req *req)
c1fef73f793b7f Logan Gunthorpe    2020-07-24  293  {
ab7a2737ac5acd Christoph Hellwig  2021-08-27  294  	struct nvme_ctrl *ctrl = nvmet_req_subsys(req)->passthru_ctrl;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  295  	struct request_queue *q = ctrl->admin_q;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  296  	struct nvme_ns *ns = NULL;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  297  	struct request *rq = NULL;
47e9730c26a4a5 Chaitanya Kulkarni 2020-11-09  298  	unsigned int timeout;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  299  	u32 effects;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  300  	u16 status;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  301  	int ret;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  302  
c1fef73f793b7f Logan Gunthorpe    2020-07-24  303  	if (likely(req->sq->qid != 0)) {
c1fef73f793b7f Logan Gunthorpe    2020-07-24  304  		u32 nsid = le32_to_cpu(req->cmd->common.nsid);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  305  
c1fef73f793b7f Logan Gunthorpe    2020-07-24  306  		ns = nvme_find_get_ns(ctrl, nsid);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  307  		if (unlikely(!ns)) {
c1fef73f793b7f Logan Gunthorpe    2020-07-24  308  			pr_err("failed to get passthru ns nsid:%u\n", nsid);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  309  			status = NVME_SC_INVALID_NS | NVME_SC_DNR;
4db69a3d7cfe31 Chaitanya Kulkarni 2020-08-06  310  			goto out;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  311  		}
c1fef73f793b7f Logan Gunthorpe    2020-07-24  312  
c1fef73f793b7f Logan Gunthorpe    2020-07-24  313  		q = ns->queue;
20c2c3bb83f26c Chaitanya Kulkarni 2021-02-09  314  		timeout = nvmet_req_subsys(req)->io_timeout;
a2f6a2b8ce43db Chaitanya Kulkarni 2020-11-09  315  	} else {
20c2c3bb83f26c Chaitanya Kulkarni 2021-02-09  316  		timeout = nvmet_req_subsys(req)->admin_timeout;

ns is NULL here

c1fef73f793b7f Logan Gunthorpe    2020-07-24  317  	}
c1fef73f793b7f Logan Gunthorpe    2020-07-24  318  
e559398f47e090 Christoph Hellwig  2022-03-15  319  	rq = blk_mq_alloc_request(q, nvme_req_op(req->cmd), 0);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  320  	if (IS_ERR(rq)) {
c1fef73f793b7f Logan Gunthorpe    2020-07-24  321  		status = NVME_SC_INTERNAL;
4db69a3d7cfe31 Chaitanya Kulkarni 2020-08-06  322  		goto out_put_ns;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  323  	}
e559398f47e090 Christoph Hellwig  2022-03-15  324  	nvme_init_request(rq, req->cmd);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  325  
a2f6a2b8ce43db Chaitanya Kulkarni 2020-11-09  326  	if (timeout)
a2f6a2b8ce43db Chaitanya Kulkarni 2020-11-09  327  		rq->timeout = timeout;
a2f6a2b8ce43db Chaitanya Kulkarni 2020-11-09  328  
c1fef73f793b7f Logan Gunthorpe    2020-07-24  329  	if (req->sg_cnt) {
c1fef73f793b7f Logan Gunthorpe    2020-07-24  330  		ret = nvmet_passthru_map_sg(req, rq);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  331  		if (unlikely(ret)) {
c1fef73f793b7f Logan Gunthorpe    2020-07-24  332  			status = NVME_SC_INTERNAL;
a2138fd49467d0 Chaitanya Kulkarni 2020-08-06  333  			goto out_put_req;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  334  		}
c1fef73f793b7f Logan Gunthorpe    2020-07-24  335  	}
c1fef73f793b7f Logan Gunthorpe    2020-07-24  336  
c1fef73f793b7f Logan Gunthorpe    2020-07-24  337  	/*
2a459f6933e1c4 Christoph Hellwig  2022-12-21  338  	 * If a command needs post-execution fixups, or there are any
2a459f6933e1c4 Christoph Hellwig  2022-12-21  339  	 * non-trivial effects, make sure to execute the command synchronously
2a459f6933e1c4 Christoph Hellwig  2022-12-21  340  	 * in a workqueue so that nvme_passthru_end gets called.
c1fef73f793b7f Logan Gunthorpe    2020-07-24  341  	 */
a754bb00c0d393 Daniel Wagner      2023-12-06 @342  	effects = nvme_command_effects(ctrl, ns->head, req->cmd->common.opcode);
                                                                                             ^^^^^^^^
Unchecked dereference

2a459f6933e1c4 Christoph Hellwig  2022-12-21  343  	if (req->p.use_workqueue ||
2a459f6933e1c4 Christoph Hellwig  2022-12-21  344  	    (effects & ~(NVME_CMD_EFFECTS_CSUPP | NVME_CMD_EFFECTS_LBCC))) {
c1fef73f793b7f Logan Gunthorpe    2020-07-24  345  		INIT_WORK(&req->p.work, nvmet_passthru_execute_cmd_work);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  346  		req->p.rq = rq;
8832cf922151e9 Sagi Grimberg      2022-03-21  347  		queue_work(nvmet_wq, &req->p.work);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  348  	} else {
e2e530867245d0 Christoph Hellwig  2022-05-24  349  		rq->end_io = nvmet_passthru_req_done;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  350  		rq->end_io_data = req;
e2e530867245d0 Christoph Hellwig  2022-05-24  351  		blk_execute_rq_nowait(rq, false);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  352  	}
c1fef73f793b7f Logan Gunthorpe    2020-07-24  353  
c1fef73f793b7f Logan Gunthorpe    2020-07-24 @354  	if (ns)

The rest of the code checks

c1fef73f793b7f Logan Gunthorpe    2020-07-24  355  		nvme_put_ns(ns);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  356  
c1fef73f793b7f Logan Gunthorpe    2020-07-24  357  	return;
c1fef73f793b7f Logan Gunthorpe    2020-07-24  358  
a2138fd49467d0 Chaitanya Kulkarni 2020-08-06  359  out_put_req:
7ee51cf60a90c2 Chaitanya Kulkarni 2020-08-06  360  	blk_mq_free_request(rq);
4db69a3d7cfe31 Chaitanya Kulkarni 2020-08-06  361  out_put_ns:
c1fef73f793b7f Logan Gunthorpe    2020-07-24  362  	if (ns)
c1fef73f793b7f Logan Gunthorpe    2020-07-24  363  		nvme_put_ns(ns);
4db69a3d7cfe31 Chaitanya Kulkarni 2020-08-06  364  out:
c1fef73f793b7f Logan Gunthorpe    2020-07-24  365  	nvmet_req_complete(req, status);
c1fef73f793b7f Logan Gunthorpe    2020-07-24  366  }

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ