| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c2ff81f3-5de6-4498-b157-909d89e74fcb@stanley.mountain>
Date: Mon, 21 Oct 2024 10:42:34 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: oe-kbuild@...ts.linux.dev, Selvin Xavier <selvin.xavier@...adcom.com>
Cc: lkp@...el.com, oe-kbuild-all@...ts.linux.dev,
linux-kernel@...r.kernel.org, Leon Romanovsky <leon@...nel.org>,
Damodharam Ammepalli <damodharam.ammepalli@...adcom.com>
Subject: drivers/infiniband/hw/bnxt_re/qplib_fp.c:1090 bnxt_qplib_create_qp()
error: we previously assumed 'res->dattr' could be null (see line 985)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 715ca9dd687f89ddaac8ec8ccb3b5e5a30311a99
commit: 07f830ae4913d0b986c8c0ff88a7d597948b9bd8 RDMA/bnxt_re: Adds MSN table capability for Gen P7 adapters
config: x86_64-randconfig-161-20241020 (https://download.01.org/0day-ci/archive/20241020/202410202140.TMNDJ4l1-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
| Closes: https://lore.kernel.org/r/202410202140.TMNDJ4l1-lkp@intel.com/
New smatch warnings:
drivers/infiniband/hw/bnxt_re/qplib_fp.c:1090 bnxt_qplib_create_qp() error: we previously assumed 'res->dattr' could be null (see line 985)
vim +1090 drivers/infiniband/hw/bnxt_re/qplib_fp.c
1ac5a404797523 Selvin Xavier 2017-02-10 967 int bnxt_qplib_create_qp(struct bnxt_qplib_res *res, struct bnxt_qplib_qp *qp)
1ac5a404797523 Selvin Xavier 2017-02-10 968 {
1ac5a404797523 Selvin Xavier 2017-02-10 969 struct bnxt_qplib_rcfw *rcfw = res->rcfw;
0c4dcd60281750 Devesh Sharma 2020-02-15 970 struct bnxt_qplib_hwq_attr hwq_attr = {};
0c4dcd60281750 Devesh Sharma 2020-02-15 971 struct bnxt_qplib_sg_info sginfo = {};
ff015bcd213b5d Selvin Xavier 2023-03-30 972 struct creq_create_qp_resp resp = {};
ff015bcd213b5d Selvin Xavier 2023-03-30 973 struct bnxt_qplib_cmdqmsg msg = {};
1ac5a404797523 Selvin Xavier 2017-02-10 974 struct bnxt_qplib_q *sq = &qp->sq;
1ac5a404797523 Selvin Xavier 2017-02-10 975 struct bnxt_qplib_q *rq = &qp->rq;
ff015bcd213b5d Selvin Xavier 2023-03-30 976 struct cmdq_create_qp req = {};
fddcbbb02af42a Devesh Sharma 2020-04-02 977 int rc, req_size, psn_sz = 0;
1ac5a404797523 Selvin Xavier 2017-02-10 978 struct bnxt_qplib_hwq *xrrq;
c50866e2853a03 Devesh Sharma 2019-02-22 979 struct bnxt_qplib_pbl *pbl;
c50866e2853a03 Devesh Sharma 2019-02-22 980 u32 qp_flags = 0;
99bf84e24eb83d Devesh Sharma 2020-04-02 981 u8 pg_sz_lvl;
84cf229f4001c1 Selvin Xavier 2020-08-24 982 u32 tbl_indx;
159fb4ceacd79b Devesh Sharma 2020-07-15 983 u16 nsge;
1ac5a404797523 Selvin Xavier 2017-02-10 984
07f830ae4913d0 Selvin Xavier 2023-12-07 @985 if (res->dattr)
^^^^^^^^^^
Can res->dattr be NULL?
07f830ae4913d0 Selvin Xavier 2023-12-07 986 qp->dev_cap_flags = res->dattr->dev_cap_flags;
07f830ae4913d0 Selvin Xavier 2023-12-07 987
3a4304d8269501 Chandramohan Akula 2023-10-23 988 sq->dbinfo.flags = 0;
e576adf583b525 Selvin Xavier 2023-03-30 989 bnxt_qplib_rcfw_cmd_prep((struct cmdq_base *)&req,
e576adf583b525 Selvin Xavier 2023-03-30 990 CMDQ_BASE_OPCODE_CREATE_QP,
e576adf583b525 Selvin Xavier 2023-03-30 991 sizeof(req));
1ac5a404797523 Selvin Xavier 2017-02-10 992
1ac5a404797523 Selvin Xavier 2017-02-10 993 /* General */
1ac5a404797523 Selvin Xavier 2017-02-10 994 req.type = qp->type;
1ac5a404797523 Selvin Xavier 2017-02-10 995 req.dpi = cpu_to_le32(qp->dpi->dpi);
1ac5a404797523 Selvin Xavier 2017-02-10 996 req.qp_handle = cpu_to_le64(qp->qp_handle);
1ac5a404797523 Selvin Xavier 2017-02-10 997
1ac5a404797523 Selvin Xavier 2017-02-10 998 /* SQ */
37f91cff2de017 Devesh Sharma 2019-02-07 999 if (qp->type == CMDQ_CREATE_QP_TYPE_RC) {
1801d87b3598b1 Selvin Xavier 2023-12-07 1000 psn_sz = bnxt_qplib_is_chip_gen_p5_p7(res->cctx) ?
37f91cff2de017 Devesh Sharma 2019-02-07 1001 sizeof(struct sq_psn_search_ext) :
37f91cff2de017 Devesh Sharma 2019-02-07 1002 sizeof(struct sq_psn_search);
07f830ae4913d0 Selvin Xavier 2023-12-07 1003
07f830ae4913d0 Selvin Xavier 2023-12-07 1004 if (BNXT_RE_HW_RETX(qp->dev_cap_flags)) {
07f830ae4913d0 Selvin Xavier 2023-12-07 1005 psn_sz = sizeof(struct sq_msn_search);
07f830ae4913d0 Selvin Xavier 2023-12-07 1006 qp->msn = 0;
07f830ae4913d0 Selvin Xavier 2023-12-07 1007 }
37f91cff2de017 Devesh Sharma 2019-02-07 1008 }
0c4dcd60281750 Devesh Sharma 2020-02-15 1009
0c4dcd60281750 Devesh Sharma 2020-02-15 1010 hwq_attr.res = res;
0c4dcd60281750 Devesh Sharma 2020-02-15 1011 hwq_attr.sginfo = &sq->sg_info;
2bb3c32c5c5fe9 Devesh Sharma 2020-07-15 1012 hwq_attr.stride = sizeof(struct sq_sge);
2bb3c32c5c5fe9 Devesh Sharma 2020-07-15 1013 hwq_attr.depth = bnxt_qplib_get_depth(sq);
0c4dcd60281750 Devesh Sharma 2020-02-15 1014 hwq_attr.aux_stride = psn_sz;
2bb3c32c5c5fe9 Devesh Sharma 2020-07-15 1015 hwq_attr.aux_depth = bnxt_qplib_set_sq_size(sq, qp->wqe_mode);
07f830ae4913d0 Selvin Xavier 2023-12-07 1016 /* Update msn tbl size */
07f830ae4913d0 Selvin Xavier 2023-12-07 1017 if (BNXT_RE_HW_RETX(qp->dev_cap_flags) && psn_sz) {
07f830ae4913d0 Selvin Xavier 2023-12-07 1018 hwq_attr.aux_depth = roundup_pow_of_two(bnxt_qplib_set_sq_size(sq, qp->wqe_mode));
07f830ae4913d0 Selvin Xavier 2023-12-07 1019 qp->msn_tbl_sz = hwq_attr.aux_depth;
07f830ae4913d0 Selvin Xavier 2023-12-07 1020 qp->msn = 0;
07f830ae4913d0 Selvin Xavier 2023-12-07 1021 }
07f830ae4913d0 Selvin Xavier 2023-12-07 1022
0c4dcd60281750 Devesh Sharma 2020-02-15 1023 hwq_attr.type = HWQ_TYPE_QUEUE;
0c4dcd60281750 Devesh Sharma 2020-02-15 1024 rc = bnxt_qplib_alloc_init_hwq(&sq->hwq, &hwq_attr);
1ac5a404797523 Selvin Xavier 2017-02-10 1025 if (rc)
07d5ce14b2aa22 Kalesh AP 2023-05-18 1026 return rc;
1ac5a404797523 Selvin Xavier 2017-02-10 1027
159fb4ceacd79b Devesh Sharma 2020-07-15 1028 rc = bnxt_qplib_alloc_init_swq(sq);
159fb4ceacd79b Devesh Sharma 2020-07-15 1029 if (rc)
1ac5a404797523 Selvin Xavier 2017-02-10 1030 goto fail_sq;
fddcbbb02af42a Devesh Sharma 2020-04-02 1031
fddcbbb02af42a Devesh Sharma 2020-04-02 1032 if (psn_sz)
fddcbbb02af42a Devesh Sharma 2020-04-02 1033 bnxt_qplib_init_psn_ptr(qp, psn_sz);
fddcbbb02af42a Devesh Sharma 2020-04-02 1034
2bb3c32c5c5fe9 Devesh Sharma 2020-07-15 1035 req.sq_size = cpu_to_le32(bnxt_qplib_set_sq_size(sq, qp->wqe_mode));
1ac5a404797523 Selvin Xavier 2017-02-10 1036 pbl = &sq->hwq.pbl[PBL_LVL_0];
1ac5a404797523 Selvin Xavier 2017-02-10 1037 req.sq_pbl = cpu_to_le64(pbl->pg_map_arr[0]);
99bf84e24eb83d Devesh Sharma 2020-04-02 1038 pg_sz_lvl = (bnxt_qplib_base_pg_size(&sq->hwq) <<
99bf84e24eb83d Devesh Sharma 2020-04-02 1039 CMDQ_CREATE_QP_SQ_PG_SIZE_SFT);
99bf84e24eb83d Devesh Sharma 2020-04-02 1040 pg_sz_lvl |= (sq->hwq.level & CMDQ_CREATE_QP_SQ_LVL_MASK);
99bf84e24eb83d Devesh Sharma 2020-04-02 1041 req.sq_pg_size_sq_lvl = pg_sz_lvl;
159fb4ceacd79b Devesh Sharma 2020-07-15 1042 req.sq_fwo_sq_sge =
159fb4ceacd79b Devesh Sharma 2020-07-15 1043 cpu_to_le16(((sq->max_sge & CMDQ_CREATE_QP_SQ_SGE_MASK) <<
159fb4ceacd79b Devesh Sharma 2020-07-15 1044 CMDQ_CREATE_QP_SQ_SGE_SFT) | 0);
1ac5a404797523 Selvin Xavier 2017-02-10 1045 req.scq_cid = cpu_to_le32(qp->scq->id);
1ac5a404797523 Selvin Xavier 2017-02-10 1046
1ac5a404797523 Selvin Xavier 2017-02-10 1047 /* RQ */
159fb4ceacd79b Devesh Sharma 2020-07-15 1048 if (!qp->srq) {
3a4304d8269501 Chandramohan Akula 2023-10-23 1049 rq->dbinfo.flags = 0;
0c4dcd60281750 Devesh Sharma 2020-02-15 1050 hwq_attr.res = res;
0c4dcd60281750 Devesh Sharma 2020-02-15 1051 hwq_attr.sginfo = &rq->sg_info;
2bb3c32c5c5fe9 Devesh Sharma 2020-07-15 1052 hwq_attr.stride = sizeof(struct sq_sge);
2bb3c32c5c5fe9 Devesh Sharma 2020-07-15 1053 hwq_attr.depth = bnxt_qplib_get_depth(rq);
0c4dcd60281750 Devesh Sharma 2020-02-15 1054 hwq_attr.aux_stride = 0;
0c4dcd60281750 Devesh Sharma 2020-02-15 1055 hwq_attr.aux_depth = 0;
0c4dcd60281750 Devesh Sharma 2020-02-15 1056 hwq_attr.type = HWQ_TYPE_QUEUE;
0c4dcd60281750 Devesh Sharma 2020-02-15 1057 rc = bnxt_qplib_alloc_init_hwq(&rq->hwq, &hwq_attr);
1ac5a404797523 Selvin Xavier 2017-02-10 1058 if (rc)
159fb4ceacd79b Devesh Sharma 2020-07-15 1059 goto sq_swq;
159fb4ceacd79b Devesh Sharma 2020-07-15 1060 rc = bnxt_qplib_alloc_init_swq(rq);
159fb4ceacd79b Devesh Sharma 2020-07-15 1061 if (rc)
1ac5a404797523 Selvin Xavier 2017-02-10 1062 goto fail_rq;
159fb4ceacd79b Devesh Sharma 2020-07-15 1063
159fb4ceacd79b Devesh Sharma 2020-07-15 1064 req.rq_size = cpu_to_le32(rq->max_wqe);
1ac5a404797523 Selvin Xavier 2017-02-10 1065 pbl = &rq->hwq.pbl[PBL_LVL_0];
1ac5a404797523 Selvin Xavier 2017-02-10 1066 req.rq_pbl = cpu_to_le64(pbl->pg_map_arr[0]);
99bf84e24eb83d Devesh Sharma 2020-04-02 1067 pg_sz_lvl = (bnxt_qplib_base_pg_size(&rq->hwq) <<
99bf84e24eb83d Devesh Sharma 2020-04-02 1068 CMDQ_CREATE_QP_RQ_PG_SIZE_SFT);
99bf84e24eb83d Devesh Sharma 2020-04-02 1069 pg_sz_lvl |= (rq->hwq.level & CMDQ_CREATE_QP_RQ_LVL_MASK);
99bf84e24eb83d Devesh Sharma 2020-04-02 1070 req.rq_pg_size_rq_lvl = pg_sz_lvl;
159fb4ceacd79b Devesh Sharma 2020-07-15 1071 nsge = (qp->wqe_mode == BNXT_QPLIB_WQE_MODE_STATIC) ?
159fb4ceacd79b Devesh Sharma 2020-07-15 1072 6 : rq->max_sge;
159fb4ceacd79b Devesh Sharma 2020-07-15 1073 req.rq_fwo_rq_sge =
159fb4ceacd79b Devesh Sharma 2020-07-15 1074 cpu_to_le16(((nsge &
159fb4ceacd79b Devesh Sharma 2020-07-15 1075 CMDQ_CREATE_QP_RQ_SGE_MASK) <<
159fb4ceacd79b Devesh Sharma 2020-07-15 1076 CMDQ_CREATE_QP_RQ_SGE_SFT) | 0);
37cb11acf1f72a Devesh Sharma 2018-01-11 1077 } else {
37cb11acf1f72a Devesh Sharma 2018-01-11 1078 /* SRQ */
37cb11acf1f72a Devesh Sharma 2018-01-11 1079 qp_flags |= CMDQ_CREATE_QP_QP_FLAGS_SRQ_USED;
37cb11acf1f72a Devesh Sharma 2018-01-11 1080 req.srq_cid = cpu_to_le32(qp->srq->id);
37cb11acf1f72a Devesh Sharma 2018-01-11 1081 }
1ac5a404797523 Selvin Xavier 2017-02-10 1082 req.rcq_cid = cpu_to_le32(qp->rcq->id);
99bf84e24eb83d Devesh Sharma 2020-04-02 1083
99bf84e24eb83d Devesh Sharma 2020-04-02 1084 qp_flags |= CMDQ_CREATE_QP_QP_FLAGS_RESERVED_LKEY_ENABLE;
99bf84e24eb83d Devesh Sharma 2020-04-02 1085 qp_flags |= CMDQ_CREATE_QP_QP_FLAGS_FR_PMR_ENABLED;
99bf84e24eb83d Devesh Sharma 2020-04-02 1086 if (qp->sig_type)
99bf84e24eb83d Devesh Sharma 2020-04-02 1087 qp_flags |= CMDQ_CREATE_QP_QP_FLAGS_FORCE_COMPLETION;
2bb3c32c5c5fe9 Devesh Sharma 2020-07-15 1088 if (qp->wqe_mode == BNXT_QPLIB_WQE_MODE_VARIABLE)
2bb3c32c5c5fe9 Devesh Sharma 2020-07-15 1089 qp_flags |= CMDQ_CREATE_QP_QP_FLAGS_VARIABLE_SIZED_WQE_ENABLED;
9a381f7e5aa299 Selvin Xavier 2021-09-15 @1090 if (_is_ext_stats_supported(res->dattr->dev_cap_flags) && !res->is_vf)
^^^^^^^^^^^^
Unchecked dereference
9a381f7e5aa299 Selvin Xavier 2021-09-15 1091 qp_flags |= CMDQ_CREATE_QP_QP_FLAGS_EXT_STATS_ENABLED;
9a381f7e5aa299 Selvin Xavier 2021-09-15 1092
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists