lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202601010413.sWadrQel-lkp@intel.com>
Date: Mon, 5 Jan 2026 15:09:32 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: oe-kbuild@...ts.linux.dev, Siva Reddy Kallam <siva.kallam@...adcom.com>
Cc: lkp@...el.com, oe-kbuild-all@...ts.linux.dev,
	linux-kernel@...r.kernel.org, Leon Romanovsky <leon@...nel.org>,
	Usman Ansari <usman.ansari@...adcom.com>
Subject: drivers/infiniband/hw/bng_re/bng_dev.c:113 bng_re_net_ring_free()
 warn: variable dereferenced before check 'rdev' (see line 107)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   c8ebd433459bcbf068682b09544e830acd7ed222
commit: 4f830cd8d7fe3e98fc12d25f347ed461e11fc1de RDMA/bng_re: Add infrastructure for enabling Firmware channel
config: s390-randconfig-r073-20251231 (https://download.01.org/0day-ci/archive/20260101/202601010413.sWadrQel-lkp@intel.com/config)
compiler: clang version 22.0.0git (https://github.com/llvm/llvm-project 86b9f90b9574b3a7d15d28a91f6316459dcfa046)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
| Closes: https://lore.kernel.org/r/202601010413.sWadrQel-lkp@intel.com/

smatch warnings:
drivers/infiniband/hw/bng_re/bng_dev.c:113 bng_re_net_ring_free() warn: variable dereferenced before check 'rdev' (see line 107)
drivers/infiniband/hw/bng_re/bng_dev.c:270 bng_re_dev_init() warn: missing unwind goto?

vim +/rdev +113 drivers/infiniband/hw/bng_re/bng_dev.c

4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  104  static int bng_re_net_ring_free(struct bng_re_dev *rdev,
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  105  				u16 fw_ring_id, int type)
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  106  {
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17 @107  	struct bnge_auxr_dev *aux_dev = rdev->aux_dev;
                                                                                        ^^^^^^^^^^^^^
Unchecked dereference.

4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  108  	struct hwrm_ring_free_input req = {};
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  109  	struct hwrm_ring_free_output resp;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  110  	struct bnge_fw_msg fw_msg = {};
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  111  	int rc = -EINVAL;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  112  
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17 @113  	if (!rdev)

Hopefully this NULL check can be deleted.

4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  114  		return rc;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  115  
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  116  	if (!aux_dev)
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  117  		return rc;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  118  
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  119  	bng_re_init_hwrm_hdr((void *)&req, HWRM_RING_FREE);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  120  	req.ring_type = type;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  121  	req.ring_id = cpu_to_le16(fw_ring_id);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  122  	bng_re_fill_fw_msg(&fw_msg, (void *)&req, sizeof(req), (void *)&resp,
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  123  			    sizeof(resp), BNGE_DFLT_HWRM_CMD_TIMEOUT);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  124  	rc = bnge_send_msg(aux_dev, &fw_msg);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  125  	if (rc)
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  126  		ibdev_err(&rdev->ibdev, "Failed to free HW ring:%d :%#x",
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  127  			  req.ring_id, rc);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  128  	return rc;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  129  }

[ snip ]

745065770c2dc9 Siva Reddy Kallam 2025-11-17  217  static int bng_re_dev_init(struct bng_re_dev *rdev)
745065770c2dc9 Siva Reddy Kallam 2025-11-17  218  {
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  219  	struct bng_re_ring_attr rattr = {};
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  220  	struct bng_re_creq_ctx *creq;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  221  	u32 db_offt;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  222  	int vid;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  223  	u8 type;
745065770c2dc9 Siva Reddy Kallam 2025-11-17  224  	int rc;
745065770c2dc9 Siva Reddy Kallam 2025-11-17  225  
745065770c2dc9 Siva Reddy Kallam 2025-11-17  226  	/* Registered a new RoCE device instance to netdev */
745065770c2dc9 Siva Reddy Kallam 2025-11-17  227  	rc = bng_re_register_netdev(rdev);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  228  	if (rc) {
745065770c2dc9 Siva Reddy Kallam 2025-11-17  229  		ibdev_err(&rdev->ibdev,
745065770c2dc9 Siva Reddy Kallam 2025-11-17  230  				"Failed to register with netedev: %#x\n", rc);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  231  		return -EINVAL;
745065770c2dc9 Siva Reddy Kallam 2025-11-17  232  	}
745065770c2dc9 Siva Reddy Kallam 2025-11-17  233  
745065770c2dc9 Siva Reddy Kallam 2025-11-17  234  	set_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  235  
745065770c2dc9 Siva Reddy Kallam 2025-11-17  236  	if (rdev->aux_dev->auxr_info->msix_requested < BNG_RE_MIN_MSIX) {
745065770c2dc9 Siva Reddy Kallam 2025-11-17  237  		ibdev_err(&rdev->ibdev,
745065770c2dc9 Siva Reddy Kallam 2025-11-17  238  			  "RoCE requires minimum 2 MSI-X vectors, but only %d reserved\n",
745065770c2dc9 Siva Reddy Kallam 2025-11-17  239  			  rdev->aux_dev->auxr_info->msix_requested);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  240  		bnge_unregister_dev(rdev->aux_dev);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  241  		clear_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  242  		return -EINVAL;
745065770c2dc9 Siva Reddy Kallam 2025-11-17  243  	}
745065770c2dc9 Siva Reddy Kallam 2025-11-17  244  	ibdev_dbg(&rdev->ibdev, "Got %d MSI-X vectors\n",
745065770c2dc9 Siva Reddy Kallam 2025-11-17  245  		  rdev->aux_dev->auxr_info->msix_requested);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  246  
745065770c2dc9 Siva Reddy Kallam 2025-11-17  247  	rc = bng_re_setup_chip_ctx(rdev);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  248  	if (rc) {
745065770c2dc9 Siva Reddy Kallam 2025-11-17  249  		bnge_unregister_dev(rdev->aux_dev);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  250  		clear_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  251  		ibdev_err(&rdev->ibdev, "Failed to get chip context\n");
745065770c2dc9 Siva Reddy Kallam 2025-11-17  252  		return -EINVAL;
745065770c2dc9 Siva Reddy Kallam 2025-11-17  253  	}
745065770c2dc9 Siva Reddy Kallam 2025-11-17  254  
745065770c2dc9 Siva Reddy Kallam 2025-11-17  255  	bng_re_query_hwrm_version(rdev);
745065770c2dc9 Siva Reddy Kallam 2025-11-17  256  
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  257  	rc = bng_re_alloc_fw_channel(&rdev->bng_res, &rdev->rcfw);
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  258  	if (rc) {
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  259  		ibdev_err(&rdev->ibdev,
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  260  			  "Failed to allocate RCFW Channel: %#x\n", rc);
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  261  		goto fail;

Why a goto here and not before or after?

745065770c2dc9 Siva Reddy Kallam 2025-11-17  262  	}
745065770c2dc9 Siva Reddy Kallam 2025-11-17  263  
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  264  	/* Allocate nq record memory */
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  265  	rdev->nqr = kzalloc(sizeof(*rdev->nqr), GFP_KERNEL);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  266  	if (!rdev->nqr) {
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  267  		bng_re_destroy_chip_ctx(rdev);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  268  		bnge_unregister_dev(rdev->aux_dev);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  269  		clear_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17 @270  		return -ENOMEM;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  271  	}
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  272  
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  273  	rdev->nqr->num_msix = rdev->aux_dev->auxr_info->msix_requested;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  274  	memcpy(rdev->nqr->msix_entries, rdev->aux_dev->msix_info,
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  275  	       sizeof(struct bnge_msix_info) * rdev->nqr->num_msix);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  276  
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  277  	type = RING_ALLOC_REQ_RING_TYPE_NQ;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  278  	creq = &rdev->rcfw.creq;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  279  	rattr.dma_arr = creq->hwq.pbl[BNG_PBL_LVL_0].pg_map_arr;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  280  	rattr.pages = creq->hwq.pbl[creq->hwq.level].pg_count;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  281  	rattr.type = type;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  282  	rattr.mode = RING_ALLOC_REQ_INT_MODE_MSIX;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  283  	rattr.depth = BNG_FW_CREQE_MAX_CNT - 1;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  284  	rattr.lrid = rdev->nqr->msix_entries[BNG_RE_CREQ_NQ_IDX].ring_idx;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  285  	rc = bng_re_net_ring_alloc(rdev, &rattr, &creq->ring_id);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  286  	if (rc) {
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  287  		ibdev_err(&rdev->ibdev, "Failed to allocate CREQ: %#x\n", rc);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  288  		goto free_rcfw;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  289  	}
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  290  	db_offt = rdev->nqr->msix_entries[BNG_RE_CREQ_NQ_IDX].db_offset;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  291  	vid = rdev->nqr->msix_entries[BNG_RE_CREQ_NQ_IDX].vector;
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  292  
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  293  	rc = bng_re_enable_fw_channel(&rdev->rcfw,
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  294  					vid, db_offt);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  295  	if (rc) {
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  296  		ibdev_err(&rdev->ibdev, "Failed to enable RCFW channel: %#x\n",
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  297  			  rc);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  298  		goto free_ring;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  299  	}
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  300  
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  301  	return 0;
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  302  free_ring:
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  303  	bng_re_net_ring_free(rdev, rdev->rcfw.creq.ring_id, type);
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  304  free_rcfw:
4f830cd8d7fe3e Siva Reddy Kallam 2025-11-17  305  	bng_re_free_rcfw_channel(&rdev->rcfw);
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  306  fail:
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  307  	bng_re_dev_uninit(rdev);
53310b698f3cf6 Siva Reddy Kallam 2025-11-17  308  	return rc;
745065770c2dc9 Siva Reddy Kallam 2025-11-17  309  }

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ