| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202601050123.5JEZ4Znh-lkp@intel.com>
Date: Mon, 5 Jan 2026 15:25:01 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: oe-kbuild@...ts.linux.dev,
Timothy Pearson <tpearson@...torengineering.com>
Cc: lkp@...el.com, oe-kbuild-all@...ts.linux.dev,
linux-kernel@...r.kernel.org,
Madhavan Srinivasan <maddy@...ux.ibm.com>,
Shawn Anastasio <sanastasio@...torengineering.com>,
Bjorn Helgaas <helgaas@...nel.org>
Subject: drivers/pci/hotplug/pnv_php.c:710 pnv_php_alloc_slot() warn: address
of NULL pointer 'php_slot->bus'
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 54e82e93ca93e49cb4c33988adec5c8cb9d0df31
commit: 4668619092554e1b95c9a5ac2941ca47ba6d548a PCI: pnv_php: Clean up allocated IRQs on unplug
config: powerpc64-randconfig-r071-20260104 (https://download.01.org/0day-ci/archive/20260105/202601050123.5JEZ4Znh-lkp@intel.com/config)
compiler: clang version 22.0.0git (https://github.com/llvm/llvm-project 9b8addffa70cee5b2acc5454712d9cf78ce45710)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
| Closes: https://lore.kernel.org/r/202601050123.5JEZ4Znh-lkp@intel.com/
smatch warnings:
drivers/pci/hotplug/pnv_php.c:710 pnv_php_alloc_slot() warn: address of NULL pointer 'php_slot->bus'
vim +710 drivers/pci/hotplug/pnv_php.c
66725152fb9f17b Gavin Shan 2016-05-20 678 static struct pnv_php_slot *pnv_php_alloc_slot(struct device_node *dn)
66725152fb9f17b Gavin Shan 2016-05-20 679 {
66725152fb9f17b Gavin Shan 2016-05-20 680 struct pnv_php_slot *php_slot;
66725152fb9f17b Gavin Shan 2016-05-20 681 struct pci_bus *bus;
66725152fb9f17b Gavin Shan 2016-05-20 682 const char *label;
66725152fb9f17b Gavin Shan 2016-05-20 683 uint64_t id;
39f0d6fbdc3f205 Gavin Shan 2016-09-29 684 int ret;
66725152fb9f17b Gavin Shan 2016-05-20 685
39f0d6fbdc3f205 Gavin Shan 2016-09-29 686 ret = of_property_read_string(dn, "ibm,slot-label", &label);
39f0d6fbdc3f205 Gavin Shan 2016-09-29 687 if (ret)
66725152fb9f17b Gavin Shan 2016-05-20 688 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 689
66725152fb9f17b Gavin Shan 2016-05-20 690 if (pnv_pci_get_slot_id(dn, &id))
66725152fb9f17b Gavin Shan 2016-05-20 691 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 692
66725152fb9f17b Gavin Shan 2016-05-20 693 bus = pci_find_bus_by_node(dn);
149ba66a90a3b3c Gavin Shan 2016-09-28 694 if (!bus)
66725152fb9f17b Gavin Shan 2016-05-20 695 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 696
66725152fb9f17b Gavin Shan 2016-05-20 697 php_slot = kzalloc(sizeof(*php_slot), GFP_KERNEL);
149ba66a90a3b3c Gavin Shan 2016-09-28 698 if (!php_slot)
66725152fb9f17b Gavin Shan 2016-05-20 699 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 700
66725152fb9f17b Gavin Shan 2016-05-20 701 php_slot->name = kstrdup(label, GFP_KERNEL);
149ba66a90a3b3c Gavin Shan 2016-09-28 702 if (!php_slot->name) {
66725152fb9f17b Gavin Shan 2016-05-20 703 kfree(php_slot);
66725152fb9f17b Gavin Shan 2016-05-20 704 return NULL;
66725152fb9f17b Gavin Shan 2016-05-20 705 }
66725152fb9f17b Gavin Shan 2016-05-20 706
4668619092554e1 Timothy Pearson 2025-07-15 707 /* Allocate workqueue for this slot's interrupt handling */
4668619092554e1 Timothy Pearson 2025-07-15 708 php_slot->wq = alloc_workqueue("pciehp-%s", 0, 0, php_slot->name);
4668619092554e1 Timothy Pearson 2025-07-15 709 if (!php_slot->wq) {
4668619092554e1 Timothy Pearson 2025-07-15 @710 SLOT_WARN(php_slot, "Cannot alloc workqueue\n");
The SLOT_WARN() macro looks like:
#define SLOT_WARN(sl, x...) \
((sl)->pdev ? pci_warn((sl)->pdev, x) : dev_warn(&(sl)->bus->dev, x))
Neither ->pdev nor ->bus are set so it will crash.
4668619092554e1 Timothy Pearson 2025-07-15 711 kfree(php_slot->name);
4668619092554e1 Timothy Pearson 2025-07-15 712 kfree(php_slot);
4668619092554e1 Timothy Pearson 2025-07-15 713 return NULL;
4668619092554e1 Timothy Pearson 2025-07-15 714 }
4668619092554e1 Timothy Pearson 2025-07-15 715
149ba66a90a3b3c Gavin Shan 2016-09-28 716 if (dn->child && PCI_DN(dn->child))
66725152fb9f17b Gavin Shan 2016-05-20 717 php_slot->slot_no = PCI_SLOT(PCI_DN(dn->child)->devfn);
66725152fb9f17b Gavin Shan 2016-05-20 718 else
66725152fb9f17b Gavin Shan 2016-05-20 719 php_slot->slot_no = -1; /* Placeholder slot */
66725152fb9f17b Gavin Shan 2016-05-20 720
66725152fb9f17b Gavin Shan 2016-05-20 721 kref_init(&php_slot->kref);
66725152fb9f17b Gavin Shan 2016-05-20 722 php_slot->state = PNV_PHP_STATE_INITIALIZED;
66725152fb9f17b Gavin Shan 2016-05-20 723 php_slot->dn = dn;
66725152fb9f17b Gavin Shan 2016-05-20 724 php_slot->pdev = bus->self;
66725152fb9f17b Gavin Shan 2016-05-20 725 php_slot->bus = bus;
66725152fb9f17b Gavin Shan 2016-05-20 726 php_slot->id = id;
66725152fb9f17b Gavin Shan 2016-05-20 727 php_slot->power_state_check = false;
66725152fb9f17b Gavin Shan 2016-05-20 728 php_slot->slot.ops = &php_slot_ops;
66725152fb9f17b Gavin Shan 2016-05-20 729
66725152fb9f17b Gavin Shan 2016-05-20 730 INIT_LIST_HEAD(&php_slot->children);
66725152fb9f17b Gavin Shan 2016-05-20 731 INIT_LIST_HEAD(&php_slot->link);
66725152fb9f17b Gavin Shan 2016-05-20 732
66725152fb9f17b Gavin Shan 2016-05-20 733 return php_slot;
66725152fb9f17b Gavin Shan 2016-05-20 734 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists