* [bug report] rdma/siw: queue pair methods
@ 2019-07-26 8:10 Dan Carpenter
2019-07-27 11:03 ` Bernard Metzler
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2019-07-26 8:10 UTC (permalink / raw)
To: bmt; +Cc: linux-rdma
Hello Bernard Metzler,
The patch f29dd55b0236: "rdma/siw: queue pair methods" from Jun 20,
2019, leads to the following static checker warning:
drivers/infiniband/sw/siw/siw_qp.c:226 siw_qp_enable_crc()
warn: variable dereferenced before check 'siw_crypto_shash' (see line 223)
drivers/infiniband/sw/siw/siw_qp.c
219 static int siw_qp_enable_crc(struct siw_qp *qp)
220 {
221 struct siw_rx_stream *c_rx = &qp->rx_stream;
222 struct siw_iwarp_tx *c_tx = &qp->tx_ctx;
223 int size = crypto_shash_descsize(siw_crypto_shash) +
^^^^^^^^^^^^^^^^
Dereferenced inside function.
224 sizeof(struct shash_desc);
225
226 if (siw_crypto_shash == NULL)
^^^^^^^^^^^^^^^^^^^^^^^^
Checked too late.
227 return -ENOENT;
228
229 c_tx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
230 c_rx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
231 if (!c_tx->mpa_crc_hd || !c_rx->mpa_crc_hd) {
232 kfree(c_tx->mpa_crc_hd);
233 kfree(c_rx->mpa_crc_hd);
234 c_tx->mpa_crc_hd = NULL;
235 c_rx->mpa_crc_hd = NULL;
236 return -ENOMEM;
237 }
238 c_tx->mpa_crc_hd->tfm = siw_crypto_shash;
239 c_rx->mpa_crc_hd->tfm = siw_crypto_shash;
240
241 return 0;
242 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bug report] rdma/siw: queue pair methods
2019-07-26 8:10 [bug report] rdma/siw: queue pair methods Dan Carpenter
@ 2019-07-27 11:03 ` Bernard Metzler
2019-07-29 17:36 ` Doug Ledford
0 siblings, 1 reply; 3+ messages in thread
From: Bernard Metzler @ 2019-07-27 11:03 UTC (permalink / raw)
To: Dan Carpenter; +Cc: linux-rdma
-----"Dan Carpenter" <dan.carpenter@oracle.com> wrote: -----
>To: bmt@zurich.ibm.com
>From: "Dan Carpenter" <dan.carpenter@oracle.com>
>Date: 07/26/2019 10:11AM
>Cc: linux-rdma@vger.kernel.org
>Subject: [EXTERNAL] [bug report] rdma/siw: queue pair methods
>
>Hello Bernard Metzler,
>
>The patch f29dd55b0236: "rdma/siw: queue pair methods" from Jun 20,
>2019, leads to the following static checker warning:
>
> drivers/infiniband/sw/siw/siw_qp.c:226 siw_qp_enable_crc()
> warn: variable dereferenced before check 'siw_crypto_shash' (see
>line 223)
>
>drivers/infiniband/sw/siw/siw_qp.c
> 219 static int siw_qp_enable_crc(struct siw_qp *qp)
> 220 {
> 221 struct siw_rx_stream *c_rx = &qp->rx_stream;
> 222 struct siw_iwarp_tx *c_tx = &qp->tx_ctx;
> 223 int size = crypto_shash_descsize(siw_crypto_shash) +
> ^^^^^^^^^^^^^^^^
>Dereferenced inside function.
>
> 224 sizeof(struct shash_desc);
> 225
> 226 if (siw_crypto_shash == NULL)
> ^^^^^^^^^^^^^^^^^^^^^^^^
>Checked too late.
>
> 227 return -ENOENT;
> 228
> 229 c_tx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> 230 c_rx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> 231 if (!c_tx->mpa_crc_hd || !c_rx->mpa_crc_hd) {
> 232 kfree(c_tx->mpa_crc_hd);
> 233 kfree(c_rx->mpa_crc_hd);
> 234 c_tx->mpa_crc_hd = NULL;
> 235 c_rx->mpa_crc_hd = NULL;
> 236 return -ENOMEM;
> 237 }
> 238 c_tx->mpa_crc_hd->tfm = siw_crypto_shash;
> 239 c_rx->mpa_crc_hd->tfm = siw_crypto_shash;
> 240
> 241 return 0;
> 242 }
>
>regards,
>dan carpenter
>
>
Hi Dan,
many thanks for catching this one! The fix of course is simple:
From c13b5da99aea7766a61aabe33e9943618f4505cf Mon Sep 17 00:00:00 2001
From: Bernard Metzler <bmt@zurich.ibm.com>
Date: Sat, 27 Jul 2019 12:38:32 +0200
Subject: [PATCH] Do not dereference 'siw_crypto_shash' before checking
Signed-off-by: Bernard Metzler <bmt@zurich.ibm.com>
---
drivers/infiniband/sw/siw/siw_qp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/sw/siw/siw_qp.c b/drivers/infiniband/sw/siw/siw_qp.c
index 11383d9f95ef..e27bd5b35b96 100644
--- a/drivers/infiniband/sw/siw/siw_qp.c
+++ b/drivers/infiniband/sw/siw/siw_qp.c
@@ -220,12 +220,14 @@ static int siw_qp_enable_crc(struct siw_qp *qp)
{
struct siw_rx_stream *c_rx = &qp->rx_stream;
struct siw_iwarp_tx *c_tx = &qp->tx_ctx;
- int size = crypto_shash_descsize(siw_crypto_shash) +
- sizeof(struct shash_desc);
+ int size;
if (siw_crypto_shash == NULL)
return -ENOENT;
+ size = crypto_shash_descsize(siw_crypto_shash) +
+ sizeof(struct shash_desc);
+
c_tx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
c_rx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
if (!c_tx->mpa_crc_hd || !c_rx->mpa_crc_hd) {
--
2.17.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [bug report] rdma/siw: queue pair methods
2019-07-27 11:03 ` Bernard Metzler
@ 2019-07-29 17:36 ` Doug Ledford
0 siblings, 0 replies; 3+ messages in thread
From: Doug Ledford @ 2019-07-29 17:36 UTC (permalink / raw)
To: Bernard Metzler, Dan Carpenter; +Cc: linux-rdma
[-- Attachment #1: Type: text/plain, Size: 4172 bytes --]
On Sat, 2019-07-27 at 11:03 +0000, Bernard Metzler wrote:
> -----"Dan Carpenter" <dan.carpenter@oracle.com> wrote: -----
>
> > To: bmt@zurich.ibm.com
> > From: "Dan Carpenter" <dan.carpenter@oracle.com>
> > Date: 07/26/2019 10:11AM
> > Cc: linux-rdma@vger.kernel.org
> > Subject: [EXTERNAL] [bug report] rdma/siw: queue pair methods
> >
> > Hello Bernard Metzler,
> >
> > The patch f29dd55b0236: "rdma/siw: queue pair methods" from Jun 20,
> > 2019, leads to the following static checker warning:
> >
> > drivers/infiniband/sw/siw/siw_qp.c:226 siw_qp_enable_crc()
> > warn: variable dereferenced before check 'siw_crypto_shash' (see
> > line 223)
> >
> > drivers/infiniband/sw/siw/siw_qp.c
> > 219 static int siw_qp_enable_crc(struct siw_qp *qp)
> > 220 {
> > 221 struct siw_rx_stream *c_rx = &qp->rx_stream;
> > 222 struct siw_iwarp_tx *c_tx = &qp->tx_ctx;
> > 223 int size = crypto_shash_descsize(siw_crypto_shash) +
> > ^^^^^^^^^^^^^^^^
> > Dereferenced inside function.
> >
> > 224 sizeof(struct shash_desc);
> > 225
> > 226 if (siw_crypto_shash == NULL)
> > ^^^^^^^^^^^^^^^^^^^^^^^^
> > Checked too late.
> >
> > 227 return -ENOENT;
> > 228
> > 229 c_tx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> > 230 c_rx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> > 231 if (!c_tx->mpa_crc_hd || !c_rx->mpa_crc_hd) {
> > 232 kfree(c_tx->mpa_crc_hd);
> > 233 kfree(c_rx->mpa_crc_hd);
> > 234 c_tx->mpa_crc_hd = NULL;
> > 235 c_rx->mpa_crc_hd = NULL;
> > 236 return -ENOMEM;
> > 237 }
> > 238 c_tx->mpa_crc_hd->tfm = siw_crypto_shash;
> > 239 c_rx->mpa_crc_hd->tfm = siw_crypto_shash;
> > 240
> > 241 return 0;
> > 242 }
> >
> > regards,
> > dan carpenter
> >
> >
>
> Hi Dan,
> many thanks for catching this one! The fix of course is simple:
>
Hi Bernard,
This patch was ignored by patchworks for some reason. If I hadn't
noticed that it was here, but not in patchworks and also not applied
previously by Jason, it would have been missed entirely. I suspect it's
because the patch was embedded in a reply, but I'm not sure as that
normally seems to work. In any case, I might suggest next time you
reply to the bug report that you have a fix, and then use git send-email
to send the patch, just to be on the safe side in terms of things
getting lost.
With all that said, applied to for-rc along with some fix ups to the log
message (added Reported-by: and Fixes: tags).
> From c13b5da99aea7766a61aabe33e9943618f4505cf Mon Sep 17 00:00:00 2001
> From: Bernard Metzler <bmt@zurich.ibm.com>
> Date: Sat, 27 Jul 2019 12:38:32 +0200
> Subject: [PATCH] Do not dereference 'siw_crypto_shash' before checking
>
> Signed-off-by: Bernard Metzler <bmt@zurich.ibm.com>
> ---
> drivers/infiniband/sw/siw/siw_qp.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/infiniband/sw/siw/siw_qp.c
> b/drivers/infiniband/sw/siw/siw_qp.c
> index 11383d9f95ef..e27bd5b35b96 100644
> --- a/drivers/infiniband/sw/siw/siw_qp.c
> +++ b/drivers/infiniband/sw/siw/siw_qp.c
> @@ -220,12 +220,14 @@ static int siw_qp_enable_crc(struct siw_qp *qp)
> {
> struct siw_rx_stream *c_rx = &qp->rx_stream;
> struct siw_iwarp_tx *c_tx = &qp->tx_ctx;
> - int size = crypto_shash_descsize(siw_crypto_shash) +
> - sizeof(struct shash_desc);
> + int size;
>
> if (siw_crypto_shash == NULL)
> return -ENOENT;
>
> + size = crypto_shash_descsize(siw_crypto_shash) +
> + sizeof(struct shash_desc);
> +
> c_tx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> c_rx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> if (!c_tx->mpa_crc_hd || !c_rx->mpa_crc_hd) {
--
Doug Ledford <dledford@redhat.com>
GPG KeyID: B826A3330E572FDD
Fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-07-29 17:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-07-26 8:10 [bug report] rdma/siw: queue pair methods Dan Carpenter
2019-07-27 11:03 ` Bernard Metzler
2019-07-29 17:36 ` Doug Ledford
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.