* [bug report] lpfc: Refactor NVME LS receive handling
@ 2020-05-12 18:18 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2020-05-12 18:18 UTC (permalink / raw)
To: jsmart2021; +Cc: linux-scsi
Hello James Smart,
This is a semi-automatic email about new static checker warnings.
The patch 3a8070c567aa: "lpfc: Refactor NVME LS receive handling"
from Mar 31, 2020, leads to the following Smatch complaint:
drivers/scsi/lpfc/lpfc_sli.c:2905 lpfc_nvme_unsol_ls_handler()
error: we previously assumed 'phba->targetport' could be null (see line 2837)
drivers/scsi/lpfc/lpfc_sli.c
2836 failwhy = "No Localport";
2837 } else if (phba->nvmet_support && !phba->targetport) {
^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
Assume both pointers are NULL.
2838 failwhy = "No Targetport";
2839 } else if (unlikely(fc_hdr->fh_r_ctl != FC_RCTL_ELS4_REQ)) {
2840 failwhy = "Bad NVME LS R_CTL";
2841 } else if (unlikely((fctl & 0x00FF0000) !=
2842 (FC_FC_FIRST_SEQ | FC_FC_END_SEQ | FC_FC_SEQ_INIT))) {
2843 failwhy = "Bad NVME LS F_CTL";
2844 } else {
2845 axchg = kzalloc(sizeof(*axchg), GFP_ATOMIC);
2846 if (!axchg)
2847 failwhy = "No CTX memory";
2848 }
2849
2850 if (unlikely(failwhy)) {
2851 lpfc_printf_log(phba, KERN_ERR, LOG_NVME_DISC | LOG_NVME_IOERR,
2852 "6154 Drop NVME LS: SID %06X OXID x%X: %s\n",
2853 sid, oxid, failwhy);
2854 goto out_fail;
2855 }
2856
2857 /* validate the source of the LS is logged in */
2858 ndlp = lpfc_findnode_did(phba->pport, sid);
2859 if (!ndlp || !NLP_CHK_NODE_ACT(ndlp) ||
2860 ((ndlp->nlp_state != NLP_STE_UNMAPPED_NODE) &&
2861 (ndlp->nlp_state != NLP_STE_MAPPED_NODE))) {
2862 lpfc_printf_log(phba, KERN_ERR, LOG_NVME_DISC,
2863 "6216 NVME Unsol rcv: No ndlp: "
2864 "NPort_ID x%x oxid x%x\n",
2865 sid, oxid);
2866 goto out_fail;
2867 }
2868
2869 axchg->phba = phba;
2870 axchg->ndlp = ndlp;
2871 axchg->size = size;
2872 axchg->oxid = oxid;
2873 axchg->sid = sid;
2874 axchg->wqeq = NULL;
2875 axchg->state = LPFC_NVME_STE_LS_RCV;
2876 axchg->entry_cnt = 1;
2877 axchg->rqb_buffer = (void *)nvmebuf;
2878 axchg->hdwq = &phba->sli4_hba.hdwq[0];
2879 axchg->payload = nvmebuf->dbuf.virt;
2880 INIT_LIST_HEAD(&axchg->list);
2881
2882 if (phba->nvmet_support)
2883 ret = lpfc_nvmet_handle_lsreq(phba, axchg);
2884 else
2885 ret = lpfc_nvme_handle_lsreq(phba, axchg);
2886
2887 /* if zero, LS was successfully handled. If non-zero, LS not handled */
2888 if (!ret)
2889 return;
2890
2891 lpfc_printf_log(phba, KERN_ERR, LOG_NVME_DISC | LOG_NVME_IOERR,
2892 "6155 Drop NVME LS from DID %06X: SID %06X OXID x%X "
2893 "NVMe%s handler failed %d\n",
2894 did, sid, oxid,
2895 (phba->nvmet_support) ? "T" : "I", ret);
2896
2897 out_fail:
2898 kfree(axchg);
2899
2900 /* recycle receive buffer */
2901 lpfc_in_buf_free(phba, &nvmebuf->dbuf);
2902
2903 /* If start of new exchange, abort it */
2904 if (fctl & FC_FC_FIRST_SEQ && !(fctl & FC_FC_EX_CTX))
2905 lpfc_nvme_unsol_ls_issue_abort(phba, axchg, sid, oxid);
^^^^
phba->targetport is dereferenced without checking.
2906 }
2907
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-05-12 18:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-05-12 18:18 [bug report] lpfc: Refactor NVME LS receive handling Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.