From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
Date: Tue, 25 Jan 2022 03:23:58 +0800 [thread overview]
Message-ID: <202201250223.SYDiQopU-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 7955 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Thomas Gleixner <tglx@linutronix.de>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Jing Liu <jing2.liu@intel.com>
CC: Yang Zhong <yang.zhong@intel.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
commit: c270ce393dfd700e7510a4579568deeefba954fd x86/fpu: Add guest support to xfd_enable_feature()
date: 10 days ago
:::::: branch date: 27 hours ago
:::::: commit date: 10 days ago
config: x86_64-randconfig-m001-20220124 (https://download.01.org/0day-ci/archive/20220125/202201250223.SYDiQopU-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
Old smatch warnings:
arch/x86/kernel/fpu/xstate.c:375 os_xrstor_booting() warn: mask and shift to zero
vim +/curfps +1580 arch/x86/kernel/fpu/xstate.c
500afbf645a040 Chang S. Bae 2021-10-21 1501
500afbf645a040 Chang S. Bae 2021-10-21 1502 /**
500afbf645a040 Chang S. Bae 2021-10-21 1503 * fpstate_realloc - Reallocate struct fpstate for the requested new features
500afbf645a040 Chang S. Bae 2021-10-21 1504 *
500afbf645a040 Chang S. Bae 2021-10-21 1505 * @xfeatures: A bitmap of xstate features which extend the enabled features
500afbf645a040 Chang S. Bae 2021-10-21 1506 * of that task
500afbf645a040 Chang S. Bae 2021-10-21 1507 * @ksize: The required size for the kernel buffer
500afbf645a040 Chang S. Bae 2021-10-21 1508 * @usize: The required size for user space buffers
c270ce393dfd70 Thomas Gleixner 2022-01-05 1509 * @guest_fpu: Pointer to a guest FPU container. NULL for host allocations
500afbf645a040 Chang S. Bae 2021-10-21 1510 *
500afbf645a040 Chang S. Bae 2021-10-21 1511 * Note vs. vmalloc(): If the task with a vzalloc()-allocated buffer
500afbf645a040 Chang S. Bae 2021-10-21 1512 * terminates quickly, vfree()-induced IPIs may be a concern, but tasks
500afbf645a040 Chang S. Bae 2021-10-21 1513 * with large states are likely to live longer.
500afbf645a040 Chang S. Bae 2021-10-21 1514 *
500afbf645a040 Chang S. Bae 2021-10-21 1515 * Returns: 0 on success, -ENOMEM on allocation error.
500afbf645a040 Chang S. Bae 2021-10-21 1516 */
500afbf645a040 Chang S. Bae 2021-10-21 1517 static int fpstate_realloc(u64 xfeatures, unsigned int ksize,
c270ce393dfd70 Thomas Gleixner 2022-01-05 1518 unsigned int usize, struct fpu_guest *guest_fpu)
500afbf645a040 Chang S. Bae 2021-10-21 1519 {
500afbf645a040 Chang S. Bae 2021-10-21 1520 struct fpu *fpu = ¤t->thread.fpu;
500afbf645a040 Chang S. Bae 2021-10-21 1521 struct fpstate *curfps, *newfps = NULL;
500afbf645a040 Chang S. Bae 2021-10-21 1522 unsigned int fpsize;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1523 bool in_use;
500afbf645a040 Chang S. Bae 2021-10-21 1524
500afbf645a040 Chang S. Bae 2021-10-21 1525 fpsize = ksize + ALIGN(offsetof(struct fpstate, regs), 64);
500afbf645a040 Chang S. Bae 2021-10-21 1526
500afbf645a040 Chang S. Bae 2021-10-21 1527 newfps = vzalloc(fpsize);
500afbf645a040 Chang S. Bae 2021-10-21 1528 if (!newfps)
500afbf645a040 Chang S. Bae 2021-10-21 1529 return -ENOMEM;
500afbf645a040 Chang S. Bae 2021-10-21 1530 newfps->size = ksize;
500afbf645a040 Chang S. Bae 2021-10-21 1531 newfps->user_size = usize;
500afbf645a040 Chang S. Bae 2021-10-21 1532 newfps->is_valloc = true;
500afbf645a040 Chang S. Bae 2021-10-21 1533
c270ce393dfd70 Thomas Gleixner 2022-01-05 1534 /*
c270ce393dfd70 Thomas Gleixner 2022-01-05 1535 * When a guest FPU is supplied, use @guest_fpu->fpstate
c270ce393dfd70 Thomas Gleixner 2022-01-05 1536 * as reference independent whether it is in use or not.
c270ce393dfd70 Thomas Gleixner 2022-01-05 1537 */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1538 curfps = guest_fpu ? guest_fpu->fpstate : fpu->fpstate;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1539
c270ce393dfd70 Thomas Gleixner 2022-01-05 1540 /* Determine whether @curfps is the active fpstate */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1541 in_use = fpu->fpstate == curfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1542
c270ce393dfd70 Thomas Gleixner 2022-01-05 1543 if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1544 newfps->is_guest = true;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1545 newfps->is_confidential = curfps->is_confidential;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1546 newfps->in_use = curfps->in_use;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1547 guest_fpu->xfeatures |= xfeatures;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1548 }
c270ce393dfd70 Thomas Gleixner 2022-01-05 1549
500afbf645a040 Chang S. Bae 2021-10-21 1550 fpregs_lock();
500afbf645a040 Chang S. Bae 2021-10-21 1551 /*
c270ce393dfd70 Thomas Gleixner 2022-01-05 1552 * If @curfps is in use, ensure that the current state is in the
c270ce393dfd70 Thomas Gleixner 2022-01-05 1553 * registers before swapping fpstate as that might invalidate it
c270ce393dfd70 Thomas Gleixner 2022-01-05 1554 * due to layout changes.
500afbf645a040 Chang S. Bae 2021-10-21 1555 */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1556 if (in_use && test_thread_flag(TIF_NEED_FPU_LOAD))
500afbf645a040 Chang S. Bae 2021-10-21 1557 fpregs_restore_userregs();
500afbf645a040 Chang S. Bae 2021-10-21 1558
500afbf645a040 Chang S. Bae 2021-10-21 @1559 newfps->xfeatures = curfps->xfeatures | xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1560 newfps->user_xfeatures = curfps->user_xfeatures | xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1561 newfps->xfd = curfps->xfd & ~xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1562
500afbf645a040 Chang S. Bae 2021-10-21 1563 /* Do the final updates within the locked region */
500afbf645a040 Chang S. Bae 2021-10-21 1564 xstate_init_xcomp_bv(&newfps->regs.xsave, newfps->xfeatures);
500afbf645a040 Chang S. Bae 2021-10-21 1565
c270ce393dfd70 Thomas Gleixner 2022-01-05 1566 if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1567 guest_fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1568 /* If curfps is active, update the FPU fpstate pointer */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1569 if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05 1570 fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1571 } else {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1572 fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1573 }
c270ce393dfd70 Thomas Gleixner 2022-01-05 1574
c270ce393dfd70 Thomas Gleixner 2022-01-05 1575 if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05 1576 xfd_update_state(fpu->fpstate);
500afbf645a040 Chang S. Bae 2021-10-21 1577 fpregs_unlock();
500afbf645a040 Chang S. Bae 2021-10-21 1578
c270ce393dfd70 Thomas Gleixner 2022-01-05 1579 /* Only free valloc'ed state */
c270ce393dfd70 Thomas Gleixner 2022-01-05 @1580 if (curfps && curfps->is_valloc)
500afbf645a040 Chang S. Bae 2021-10-21 1581 vfree(curfps);
c270ce393dfd70 Thomas Gleixner 2022-01-05 1582
500afbf645a040 Chang S. Bae 2021-10-21 1583 return 0;
500afbf645a040 Chang S. Bae 2021-10-21 1584 }
500afbf645a040 Chang S. Bae 2021-10-21 1585
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild-all@lists.01.org
Subject: arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
Date: Wed, 26 Jan 2022 13:16:48 +0300 [thread overview]
Message-ID: <202201250223.SYDiQopU-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 6280 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
commit: c270ce393dfd700e7510a4579568deeefba954fd x86/fpu: Add guest support to xfd_enable_feature()
config: x86_64-randconfig-m001-20220124 (https://download.01.org/0day-ci/archive/20220125/202201250223.SYDiQopU-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
vim +/curfps +1580 arch/x86/kernel/fpu/xstate.c
500afbf645a040 Chang S. Bae 2021-10-21 1517 static int fpstate_realloc(u64 xfeatures, unsigned int ksize,
c270ce393dfd70 Thomas Gleixner 2022-01-05 1518 unsigned int usize, struct fpu_guest *guest_fpu)
500afbf645a040 Chang S. Bae 2021-10-21 1519 {
500afbf645a040 Chang S. Bae 2021-10-21 1520 struct fpu *fpu = ¤t->thread.fpu;
500afbf645a040 Chang S. Bae 2021-10-21 1521 struct fpstate *curfps, *newfps = NULL;
500afbf645a040 Chang S. Bae 2021-10-21 1522 unsigned int fpsize;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1523 bool in_use;
500afbf645a040 Chang S. Bae 2021-10-21 1524
500afbf645a040 Chang S. Bae 2021-10-21 1525 fpsize = ksize + ALIGN(offsetof(struct fpstate, regs), 64);
500afbf645a040 Chang S. Bae 2021-10-21 1526
500afbf645a040 Chang S. Bae 2021-10-21 1527 newfps = vzalloc(fpsize);
500afbf645a040 Chang S. Bae 2021-10-21 1528 if (!newfps)
500afbf645a040 Chang S. Bae 2021-10-21 1529 return -ENOMEM;
500afbf645a040 Chang S. Bae 2021-10-21 1530 newfps->size = ksize;
500afbf645a040 Chang S. Bae 2021-10-21 1531 newfps->user_size = usize;
500afbf645a040 Chang S. Bae 2021-10-21 1532 newfps->is_valloc = true;
500afbf645a040 Chang S. Bae 2021-10-21 1533
c270ce393dfd70 Thomas Gleixner 2022-01-05 1534 /*
c270ce393dfd70 Thomas Gleixner 2022-01-05 1535 * When a guest FPU is supplied, use @guest_fpu->fpstate
c270ce393dfd70 Thomas Gleixner 2022-01-05 1536 * as reference independent whether it is in use or not.
c270ce393dfd70 Thomas Gleixner 2022-01-05 1537 */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1538 curfps = guest_fpu ? guest_fpu->fpstate : fpu->fpstate;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1539
c270ce393dfd70 Thomas Gleixner 2022-01-05 1540 /* Determine whether @curfps is the active fpstate */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1541 in_use = fpu->fpstate == curfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1542
c270ce393dfd70 Thomas Gleixner 2022-01-05 1543 if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1544 newfps->is_guest = true;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1545 newfps->is_confidential = curfps->is_confidential;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1546 newfps->in_use = curfps->in_use;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1547 guest_fpu->xfeatures |= xfeatures;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1548 }
c270ce393dfd70 Thomas Gleixner 2022-01-05 1549
500afbf645a040 Chang S. Bae 2021-10-21 1550 fpregs_lock();
500afbf645a040 Chang S. Bae 2021-10-21 1551 /*
c270ce393dfd70 Thomas Gleixner 2022-01-05 1552 * If @curfps is in use, ensure that the current state is in the
c270ce393dfd70 Thomas Gleixner 2022-01-05 1553 * registers before swapping fpstate as that might invalidate it
c270ce393dfd70 Thomas Gleixner 2022-01-05 1554 * due to layout changes.
500afbf645a040 Chang S. Bae 2021-10-21 1555 */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1556 if (in_use && test_thread_flag(TIF_NEED_FPU_LOAD))
500afbf645a040 Chang S. Bae 2021-10-21 1557 fpregs_restore_userregs();
500afbf645a040 Chang S. Bae 2021-10-21 1558
500afbf645a040 Chang S. Bae 2021-10-21 @1559 newfps->xfeatures = curfps->xfeatures | xfeatures;
^^^^^^^^^^^^^^^^^
Unchecked dereference
500afbf645a040 Chang S. Bae 2021-10-21 1560 newfps->user_xfeatures = curfps->user_xfeatures | xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1561 newfps->xfd = curfps->xfd & ~xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1562
500afbf645a040 Chang S. Bae 2021-10-21 1563 /* Do the final updates within the locked region */
500afbf645a040 Chang S. Bae 2021-10-21 1564 xstate_init_xcomp_bv(&newfps->regs.xsave, newfps->xfeatures);
500afbf645a040 Chang S. Bae 2021-10-21 1565
c270ce393dfd70 Thomas Gleixner 2022-01-05 1566 if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1567 guest_fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1568 /* If curfps is active, update the FPU fpstate pointer */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1569 if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05 1570 fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1571 } else {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1572 fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1573 }
c270ce393dfd70 Thomas Gleixner 2022-01-05 1574
c270ce393dfd70 Thomas Gleixner 2022-01-05 1575 if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05 1576 xfd_update_state(fpu->fpstate);
500afbf645a040 Chang S. Bae 2021-10-21 1577 fpregs_unlock();
500afbf645a040 Chang S. Bae 2021-10-21 1578
c270ce393dfd70 Thomas Gleixner 2022-01-05 1579 /* Only free valloc'ed state */
c270ce393dfd70 Thomas Gleixner 2022-01-05 @1580 if (curfps && curfps->is_valloc)
^^^^^^
Checked too late
500afbf645a040 Chang S. Bae 2021-10-21 1581 vfree(curfps);
c270ce393dfd70 Thomas Gleixner 2022-01-05 1582
500afbf645a040 Chang S. Bae 2021-10-21 1583 return 0;
500afbf645a040 Chang S. Bae 2021-10-21 1584 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, Thomas Gleixner <tglx@linutronix.de>
Cc: lkp@intel.com, kbuild-all@lists.01.org,
linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
Jing Liu <jing2.liu@intel.com>, Yang Zhong <yang.zhong@intel.com>
Subject: arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
Date: Wed, 26 Jan 2022 13:16:48 +0300 [thread overview]
Message-ID: <202201250223.SYDiQopU-lkp@intel.com> (raw)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
commit: c270ce393dfd700e7510a4579568deeefba954fd x86/fpu: Add guest support to xfd_enable_feature()
config: x86_64-randconfig-m001-20220124 (https://download.01.org/0day-ci/archive/20220125/202201250223.SYDiQopU-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
vim +/curfps +1580 arch/x86/kernel/fpu/xstate.c
500afbf645a040 Chang S. Bae 2021-10-21 1517 static int fpstate_realloc(u64 xfeatures, unsigned int ksize,
c270ce393dfd70 Thomas Gleixner 2022-01-05 1518 unsigned int usize, struct fpu_guest *guest_fpu)
500afbf645a040 Chang S. Bae 2021-10-21 1519 {
500afbf645a040 Chang S. Bae 2021-10-21 1520 struct fpu *fpu = ¤t->thread.fpu;
500afbf645a040 Chang S. Bae 2021-10-21 1521 struct fpstate *curfps, *newfps = NULL;
500afbf645a040 Chang S. Bae 2021-10-21 1522 unsigned int fpsize;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1523 bool in_use;
500afbf645a040 Chang S. Bae 2021-10-21 1524
500afbf645a040 Chang S. Bae 2021-10-21 1525 fpsize = ksize + ALIGN(offsetof(struct fpstate, regs), 64);
500afbf645a040 Chang S. Bae 2021-10-21 1526
500afbf645a040 Chang S. Bae 2021-10-21 1527 newfps = vzalloc(fpsize);
500afbf645a040 Chang S. Bae 2021-10-21 1528 if (!newfps)
500afbf645a040 Chang S. Bae 2021-10-21 1529 return -ENOMEM;
500afbf645a040 Chang S. Bae 2021-10-21 1530 newfps->size = ksize;
500afbf645a040 Chang S. Bae 2021-10-21 1531 newfps->user_size = usize;
500afbf645a040 Chang S. Bae 2021-10-21 1532 newfps->is_valloc = true;
500afbf645a040 Chang S. Bae 2021-10-21 1533
c270ce393dfd70 Thomas Gleixner 2022-01-05 1534 /*
c270ce393dfd70 Thomas Gleixner 2022-01-05 1535 * When a guest FPU is supplied, use @guest_fpu->fpstate
c270ce393dfd70 Thomas Gleixner 2022-01-05 1536 * as reference independent whether it is in use or not.
c270ce393dfd70 Thomas Gleixner 2022-01-05 1537 */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1538 curfps = guest_fpu ? guest_fpu->fpstate : fpu->fpstate;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1539
c270ce393dfd70 Thomas Gleixner 2022-01-05 1540 /* Determine whether @curfps is the active fpstate */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1541 in_use = fpu->fpstate == curfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1542
c270ce393dfd70 Thomas Gleixner 2022-01-05 1543 if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1544 newfps->is_guest = true;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1545 newfps->is_confidential = curfps->is_confidential;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1546 newfps->in_use = curfps->in_use;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1547 guest_fpu->xfeatures |= xfeatures;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1548 }
c270ce393dfd70 Thomas Gleixner 2022-01-05 1549
500afbf645a040 Chang S. Bae 2021-10-21 1550 fpregs_lock();
500afbf645a040 Chang S. Bae 2021-10-21 1551 /*
c270ce393dfd70 Thomas Gleixner 2022-01-05 1552 * If @curfps is in use, ensure that the current state is in the
c270ce393dfd70 Thomas Gleixner 2022-01-05 1553 * registers before swapping fpstate as that might invalidate it
c270ce393dfd70 Thomas Gleixner 2022-01-05 1554 * due to layout changes.
500afbf645a040 Chang S. Bae 2021-10-21 1555 */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1556 if (in_use && test_thread_flag(TIF_NEED_FPU_LOAD))
500afbf645a040 Chang S. Bae 2021-10-21 1557 fpregs_restore_userregs();
500afbf645a040 Chang S. Bae 2021-10-21 1558
500afbf645a040 Chang S. Bae 2021-10-21 @1559 newfps->xfeatures = curfps->xfeatures | xfeatures;
^^^^^^^^^^^^^^^^^
Unchecked dereference
500afbf645a040 Chang S. Bae 2021-10-21 1560 newfps->user_xfeatures = curfps->user_xfeatures | xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1561 newfps->xfd = curfps->xfd & ~xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1562
500afbf645a040 Chang S. Bae 2021-10-21 1563 /* Do the final updates within the locked region */
500afbf645a040 Chang S. Bae 2021-10-21 1564 xstate_init_xcomp_bv(&newfps->regs.xsave, newfps->xfeatures);
500afbf645a040 Chang S. Bae 2021-10-21 1565
c270ce393dfd70 Thomas Gleixner 2022-01-05 1566 if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1567 guest_fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1568 /* If curfps is active, update the FPU fpstate pointer */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1569 if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05 1570 fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1571 } else {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1572 fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1573 }
c270ce393dfd70 Thomas Gleixner 2022-01-05 1574
c270ce393dfd70 Thomas Gleixner 2022-01-05 1575 if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05 1576 xfd_update_state(fpu->fpstate);
500afbf645a040 Chang S. Bae 2021-10-21 1577 fpregs_unlock();
500afbf645a040 Chang S. Bae 2021-10-21 1578
c270ce393dfd70 Thomas Gleixner 2022-01-05 1579 /* Only free valloc'ed state */
c270ce393dfd70 Thomas Gleixner 2022-01-05 @1580 if (curfps && curfps->is_valloc)
^^^^^^
Checked too late
500afbf645a040 Chang S. Bae 2021-10-21 1581 vfree(curfps);
c270ce393dfd70 Thomas Gleixner 2022-01-05 1582
500afbf645a040 Chang S. Bae 2021-10-21 1583 return 0;
500afbf645a040 Chang S. Bae 2021-10-21 1584 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
next reply other threads:[~2022-01-24 19:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-24 19:23 kernel test robot [this message]
2022-01-26 10:16 ` arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559) Dan Carpenter
2022-01-26 10:16 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202201250223.SYDiQopU-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.