arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)

All of lore.kernel.org
 help / color / mirror / Atom feed

* arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
@ 2022-01-26 10:16 ` Dan Carpenter
  0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2022-01-24 19:23 UTC (permalink / raw)
  To: kbuild

[-- Attachment #1: Type: text/plain, Size: 7955 bytes --]

CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Thomas Gleixner <tglx@linutronix.de>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Jing Liu <jing2.liu@intel.com>
CC: Yang Zhong <yang.zhong@intel.com>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
commit: c270ce393dfd700e7510a4579568deeefba954fd x86/fpu: Add guest support to xfd_enable_feature()
date:   10 days ago
:::::: branch date: 27 hours ago
:::::: commit date: 10 days ago
config: x86_64-randconfig-m001-20220124 (https://download.01.org/0day-ci/archive/20220125/202201250223.SYDiQopU-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)

Old smatch warnings:
arch/x86/kernel/fpu/xstate.c:375 os_xrstor_booting() warn: mask and shift to zero

vim +/curfps +1580 arch/x86/kernel/fpu/xstate.c

500afbf645a040 Chang S. Bae    2021-10-21  1501  
500afbf645a040 Chang S. Bae    2021-10-21  1502  /**
500afbf645a040 Chang S. Bae    2021-10-21  1503   * fpstate_realloc - Reallocate struct fpstate for the requested new features
500afbf645a040 Chang S. Bae    2021-10-21  1504   *
500afbf645a040 Chang S. Bae    2021-10-21  1505   * @xfeatures:	A bitmap of xstate features which extend the enabled features
500afbf645a040 Chang S. Bae    2021-10-21  1506   *		of that task
500afbf645a040 Chang S. Bae    2021-10-21  1507   * @ksize:	The required size for the kernel buffer
500afbf645a040 Chang S. Bae    2021-10-21  1508   * @usize:	The required size for user space buffers
c270ce393dfd70 Thomas Gleixner 2022-01-05  1509   * @guest_fpu:	Pointer to a guest FPU container. NULL for host allocations
500afbf645a040 Chang S. Bae    2021-10-21  1510   *
500afbf645a040 Chang S. Bae    2021-10-21  1511   * Note vs. vmalloc(): If the task with a vzalloc()-allocated buffer
500afbf645a040 Chang S. Bae    2021-10-21  1512   * terminates quickly, vfree()-induced IPIs may be a concern, but tasks
500afbf645a040 Chang S. Bae    2021-10-21  1513   * with large states are likely to live longer.
500afbf645a040 Chang S. Bae    2021-10-21  1514   *
500afbf645a040 Chang S. Bae    2021-10-21  1515   * Returns: 0 on success, -ENOMEM on allocation error.
500afbf645a040 Chang S. Bae    2021-10-21  1516   */
500afbf645a040 Chang S. Bae    2021-10-21  1517  static int fpstate_realloc(u64 xfeatures, unsigned int ksize,
c270ce393dfd70 Thomas Gleixner 2022-01-05  1518  			   unsigned int usize, struct fpu_guest *guest_fpu)
500afbf645a040 Chang S. Bae    2021-10-21  1519  {
500afbf645a040 Chang S. Bae    2021-10-21  1520  	struct fpu *fpu = &current->thread.fpu;
500afbf645a040 Chang S. Bae    2021-10-21  1521  	struct fpstate *curfps, *newfps = NULL;
500afbf645a040 Chang S. Bae    2021-10-21  1522  	unsigned int fpsize;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1523  	bool in_use;
500afbf645a040 Chang S. Bae    2021-10-21  1524  
500afbf645a040 Chang S. Bae    2021-10-21  1525  	fpsize = ksize + ALIGN(offsetof(struct fpstate, regs), 64);
500afbf645a040 Chang S. Bae    2021-10-21  1526  
500afbf645a040 Chang S. Bae    2021-10-21  1527  	newfps = vzalloc(fpsize);
500afbf645a040 Chang S. Bae    2021-10-21  1528  	if (!newfps)
500afbf645a040 Chang S. Bae    2021-10-21  1529  		return -ENOMEM;
500afbf645a040 Chang S. Bae    2021-10-21  1530  	newfps->size = ksize;
500afbf645a040 Chang S. Bae    2021-10-21  1531  	newfps->user_size = usize;
500afbf645a040 Chang S. Bae    2021-10-21  1532  	newfps->is_valloc = true;
500afbf645a040 Chang S. Bae    2021-10-21  1533  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1534  	/*
c270ce393dfd70 Thomas Gleixner 2022-01-05  1535  	 * When a guest FPU is supplied, use @guest_fpu->fpstate
c270ce393dfd70 Thomas Gleixner 2022-01-05  1536  	 * as reference independent whether it is in use or not.
c270ce393dfd70 Thomas Gleixner 2022-01-05  1537  	 */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1538  	curfps = guest_fpu ? guest_fpu->fpstate : fpu->fpstate;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1539  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1540  	/* Determine whether @curfps is the active fpstate */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1541  	in_use = fpu->fpstate == curfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1542  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1543  	if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1544  		newfps->is_guest = true;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1545  		newfps->is_confidential = curfps->is_confidential;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1546  		newfps->in_use = curfps->in_use;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1547  		guest_fpu->xfeatures |= xfeatures;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1548  	}
c270ce393dfd70 Thomas Gleixner 2022-01-05  1549  
500afbf645a040 Chang S. Bae    2021-10-21  1550  	fpregs_lock();
500afbf645a040 Chang S. Bae    2021-10-21  1551  	/*
c270ce393dfd70 Thomas Gleixner 2022-01-05  1552  	 * If @curfps is in use, ensure that the current state is in the
c270ce393dfd70 Thomas Gleixner 2022-01-05  1553  	 * registers before swapping fpstate as that might invalidate it
c270ce393dfd70 Thomas Gleixner 2022-01-05  1554  	 * due to layout changes.
500afbf645a040 Chang S. Bae    2021-10-21  1555  	 */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1556  	if (in_use && test_thread_flag(TIF_NEED_FPU_LOAD))
500afbf645a040 Chang S. Bae    2021-10-21  1557  		fpregs_restore_userregs();
500afbf645a040 Chang S. Bae    2021-10-21  1558  
500afbf645a040 Chang S. Bae    2021-10-21 @1559  	newfps->xfeatures = curfps->xfeatures | xfeatures;
500afbf645a040 Chang S. Bae    2021-10-21  1560  	newfps->user_xfeatures = curfps->user_xfeatures | xfeatures;
500afbf645a040 Chang S. Bae    2021-10-21  1561  	newfps->xfd = curfps->xfd & ~xfeatures;
500afbf645a040 Chang S. Bae    2021-10-21  1562  
500afbf645a040 Chang S. Bae    2021-10-21  1563  	/* Do the final updates within the locked region */
500afbf645a040 Chang S. Bae    2021-10-21  1564  	xstate_init_xcomp_bv(&newfps->regs.xsave, newfps->xfeatures);
500afbf645a040 Chang S. Bae    2021-10-21  1565  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1566  	if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1567  		guest_fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1568  		/* If curfps is active, update the FPU fpstate pointer */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1569  		if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05  1570  			fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1571  	} else {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1572  		fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1573  	}
c270ce393dfd70 Thomas Gleixner 2022-01-05  1574  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1575  	if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05  1576  		xfd_update_state(fpu->fpstate);
500afbf645a040 Chang S. Bae    2021-10-21  1577  	fpregs_unlock();
500afbf645a040 Chang S. Bae    2021-10-21  1578  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1579  	/* Only free valloc'ed state */
c270ce393dfd70 Thomas Gleixner 2022-01-05 @1580  	if (curfps && curfps->is_valloc)
500afbf645a040 Chang S. Bae    2021-10-21  1581  		vfree(curfps);
c270ce393dfd70 Thomas Gleixner 2022-01-05  1582  
500afbf645a040 Chang S. Bae    2021-10-21  1583  	return 0;
500afbf645a040 Chang S. Bae    2021-10-21  1584  }
500afbf645a040 Chang S. Bae    2021-10-21  1585  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

^ permalink raw reply	[flat|nested] 3+ messages in thread

* arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
@ 2022-01-26 10:16 ` Dan Carpenter
  0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2022-01-26 10:16 UTC (permalink / raw)
  To: kbuild-all

[-- Attachment #1: Type: text/plain, Size: 6280 bytes --]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
commit: c270ce393dfd700e7510a4579568deeefba954fd x86/fpu: Add guest support to xfd_enable_feature()
config: x86_64-randconfig-m001-20220124 (https://download.01.org/0day-ci/archive/20220125/202201250223.SYDiQopU-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)

vim +/curfps +1580 arch/x86/kernel/fpu/xstate.c

500afbf645a040 Chang S. Bae    2021-10-21  1517  static int fpstate_realloc(u64 xfeatures, unsigned int ksize,
c270ce393dfd70 Thomas Gleixner 2022-01-05  1518  			   unsigned int usize, struct fpu_guest *guest_fpu)
500afbf645a040 Chang S. Bae    2021-10-21  1519  {
500afbf645a040 Chang S. Bae    2021-10-21  1520  	struct fpu *fpu = &current->thread.fpu;
500afbf645a040 Chang S. Bae    2021-10-21  1521  	struct fpstate *curfps, *newfps = NULL;
500afbf645a040 Chang S. Bae    2021-10-21  1522  	unsigned int fpsize;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1523  	bool in_use;
500afbf645a040 Chang S. Bae    2021-10-21  1524  
500afbf645a040 Chang S. Bae    2021-10-21  1525  	fpsize = ksize + ALIGN(offsetof(struct fpstate, regs), 64);
500afbf645a040 Chang S. Bae    2021-10-21  1526  
500afbf645a040 Chang S. Bae    2021-10-21  1527  	newfps = vzalloc(fpsize);
500afbf645a040 Chang S. Bae    2021-10-21  1528  	if (!newfps)
500afbf645a040 Chang S. Bae    2021-10-21  1529  		return -ENOMEM;
500afbf645a040 Chang S. Bae    2021-10-21  1530  	newfps->size = ksize;
500afbf645a040 Chang S. Bae    2021-10-21  1531  	newfps->user_size = usize;
500afbf645a040 Chang S. Bae    2021-10-21  1532  	newfps->is_valloc = true;
500afbf645a040 Chang S. Bae    2021-10-21  1533  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1534  	/*
c270ce393dfd70 Thomas Gleixner 2022-01-05  1535  	 * When a guest FPU is supplied, use @guest_fpu->fpstate
c270ce393dfd70 Thomas Gleixner 2022-01-05  1536  	 * as reference independent whether it is in use or not.
c270ce393dfd70 Thomas Gleixner 2022-01-05  1537  	 */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1538  	curfps = guest_fpu ? guest_fpu->fpstate : fpu->fpstate;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1539  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1540  	/* Determine whether @curfps is the active fpstate */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1541  	in_use = fpu->fpstate == curfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1542  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1543  	if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1544  		newfps->is_guest = true;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1545  		newfps->is_confidential = curfps->is_confidential;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1546  		newfps->in_use = curfps->in_use;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1547  		guest_fpu->xfeatures |= xfeatures;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1548  	}
c270ce393dfd70 Thomas Gleixner 2022-01-05  1549  
500afbf645a040 Chang S. Bae    2021-10-21  1550  	fpregs_lock();
500afbf645a040 Chang S. Bae    2021-10-21  1551  	/*
c270ce393dfd70 Thomas Gleixner 2022-01-05  1552  	 * If @curfps is in use, ensure that the current state is in the
c270ce393dfd70 Thomas Gleixner 2022-01-05  1553  	 * registers before swapping fpstate as that might invalidate it
c270ce393dfd70 Thomas Gleixner 2022-01-05  1554  	 * due to layout changes.
500afbf645a040 Chang S. Bae    2021-10-21  1555  	 */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1556  	if (in_use && test_thread_flag(TIF_NEED_FPU_LOAD))
500afbf645a040 Chang S. Bae    2021-10-21  1557  		fpregs_restore_userregs();
500afbf645a040 Chang S. Bae    2021-10-21  1558  
500afbf645a040 Chang S. Bae    2021-10-21 @1559  	newfps->xfeatures = curfps->xfeatures | xfeatures;
                                                                            ^^^^^^^^^^^^^^^^^
Unchecked dereference

500afbf645a040 Chang S. Bae    2021-10-21  1560  	newfps->user_xfeatures = curfps->user_xfeatures | xfeatures;
500afbf645a040 Chang S. Bae    2021-10-21  1561  	newfps->xfd = curfps->xfd & ~xfeatures;
500afbf645a040 Chang S. Bae    2021-10-21  1562  
500afbf645a040 Chang S. Bae    2021-10-21  1563  	/* Do the final updates within the locked region */
500afbf645a040 Chang S. Bae    2021-10-21  1564  	xstate_init_xcomp_bv(&newfps->regs.xsave, newfps->xfeatures);
500afbf645a040 Chang S. Bae    2021-10-21  1565  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1566  	if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1567  		guest_fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1568  		/* If curfps is active, update the FPU fpstate pointer */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1569  		if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05  1570  			fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1571  	} else {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1572  		fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1573  	}
c270ce393dfd70 Thomas Gleixner 2022-01-05  1574  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1575  	if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05  1576  		xfd_update_state(fpu->fpstate);
500afbf645a040 Chang S. Bae    2021-10-21  1577  	fpregs_unlock();
500afbf645a040 Chang S. Bae    2021-10-21  1578  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1579  	/* Only free valloc'ed state */
c270ce393dfd70 Thomas Gleixner 2022-01-05 @1580  	if (curfps && curfps->is_valloc)
                                                            ^^^^^^
Checked too late

500afbf645a040 Chang S. Bae    2021-10-21  1581  		vfree(curfps);
c270ce393dfd70 Thomas Gleixner 2022-01-05  1582  
500afbf645a040 Chang S. Bae    2021-10-21  1583  	return 0;
500afbf645a040 Chang S. Bae    2021-10-21  1584  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

^ permalink raw reply	[flat|nested] 3+ messages in thread

* arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
@ 2022-01-26 10:16 ` Dan Carpenter
  0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2022-01-26 10:16 UTC (permalink / raw)
  To: kbuild, Thomas Gleixner
  Cc: lkp, kbuild-all, linux-kernel, Paolo Bonzini, Jing Liu,
	Yang Zhong

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
commit: c270ce393dfd700e7510a4579568deeefba954fd x86/fpu: Add guest support to xfd_enable_feature()
config: x86_64-randconfig-m001-20220124 (https://download.01.org/0day-ci/archive/20220125/202201250223.SYDiQopU-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

New smatch warnings:
arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)

vim +/curfps +1580 arch/x86/kernel/fpu/xstate.c

500afbf645a040 Chang S. Bae    2021-10-21  1517  static int fpstate_realloc(u64 xfeatures, unsigned int ksize,
c270ce393dfd70 Thomas Gleixner 2022-01-05  1518  			   unsigned int usize, struct fpu_guest *guest_fpu)
500afbf645a040 Chang S. Bae    2021-10-21  1519  {
500afbf645a040 Chang S. Bae    2021-10-21  1520  	struct fpu *fpu = &current->thread.fpu;
500afbf645a040 Chang S. Bae    2021-10-21  1521  	struct fpstate *curfps, *newfps = NULL;
500afbf645a040 Chang S. Bae    2021-10-21  1522  	unsigned int fpsize;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1523  	bool in_use;
500afbf645a040 Chang S. Bae    2021-10-21  1524  
500afbf645a040 Chang S. Bae    2021-10-21  1525  	fpsize = ksize + ALIGN(offsetof(struct fpstate, regs), 64);
500afbf645a040 Chang S. Bae    2021-10-21  1526  
500afbf645a040 Chang S. Bae    2021-10-21  1527  	newfps = vzalloc(fpsize);
500afbf645a040 Chang S. Bae    2021-10-21  1528  	if (!newfps)
500afbf645a040 Chang S. Bae    2021-10-21  1529  		return -ENOMEM;
500afbf645a040 Chang S. Bae    2021-10-21  1530  	newfps->size = ksize;
500afbf645a040 Chang S. Bae    2021-10-21  1531  	newfps->user_size = usize;
500afbf645a040 Chang S. Bae    2021-10-21  1532  	newfps->is_valloc = true;
500afbf645a040 Chang S. Bae    2021-10-21  1533  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1534  	/*
c270ce393dfd70 Thomas Gleixner 2022-01-05  1535  	 * When a guest FPU is supplied, use @guest_fpu->fpstate
c270ce393dfd70 Thomas Gleixner 2022-01-05  1536  	 * as reference independent whether it is in use or not.
c270ce393dfd70 Thomas Gleixner 2022-01-05  1537  	 */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1538  	curfps = guest_fpu ? guest_fpu->fpstate : fpu->fpstate;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1539  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1540  	/* Determine whether @curfps is the active fpstate */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1541  	in_use = fpu->fpstate == curfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1542  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1543  	if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1544  		newfps->is_guest = true;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1545  		newfps->is_confidential = curfps->is_confidential;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1546  		newfps->in_use = curfps->in_use;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1547  		guest_fpu->xfeatures |= xfeatures;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1548  	}
c270ce393dfd70 Thomas Gleixner 2022-01-05  1549  
500afbf645a040 Chang S. Bae    2021-10-21  1550  	fpregs_lock();
500afbf645a040 Chang S. Bae    2021-10-21  1551  	/*
c270ce393dfd70 Thomas Gleixner 2022-01-05  1552  	 * If @curfps is in use, ensure that the current state is in the
c270ce393dfd70 Thomas Gleixner 2022-01-05  1553  	 * registers before swapping fpstate as that might invalidate it
c270ce393dfd70 Thomas Gleixner 2022-01-05  1554  	 * due to layout changes.
500afbf645a040 Chang S. Bae    2021-10-21  1555  	 */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1556  	if (in_use && test_thread_flag(TIF_NEED_FPU_LOAD))
500afbf645a040 Chang S. Bae    2021-10-21  1557  		fpregs_restore_userregs();
500afbf645a040 Chang S. Bae    2021-10-21  1558  
500afbf645a040 Chang S. Bae    2021-10-21 @1559  	newfps->xfeatures = curfps->xfeatures | xfeatures;
                                                                            ^^^^^^^^^^^^^^^^^
Unchecked dereference

500afbf645a040 Chang S. Bae    2021-10-21  1560  	newfps->user_xfeatures = curfps->user_xfeatures | xfeatures;
500afbf645a040 Chang S. Bae    2021-10-21  1561  	newfps->xfd = curfps->xfd & ~xfeatures;
500afbf645a040 Chang S. Bae    2021-10-21  1562  
500afbf645a040 Chang S. Bae    2021-10-21  1563  	/* Do the final updates within the locked region */
500afbf645a040 Chang S. Bae    2021-10-21  1564  	xstate_init_xcomp_bv(&newfps->regs.xsave, newfps->xfeatures);
500afbf645a040 Chang S. Bae    2021-10-21  1565  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1566  	if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1567  		guest_fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1568  		/* If curfps is active, update the FPU fpstate pointer */
c270ce393dfd70 Thomas Gleixner 2022-01-05  1569  		if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05  1570  			fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1571  	} else {
c270ce393dfd70 Thomas Gleixner 2022-01-05  1572  		fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05  1573  	}
c270ce393dfd70 Thomas Gleixner 2022-01-05  1574  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1575  	if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05  1576  		xfd_update_state(fpu->fpstate);
500afbf645a040 Chang S. Bae    2021-10-21  1577  	fpregs_unlock();
500afbf645a040 Chang S. Bae    2021-10-21  1578  
c270ce393dfd70 Thomas Gleixner 2022-01-05  1579  	/* Only free valloc'ed state */
c270ce393dfd70 Thomas Gleixner 2022-01-05 @1580  	if (curfps && curfps->is_valloc)
                                                            ^^^^^^
Checked too late

500afbf645a040 Chang S. Bae    2021-10-21  1581  		vfree(curfps);
c270ce393dfd70 Thomas Gleixner 2022-01-05  1582  
500afbf645a040 Chang S. Bae    2021-10-21  1583  	return 0;
500afbf645a040 Chang S. Bae    2021-10-21  1584  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2022-01-26 10:17 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-24 19:23 arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559) kernel test robot
2022-01-26 10:16 ` Dan Carpenter
2022-01-26 10:16 ` Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.