From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476]
Date: Mon, 20 Jun 2022 01:36:45 +0800 [thread overview]
Message-ID: <202206200127.gi8QQOSP-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 14189 bytes --]
::::::
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check warning: drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]"
::::::
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Bart Van Assche <bvanassche@acm.org>
CC: "Martin K. Petersen" <martin.petersen@oracle.com>
CC: Bean Huo <beanhuo@micron.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 4b35035bcf80ddb47c0112c4fbd84a63a2836a18
commit: dd11376b9f1b73aca3f8c6eb541486bbb6996f05 scsi: ufs: Split the drivers/scsi/ufs directory
date: 4 weeks ago
:::::: branch date: 2 days ago
:::::: commit date: 4 weeks ago
config: arm-randconfig-c002-20220619 (https://download.01.org/0day-ci/archive/20220620/202206200127.gi8QQOSP-lkp(a)intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dd11376b9f1b73aca3f8c6eb541486bbb6996f05
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout dd11376b9f1b73aca3f8c6eb541486bbb6996f05
# save the config file
ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error'
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
gcc-analyzer warnings: (new ones prefixed by >>)
|drivers/ufs/core/ufs_bsg.c:90:31:
| 40 | if (min_req_len > request_len || min_rsp_len > reply_len) {
| | ~
| | |
| | (7) following 'false' branch...
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to 'ufs_bsg_request' from 'dev_to_shost'
|......
| 101 | if (ret)
| | ~~
| | |
| | (8) ...to here
|
'ufs_bsg_request': event 9
|
|drivers/ufs/core/ufshcd-priv.h:256:40:
| 256 | return pm_runtime_get_sync(&hba->ufs_device_wlun->sdev_gendev);
| | ~~~^~~~~~~~~~~~~~~~~
| | |
| | (9) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)'
|
drivers/ufs/core/ufshcd-priv.h:261:40: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]
261 | return pm_runtime_put_sync(&hba->ufs_device_wlun->sdev_gendev);
| ~~~^~~~~~~~~~~~~~~~~
'ufs_bsg_request': events 1-2
|
|drivers/ufs/core/ufs_bsg.c:86:12:
| 86 | static int ufs_bsg_request(struct bsg_job *job)
| | ^~~~~~~~~~~~~~~
| | |
| | (1) entry to 'ufs_bsg_request'
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'dev_to_shost' from 'ufs_bsg_request'
|
+--> 'dev_to_shost': events 3-5
|
|include/scsi/scsi_host.h:726:33:
| 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev)
| | ^~~~~~~~~~~~
| | |
| | (3) entry to 'dev_to_shost'
| 727 | {
| 728 | while (!scsi_is_host_device(dev)) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) following 'true' branch...
| 729 | if (!dev->parent)
| | ~~
| | |
| | (5) ...to here
|
<------+
|
'ufs_bsg_request': events 6-10
|
|drivers/ufs/core/ufs_bsg.c:90:31:
| 40 | if (min_req_len > request_len || min_rsp_len > reply_len) {
| | ~
| | |
| | (7) following 'false' branch...
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to 'ufs_bsg_request' from 'dev_to_shost'
|......
| 101 | if (ret)
| | ~~
| | |
| | (8) ...to here
|......
| 125 | if (ret)
| | ~
| | |
| | (9) following 'false' branch (when 'ret == 0')...
|......
| 147 | ufshcd_rpm_put_sync(hba);
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (10) ...to here
|
'ufs_bsg_request': event 11
|
|drivers/ufs/core/ufshcd-priv.h:261:40:
| 261 | return pm_runtime_put_sync(&hba->ufs_device_wlun->sdev_gendev);
| | ~~~^~~~~~~~~~~~~~~~~
| | |
| | (11) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)'
|
In file included from include/linux/device.h:15,
from include/linux/blk_types.h:11,
from include/linux/blkdev.h:9,
from include/linux/bsg-lib.h:12,
from drivers/ufs/core/ufs_bsg.c:8:
>> drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]
41 | dev_err(hba->dev, "not enough space assigned\n");
| ~~~^~~~~
include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap'
110 | _p_func(dev, fmt, ##__VA_ARGS__); \
| ^~~
drivers/ufs/core/ufs_bsg.c:41:17: note: in expansion of macro 'dev_err'
41 | dev_err(hba->dev, "not enough space assigned\n");
| ^~~~~~~
'ufs_bsg_request': events 1-2
|
| 86 | static int ufs_bsg_request(struct bsg_job *job)
| | ^~~~~~~~~~~~~~~
| | |
| | (1) entry to 'ufs_bsg_request'
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'dev_to_shost' from 'ufs_bsg_request'
|
+--> 'dev_to_shost': events 3-5
|
|include/scsi/scsi_host.h:726:33:
| 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev)
| | ^~~~~~~~~~~~
| | |
| | (3) entry to 'dev_to_shost'
| 727 | {
| 728 | while (!scsi_is_host_device(dev)) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) following 'true' branch...
| 729 | if (!dev->parent)
| | ~~
| | |
| | (5) ...to here
|
<------+
|
'ufs_bsg_request': event 6
|
|drivers/ufs/core/ufs_bsg.c:90:31:
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to 'ufs_bsg_request' from 'dev_to_shost'
|
'ufs_bsg_request': event 7
|
| 41 | dev_err(hba->dev, "not enough space assigned\n");
| | ~~~^~~~~
| | |
| | (7) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)'
include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap'
| 110 | _p_func(dev, fmt, ##__VA_ARGS__); \
| | ^~~
drivers/ufs/core/ufs_bsg.c:41:17: note: in expansion of macro 'dev_err'
| 41 | dev_err(hba->dev, "not enough space assigned\n");
| | ^~~~~~~
|
drivers/ufs/core/ufs_bsg.c:126:36: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]
126 | dev_err(hba->dev,
| ~~~^~~~~
include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap'
110 | _p_func(dev, fmt, ##__VA_ARGS__); \
| ^~~
drivers/ufs/core/ufs_bsg.c:126:25: note: in expansion of macro 'dev_err'
126 | dev_err(hba->dev,
| ^~~~~~~
'ufs_bsg_request': events 1-2
|
| 86 | static int ufs_bsg_request(struct bsg_job *job)
| | ^~~~~~~~~~~~~~~
| | |
| | (1) entry to 'ufs_bsg_request'
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'dev_to_shost' from 'ufs_bsg_request'
|
+--> 'dev_to_shost': events 3-5
|
|include/scsi/scsi_host.h:726:33:
| 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev)
| | ^~~~~~~~~~~~
| | |
| | (3) entry to 'dev_to_shost'
| 727 | {
| 728 | while (!scsi_is_host_device(dev)) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) following 'true' branch...
| 729 | if (!dev->parent)
| | ~~
| | |
| | (5) ...to here
|
<------+
|
vim +/0 +41 drivers/ufs/core/ufs_bsg.c
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 32
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 33 static int ufs_bsg_verify_query_size(struct ufs_hba *hba,
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 34 unsigned int request_len,
4eaa329e331343 drivers/scsi/ufs/ufs_bsg.c Avri Altman 2019-02-20 35 unsigned int reply_len)
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 36 {
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 37 int min_req_len = sizeof(struct ufs_bsg_request);
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 38 int min_rsp_len = sizeof(struct ufs_bsg_reply);
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 39
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 40 if (min_req_len > request_len || min_rsp_len > reply_len) {
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 @41 dev_err(hba->dev, "not enough space assigned\n");
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 42 return -EINVAL;
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 43 }
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 44
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 45 return 0;
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 46 }
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 47
:::::: The code at line 41 was first introduced by commit
:::::: 95e34bf930eaee51dab23495342b148cd0ee2ba1 scsi: ufs-bsg: Add support for raw upiu in ufs_bsg_request()
:::::: TO: Avri Altman <avri.altman@wdc.com>
:::::: CC: Martin K. Petersen <martin.petersen@oracle.com>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
reply other threads:[~2022-06-19 17:36 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202206200127.gi8QQOSP-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.