* drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476]
@ 2022-06-19 17:36 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-06-19 17:36 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 14189 bytes --]
::::::
:::::: Manual check reason: "low confidence bisect report"
:::::: Manual check reason: "low confidence static check warning: drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]"
::::::
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Bart Van Assche <bvanassche@acm.org>
CC: "Martin K. Petersen" <martin.petersen@oracle.com>
CC: Bean Huo <beanhuo@micron.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 4b35035bcf80ddb47c0112c4fbd84a63a2836a18
commit: dd11376b9f1b73aca3f8c6eb541486bbb6996f05 scsi: ufs: Split the drivers/scsi/ufs directory
date: 4 weeks ago
:::::: branch date: 2 days ago
:::::: commit date: 4 weeks ago
config: arm-randconfig-c002-20220619 (https://download.01.org/0day-ci/archive/20220620/202206200127.gi8QQOSP-lkp(a)intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dd11376b9f1b73aca3f8c6eb541486bbb6996f05
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout dd11376b9f1b73aca3f8c6eb541486bbb6996f05
# save the config file
ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error'
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
gcc-analyzer warnings: (new ones prefixed by >>)
|drivers/ufs/core/ufs_bsg.c:90:31:
| 40 | if (min_req_len > request_len || min_rsp_len > reply_len) {
| | ~
| | |
| | (7) following 'false' branch...
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to 'ufs_bsg_request' from 'dev_to_shost'
|......
| 101 | if (ret)
| | ~~
| | |
| | (8) ...to here
|
'ufs_bsg_request': event 9
|
|drivers/ufs/core/ufshcd-priv.h:256:40:
| 256 | return pm_runtime_get_sync(&hba->ufs_device_wlun->sdev_gendev);
| | ~~~^~~~~~~~~~~~~~~~~
| | |
| | (9) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)'
|
drivers/ufs/core/ufshcd-priv.h:261:40: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]
261 | return pm_runtime_put_sync(&hba->ufs_device_wlun->sdev_gendev);
| ~~~^~~~~~~~~~~~~~~~~
'ufs_bsg_request': events 1-2
|
|drivers/ufs/core/ufs_bsg.c:86:12:
| 86 | static int ufs_bsg_request(struct bsg_job *job)
| | ^~~~~~~~~~~~~~~
| | |
| | (1) entry to 'ufs_bsg_request'
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'dev_to_shost' from 'ufs_bsg_request'
|
+--> 'dev_to_shost': events 3-5
|
|include/scsi/scsi_host.h:726:33:
| 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev)
| | ^~~~~~~~~~~~
| | |
| | (3) entry to 'dev_to_shost'
| 727 | {
| 728 | while (!scsi_is_host_device(dev)) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) following 'true' branch...
| 729 | if (!dev->parent)
| | ~~
| | |
| | (5) ...to here
|
<------+
|
'ufs_bsg_request': events 6-10
|
|drivers/ufs/core/ufs_bsg.c:90:31:
| 40 | if (min_req_len > request_len || min_rsp_len > reply_len) {
| | ~
| | |
| | (7) following 'false' branch...
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to 'ufs_bsg_request' from 'dev_to_shost'
|......
| 101 | if (ret)
| | ~~
| | |
| | (8) ...to here
|......
| 125 | if (ret)
| | ~
| | |
| | (9) following 'false' branch (when 'ret == 0')...
|......
| 147 | ufshcd_rpm_put_sync(hba);
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (10) ...to here
|
'ufs_bsg_request': event 11
|
|drivers/ufs/core/ufshcd-priv.h:261:40:
| 261 | return pm_runtime_put_sync(&hba->ufs_device_wlun->sdev_gendev);
| | ~~~^~~~~~~~~~~~~~~~~
| | |
| | (11) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)'
|
In file included from include/linux/device.h:15,
from include/linux/blk_types.h:11,
from include/linux/blkdev.h:9,
from include/linux/bsg-lib.h:12,
from drivers/ufs/core/ufs_bsg.c:8:
>> drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]
41 | dev_err(hba->dev, "not enough space assigned\n");
| ~~~^~~~~
include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap'
110 | _p_func(dev, fmt, ##__VA_ARGS__); \
| ^~~
drivers/ufs/core/ufs_bsg.c:41:17: note: in expansion of macro 'dev_err'
41 | dev_err(hba->dev, "not enough space assigned\n");
| ^~~~~~~
'ufs_bsg_request': events 1-2
|
| 86 | static int ufs_bsg_request(struct bsg_job *job)
| | ^~~~~~~~~~~~~~~
| | |
| | (1) entry to 'ufs_bsg_request'
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'dev_to_shost' from 'ufs_bsg_request'
|
+--> 'dev_to_shost': events 3-5
|
|include/scsi/scsi_host.h:726:33:
| 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev)
| | ^~~~~~~~~~~~
| | |
| | (3) entry to 'dev_to_shost'
| 727 | {
| 728 | while (!scsi_is_host_device(dev)) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) following 'true' branch...
| 729 | if (!dev->parent)
| | ~~
| | |
| | (5) ...to here
|
<------+
|
'ufs_bsg_request': event 6
|
|drivers/ufs/core/ufs_bsg.c:90:31:
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to 'ufs_bsg_request' from 'dev_to_shost'
|
'ufs_bsg_request': event 7
|
| 41 | dev_err(hba->dev, "not enough space assigned\n");
| | ~~~^~~~~
| | |
| | (7) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)'
include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap'
| 110 | _p_func(dev, fmt, ##__VA_ARGS__); \
| | ^~~
drivers/ufs/core/ufs_bsg.c:41:17: note: in expansion of macro 'dev_err'
| 41 | dev_err(hba->dev, "not enough space assigned\n");
| | ^~~~~~~
|
drivers/ufs/core/ufs_bsg.c:126:36: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]
126 | dev_err(hba->dev,
| ~~~^~~~~
include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap'
110 | _p_func(dev, fmt, ##__VA_ARGS__); \
| ^~~
drivers/ufs/core/ufs_bsg.c:126:25: note: in expansion of macro 'dev_err'
126 | dev_err(hba->dev,
| ^~~~~~~
'ufs_bsg_request': events 1-2
|
| 86 | static int ufs_bsg_request(struct bsg_job *job)
| | ^~~~~~~~~~~~~~~
| | |
| | (1) entry to 'ufs_bsg_request'
|......
| 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling 'dev_to_shost' from 'ufs_bsg_request'
|
+--> 'dev_to_shost': events 3-5
|
|include/scsi/scsi_host.h:726:33:
| 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev)
| | ^~~~~~~~~~~~
| | |
| | (3) entry to 'dev_to_shost'
| 727 | {
| 728 | while (!scsi_is_host_device(dev)) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) following 'true' branch...
| 729 | if (!dev->parent)
| | ~~
| | |
| | (5) ...to here
|
<------+
|
vim +/0 +41 drivers/ufs/core/ufs_bsg.c
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 32
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 33 static int ufs_bsg_verify_query_size(struct ufs_hba *hba,
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 34 unsigned int request_len,
4eaa329e331343 drivers/scsi/ufs/ufs_bsg.c Avri Altman 2019-02-20 35 unsigned int reply_len)
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 36 {
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 37 int min_req_len = sizeof(struct ufs_bsg_request);
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 38 int min_rsp_len = sizeof(struct ufs_bsg_reply);
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 39
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 40 if (min_req_len > request_len || min_rsp_len > reply_len) {
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 @41 dev_err(hba->dev, "not enough space assigned\n");
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 42 return -EINVAL;
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 43 }
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 44
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 45 return 0;
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 46 }
95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 47
:::::: The code at line 41 was first introduced by commit
:::::: 95e34bf930eaee51dab23495342b148cd0ee2ba1 scsi: ufs-bsg: Add support for raw upiu in ufs_bsg_request()
:::::: TO: Avri Altman <avri.altman@wdc.com>
:::::: CC: Martin K. Petersen <martin.petersen@oracle.com>
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-06-19 17:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-06-19 17:36 drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476] kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.