From: Jon Mason <jon.mason@exar.com>
To: David Miller <davem@davemloft.net>
Cc: "error27@gmail.com" <error27@gmail.com>,
Ramkrishna Vepa <Ramkrishna.Vepa@exar.com>,
Sivakumar Subramani <Sivakumar.Subramani@exar.com>,
Sreenivasa Honnur <Sreenivasa.Honnur@exar.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"kernel-janitors@vger.kernel.org"
<kernel-janitors@vger.kernel.org>
Subject: Re: [patch] vxge: potential NULL dereference
Date: Fri, 10 Sep 2010 21:32:15 +0000 [thread overview]
Message-ID: <20100910213214.GH22321@exar.com> (raw)
In-Reply-To: <20100910.133255.137830993.davem@davemloft.net>
On Fri, Sep 10, 2010 at 01:32:55PM -0700, David Miller wrote:
> From: Dan Carpenter <error27@gmail.com>
> Date: Fri, 10 Sep 2010 13:54:23 +0200
>
> > At the start of the function we test whether the "vpath" is NULL but we
> > need another test here as well.
> >
> > Signed-off-by: Dan Carpenter <error27@gmail.com>
> > ---
> > This is a static checker bug, I'm not sure if we ever pass a NULL
> > pointer for "vpath".
>
> I cannot see any case where this can happen. There are two
> cases:
>
> 1) __vxge_hw_vpath_alarm_process() is invoked via vxge_hw_device_begin_irq(),
> which looks like:
>
> ret = __vxge_hw_vpath_alarm_process(
> &hldev->virtual_paths[i], skip_alarms);
>
> that vpath pointer first argument will never be NULL.
It is possible to the vpath to be NULL in this array if it is not
populated in __vxge_hw_vp_initialize due to the vpath being masked off
my the adapter. vxge_hw_device_begin_irq calls
__vxge_hw_vpath_alarm_process on all possible vpaths regardless of
their allocation. This is the case we need to worry about.
It is not an issue because in the first instance of the vpath being
NULL, its sets the alarm_event to be VXGE_HW_EVENT_UNKNOWN. The first
check in the out2 error path checks for VXGE_HW_EVENT_UNKNOWN and
returns. So its not possible to hit this...though it is ugly code. I
welcome a reworking of the code to something mroe elegant. :)
Thanks,
Jon
>
> 2) __vxge_hw_vpath_alarm_process() is invoked via vxge_hw_vpath_alarm_process()
> which uses:
>
> status = __vxge_hw_vpath_alarm_process(vp->vpath, skip_alarms);
>
> All vpath valid active vpath handles always have a non-NULL vp->vpath
> virtual path back pointer, as setup by vxge_hw_vpath_open():
>
> ...
> vp->vpath = vpath;
> ...
> *vpath_handle = vp;
>
> attr->fifo_attr.userdata = vpath->fifoh;
> attr->ring_attr.userdata = vpath->ringh;
>
> return VXGE_HW_OK;
>
> So we can simply remove the first NULL check as this can never actually
> be NULL.
next prev parent reply other threads:[~2010-09-10 21:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-10 11:54 [patch] vxge: potential NULL dereference Dan Carpenter
2010-09-10 20:32 ` David Miller
2010-09-10 21:12 ` Dan Carpenter
2010-09-10 21:32 ` Jon Mason [this message]
2010-09-10 21:40 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100910213214.GH22321@exar.com \
--to=jon.mason@exar.com \
--cc=Ramkrishna.Vepa@exar.com \
--cc=Sivakumar.Subramani@exar.com \
--cc=Sreenivasa.Honnur@exar.com \
--cc=davem@davemloft.net \
--cc=error27@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox