From: Dan Carpenter <dan.carpenter@linaro.org>
To: oe-kbuild@lists.linux.dev,
Stanislav Kinsburskii <skinsburskii@linux.microsoft.com>,
kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org,
decui@microsoft.com, longli@microsoft.com
Cc: lkp@intel.com, oe-kbuild-all@lists.linux.dev,
linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] mshv: Introduce tracing support
Date: Fri, 27 Feb 2026 11:11:01 +0300 [thread overview]
Message-ID: <202602271528.jLhA59mn-lkp@intel.com> (raw)
In-Reply-To: <177213348504.92223.5330421592610811972.stgit@skinsburskii-cloud-desktop.internal.cloudapp.net>
Hi Stanislav,
kernel test robot noticed the following build warnings:
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Stanislav-Kinsburskii/mshv-Introduce-tracing-support/20260227-031942
base: linus/master
patch link: https://lore.kernel.org/r/177213348504.92223.5330421592610811972.stgit%40skinsburskii-cloud-desktop.internal.cloudapp.net
patch subject: [PATCH] mshv: Introduce tracing support
config: x86_64-randconfig-161-20260227 (https://download.01.org/0day-ci/archive/20260227/202602271528.jLhA59mn-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
smatch version: v0.5.0-8994-gd50c5a4c
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
| Closes: https://lore.kernel.org/r/202602271528.jLhA59mn-lkp@intel.com/
New smatch warnings:
drivers/hv/mshv_root_main.c:1177 mshv_partition_ioctl_create_vp() error: we previously assumed 'vp' could be null (see line 1110)
drivers/hv/mshv_root_main.c:1177 mshv_partition_ioctl_create_vp() error: dereferencing freed memory 'vp' (line 1157)
vim +/vp +1177 drivers/hv/mshv_root_main.c
621191d709b148 Nuno Das Neves 2025-03-14 1057 static long
621191d709b148 Nuno Das Neves 2025-03-14 1058 mshv_partition_ioctl_create_vp(struct mshv_partition *partition,
621191d709b148 Nuno Das Neves 2025-03-14 1059 void __user *arg)
621191d709b148 Nuno Das Neves 2025-03-14 1060 {
621191d709b148 Nuno Das Neves 2025-03-14 1061 struct mshv_create_vp args;
621191d709b148 Nuno Das Neves 2025-03-14 1062 struct mshv_vp *vp;
19c515c27cee3b Jinank Jain 2025-10-10 1063 struct page *intercept_msg_page, *register_page, *ghcb_page;
2de4516aa8f726 Stanislav Kinsburskii 2026-01-28 1064 struct hv_stats_page *stats_pages[2];
621191d709b148 Nuno Das Neves 2025-03-14 1065 long ret;
621191d709b148 Nuno Das Neves 2025-03-14 1066
621191d709b148 Nuno Das Neves 2025-03-14 1067 if (copy_from_user(&args, arg, sizeof(args)))
621191d709b148 Nuno Das Neves 2025-03-14 1068 return -EFAULT;
621191d709b148 Nuno Das Neves 2025-03-14 1069
621191d709b148 Nuno Das Neves 2025-03-14 1070 if (args.vp_index >= MSHV_MAX_VPS)
621191d709b148 Nuno Das Neves 2025-03-14 1071 return -EINVAL;
621191d709b148 Nuno Das Neves 2025-03-14 1072
621191d709b148 Nuno Das Neves 2025-03-14 1073 if (partition->pt_vp_array[args.vp_index])
621191d709b148 Nuno Das Neves 2025-03-14 1074 return -EEXIST;
621191d709b148 Nuno Das Neves 2025-03-14 1075
621191d709b148 Nuno Das Neves 2025-03-14 1076 ret = hv_call_create_vp(NUMA_NO_NODE, partition->pt_id, args.vp_index,
621191d709b148 Nuno Das Neves 2025-03-14 1077 0 /* Only valid for root partition VPs */);
621191d709b148 Nuno Das Neves 2025-03-14 1078 if (ret)
621191d709b148 Nuno Das Neves 2025-03-14 1079 return ret;
621191d709b148 Nuno Das Neves 2025-03-14 1080
19c515c27cee3b Jinank Jain 2025-10-10 1081 ret = hv_map_vp_state_page(partition->pt_id, args.vp_index,
621191d709b148 Nuno Das Neves 2025-03-14 1082 HV_VP_STATE_PAGE_INTERCEPT_MESSAGE,
19c515c27cee3b Jinank Jain 2025-10-10 1083 input_vtl_zero, &intercept_msg_page);
621191d709b148 Nuno Das Neves 2025-03-14 1084 if (ret)
621191d709b148 Nuno Das Neves 2025-03-14 1085 goto destroy_vp;
621191d709b148 Nuno Das Neves 2025-03-14 1086
621191d709b148 Nuno Das Neves 2025-03-14 1087 if (!mshv_partition_encrypted(partition)) {
19c515c27cee3b Jinank Jain 2025-10-10 1088 ret = hv_map_vp_state_page(partition->pt_id, args.vp_index,
621191d709b148 Nuno Das Neves 2025-03-14 1089 HV_VP_STATE_PAGE_REGISTERS,
19c515c27cee3b Jinank Jain 2025-10-10 1090 input_vtl_zero, ®ister_page);
621191d709b148 Nuno Das Neves 2025-03-14 1091 if (ret)
621191d709b148 Nuno Das Neves 2025-03-14 1092 goto unmap_intercept_message_page;
621191d709b148 Nuno Das Neves 2025-03-14 1093 }
621191d709b148 Nuno Das Neves 2025-03-14 1094
621191d709b148 Nuno Das Neves 2025-03-14 1095 if (mshv_partition_encrypted(partition) &&
621191d709b148 Nuno Das Neves 2025-03-14 1096 is_ghcb_mapping_available()) {
19c515c27cee3b Jinank Jain 2025-10-10 1097 ret = hv_map_vp_state_page(partition->pt_id, args.vp_index,
621191d709b148 Nuno Das Neves 2025-03-14 1098 HV_VP_STATE_PAGE_GHCB,
19c515c27cee3b Jinank Jain 2025-10-10 1099 input_vtl_normal, &ghcb_page);
621191d709b148 Nuno Das Neves 2025-03-14 1100 if (ret)
621191d709b148 Nuno Das Neves 2025-03-14 1101 goto unmap_register_page;
621191d709b148 Nuno Das Neves 2025-03-14 1102 }
621191d709b148 Nuno Das Neves 2025-03-14 1103
621191d709b148 Nuno Das Neves 2025-03-14 1104 ret = mshv_vp_stats_map(partition->pt_id, args.vp_index,
621191d709b148 Nuno Das Neves 2025-03-14 1105 stats_pages);
621191d709b148 Nuno Das Neves 2025-03-14 1106 if (ret)
621191d709b148 Nuno Das Neves 2025-03-14 1107 goto unmap_ghcb_page;
621191d709b148 Nuno Das Neves 2025-03-14 1108
bf4afc53b77aea Linus Torvalds 2026-02-21 1109 vp = kzalloc_obj(*vp);
621191d709b148 Nuno Das Neves 2025-03-14 @1110 if (!vp)
621191d709b148 Nuno Das Neves 2025-03-14 1111 goto unmap_stats_pages;
vp is NULL
621191d709b148 Nuno Das Neves 2025-03-14 1112
621191d709b148 Nuno Das Neves 2025-03-14 1113 vp->vp_partition = mshv_partition_get(partition);
621191d709b148 Nuno Das Neves 2025-03-14 1114 if (!vp->vp_partition) {
621191d709b148 Nuno Das Neves 2025-03-14 1115 ret = -EBADF;
621191d709b148 Nuno Das Neves 2025-03-14 1116 goto free_vp;
621191d709b148 Nuno Das Neves 2025-03-14 1117 }
621191d709b148 Nuno Das Neves 2025-03-14 1118
621191d709b148 Nuno Das Neves 2025-03-14 1119 mutex_init(&vp->vp_mutex);
621191d709b148 Nuno Das Neves 2025-03-14 1120 init_waitqueue_head(&vp->run.vp_suspend_queue);
621191d709b148 Nuno Das Neves 2025-03-14 1121 atomic64_set(&vp->run.vp_signaled_count, 0);
621191d709b148 Nuno Das Neves 2025-03-14 1122
621191d709b148 Nuno Das Neves 2025-03-14 1123 vp->vp_index = args.vp_index;
19c515c27cee3b Jinank Jain 2025-10-10 1124 vp->vp_intercept_msg_page = page_to_virt(intercept_msg_page);
621191d709b148 Nuno Das Neves 2025-03-14 1125 if (!mshv_partition_encrypted(partition))
621191d709b148 Nuno Das Neves 2025-03-14 1126 vp->vp_register_page = page_to_virt(register_page);
621191d709b148 Nuno Das Neves 2025-03-14 1127
621191d709b148 Nuno Das Neves 2025-03-14 1128 if (mshv_partition_encrypted(partition) && is_ghcb_mapping_available())
621191d709b148 Nuno Das Neves 2025-03-14 1129 vp->vp_ghcb_page = page_to_virt(ghcb_page);
621191d709b148 Nuno Das Neves 2025-03-14 1130
621191d709b148 Nuno Das Neves 2025-03-14 1131 memcpy(vp->vp_stats_pages, stats_pages, sizeof(stats_pages));
621191d709b148 Nuno Das Neves 2025-03-14 1132
ff225ba9ad71c4 Nuno Das Neves 2026-01-28 1133 ret = mshv_debugfs_vp_create(vp);
ff225ba9ad71c4 Nuno Das Neves 2026-01-28 1134 if (ret)
ff225ba9ad71c4 Nuno Das Neves 2026-01-28 1135 goto put_partition;
ff225ba9ad71c4 Nuno Das Neves 2026-01-28 1136
621191d709b148 Nuno Das Neves 2025-03-14 1137 /*
621191d709b148 Nuno Das Neves 2025-03-14 1138 * Keep anon_inode_getfd last: it installs fd in the file struct and
621191d709b148 Nuno Das Neves 2025-03-14 1139 * thus makes the state accessible in user space.
621191d709b148 Nuno Das Neves 2025-03-14 1140 */
621191d709b148 Nuno Das Neves 2025-03-14 1141 ret = anon_inode_getfd("mshv_vp", &mshv_vp_fops, vp,
621191d709b148 Nuno Das Neves 2025-03-14 1142 O_RDWR | O_CLOEXEC);
621191d709b148 Nuno Das Neves 2025-03-14 1143 if (ret < 0)
ff225ba9ad71c4 Nuno Das Neves 2026-01-28 1144 goto remove_debugfs_vp;
621191d709b148 Nuno Das Neves 2025-03-14 1145
621191d709b148 Nuno Das Neves 2025-03-14 1146 /* already exclusive with the partition mutex for all ioctls */
621191d709b148 Nuno Das Neves 2025-03-14 1147 partition->pt_vp_count++;
621191d709b148 Nuno Das Neves 2025-03-14 1148 partition->pt_vp_array[args.vp_index] = vp;
621191d709b148 Nuno Das Neves 2025-03-14 1149
33c08ba966cf23 Stanislav Kinsburskii 2026-02-26 1150 goto out;
621191d709b148 Nuno Das Neves 2025-03-14 1151
ff225ba9ad71c4 Nuno Das Neves 2026-01-28 1152 remove_debugfs_vp:
ff225ba9ad71c4 Nuno Das Neves 2026-01-28 1153 mshv_debugfs_vp_remove(vp);
621191d709b148 Nuno Das Neves 2025-03-14 1154 put_partition:
621191d709b148 Nuno Das Neves 2025-03-14 1155 mshv_partition_put(partition);
621191d709b148 Nuno Das Neves 2025-03-14 1156 free_vp:
621191d709b148 Nuno Das Neves 2025-03-14 @1157 kfree(vp);
^^
freed.
621191d709b148 Nuno Das Neves 2025-03-14 1158 unmap_stats_pages:
d62313bdf5961b Jinank Jain 2025-10-10 1159 mshv_vp_stats_unmap(partition->pt_id, args.vp_index, stats_pages);
621191d709b148 Nuno Das Neves 2025-03-14 1160 unmap_ghcb_page:
19c515c27cee3b Jinank Jain 2025-10-10 1161 if (mshv_partition_encrypted(partition) && is_ghcb_mapping_available())
19c515c27cee3b Jinank Jain 2025-10-10 1162 hv_unmap_vp_state_page(partition->pt_id, args.vp_index,
19c515c27cee3b Jinank Jain 2025-10-10 1163 HV_VP_STATE_PAGE_GHCB, ghcb_page,
621191d709b148 Nuno Das Neves 2025-03-14 1164 input_vtl_normal);
621191d709b148 Nuno Das Neves 2025-03-14 1165 unmap_register_page:
19c515c27cee3b Jinank Jain 2025-10-10 1166 if (!mshv_partition_encrypted(partition))
19c515c27cee3b Jinank Jain 2025-10-10 1167 hv_unmap_vp_state_page(partition->pt_id, args.vp_index,
621191d709b148 Nuno Das Neves 2025-03-14 1168 HV_VP_STATE_PAGE_REGISTERS,
19c515c27cee3b Jinank Jain 2025-10-10 1169 register_page, input_vtl_zero);
621191d709b148 Nuno Das Neves 2025-03-14 1170 unmap_intercept_message_page:
19c515c27cee3b Jinank Jain 2025-10-10 1171 hv_unmap_vp_state_page(partition->pt_id, args.vp_index,
621191d709b148 Nuno Das Neves 2025-03-14 1172 HV_VP_STATE_PAGE_INTERCEPT_MESSAGE,
19c515c27cee3b Jinank Jain 2025-10-10 1173 intercept_msg_page, input_vtl_zero);
621191d709b148 Nuno Das Neves 2025-03-14 1174 destroy_vp:
621191d709b148 Nuno Das Neves 2025-03-14 1175 hv_call_delete_vp(partition->pt_id, args.vp_index);
33c08ba966cf23 Stanislav Kinsburskii 2026-02-26 1176 out:
33c08ba966cf23 Stanislav Kinsburskii 2026-02-26 @1177 trace_mshv_create_vp(partition->pt_id, vp->vp_index, ret);
^^^^^^^^^^^^
vp dereferenced.
621191d709b148 Nuno Das Neves 2025-03-14 1178 return ret;
621191d709b148 Nuno Das Neves 2025-03-14 1179 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
prev parent reply other threads:[~2026-02-27 8:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-26 19:18 [PATCH] mshv: Introduce tracing support Stanislav Kinsburskii
2026-02-27 3:45 ` kernel test robot
2026-02-27 8:11 ` Dan Carpenter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202602271528.jLhA59mn-lkp@intel.com \
--to=dan.carpenter@linaro.org \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=kys@microsoft.com \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=longli@microsoft.com \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=oe-kbuild@lists.linux.dev \
--cc=skinsburskii@linux.microsoft.com \
--cc=wei.liu@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox