public inbox for linux-rdma@vger.kernel.org
 help / color / mirror / Atom feed
* [bug report] IB/hfi1: Prevent NULL pointer deferences in caching code
@ 2016-10-12  6:06 Dan Carpenter
  2016-10-12 13:43 ` Dalessandro, Dennis
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2016-10-12  6:06 UTC (permalink / raw)
  To: mitko.haralanov-ral2JQCrhuEAvxtiuMwx3w; +Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA

Hello Mitko Haralanov,

The patch f19bd643dbde: "IB/hfi1: Prevent NULL pointer deferences in
caching code" from Apr 12, 2016, leads to the following static
checker warning:

	drivers/infiniband/hw/hfi1/user_sdma.c:1147 pin_vector_pages()
	warn: 'rb_node' isn't an ERR_PTR

drivers/infiniband/hw/hfi1/user_sdma.c
  1135  static int pin_vector_pages(struct user_sdma_request *req,
  1136                              struct user_sdma_iovec *iovec)
  1137  {
  1138          int ret = 0, pinned, npages, cleared;
  1139          struct page **pages;
  1140          struct hfi1_user_sdma_pkt_q *pq = req->pq;
  1141          struct sdma_mmu_node *node = NULL;
  1142          struct mmu_rb_node *rb_node;
  1143  
  1144          rb_node = hfi1_mmu_rb_extract(pq->handler,
  1145                                        (unsigned long)iovec->iov.iov_base,
  1146                                        iovec->iov.iov_len);
  1147          if (rb_node && !IS_ERR(rb_node))
                                ^^^^^^^^^^^^^^^

hfi1_mmu_rb_extract() never returns error pointers.  Plz delete.

  1148                  node = container_of(rb_node, struct sdma_mmu_node, rb);
  1149          else
  1150                  rb_node = NULL;
  1151  
  1152          if (!node) {
  1153                  node = kzalloc(sizeof(*node), GFP_KERNEL);
  1154                  if (!node)
  1155                          return -ENOMEM;
  1156  
  1157                  node->rb.addr = (unsigned long)iovec->iov.iov_base;
  1158                  node->pq = pq;
  1159                  atomic_set(&node->refcount, 0);
  1160          }

regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [bug report] IB/hfi1: Prevent NULL pointer deferences in caching code
  2016-10-12  6:06 [bug report] IB/hfi1: Prevent NULL pointer deferences in caching code Dan Carpenter
@ 2016-10-12 13:43 ` Dalessandro, Dennis
  0 siblings, 0 replies; 2+ messages in thread
From: Dalessandro, Dennis @ 2016-10-12 13:43 UTC (permalink / raw)
  To: Haralanov, Mitko,
	dan.carpenter-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org
  Cc: linux-rdma-u79uwXL29TY76Z2rM5mHXA@public.gmane.org

Thanks Dan, we'll take care of it.

-Denny

On Wed, 2016-10-12 at 09:06 +0300, Dan Carpenter wrote:
> Hello Mitko Haralanov,
> 
> The patch f19bd643dbde: "IB/hfi1: Prevent NULL pointer deferences in
> caching code" from Apr 12, 2016, leads to the following static
> checker warning:
> 
> 	drivers/infiniband/hw/hfi1/user_sdma.c:1147 pin_vector_pages()
> 	warn: 'rb_node' isn't an ERR_PTR
> 
> drivers/infiniband/hw/hfi1/user_sdma.c
>   1135  static int pin_vector_pages(struct user_sdma_request *req,
>   1136                              struct user_sdma_iovec *iovec)
>   1137  {
>   1138          int ret = 0, pinned, npages, cleared;
>   1139          struct page **pages;
>   1140          struct hfi1_user_sdma_pkt_q *pq = req->pq;
>   1141          struct sdma_mmu_node *node = NULL;
>   1142          struct mmu_rb_node *rb_node;
>   1143  
>   1144          rb_node = hfi1_mmu_rb_extract(pq->handler,
>   1145                                        (unsigned long)iovec-
> >iov.iov_base,
>   1146                                        iovec->iov.iov_len);
>   1147          if (rb_node && !IS_ERR(rb_node))
>                                 ^^^^^^^^^^^^^^^
> 
> hfi1_mmu_rb_extract() never returns error pointers.  Plz delete.
> 
>   1148                  node = container_of(rb_node, struct
> sdma_mmu_node, rb);
>   1149          else
>   1150                  rb_node = NULL;
>   1151  
>   1152          if (!node) {
>   1153                  node = kzalloc(sizeof(*node), GFP_KERNEL);
>   1154                  if (!node)
>   1155                          return -ENOMEM;
>   1156  
>   1157                  node->rb.addr = (unsigned long)iovec-
> >iov.iov_base;
>   1158                  node->pq = pq;
>   1159                  atomic_set(&node->refcount, 0);
>   1160          }
> 
> regards,
> dan carpenter
> --
> To unsubscribe from this list: send the line "unsubscribe linux-rdma" 
> in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-10-12 13:43 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-12  6:06 [bug report] IB/hfi1: Prevent NULL pointer deferences in caching code Dan Carpenter
2016-10-12 13:43 ` Dalessandro, Dennis

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox