From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, James Smart <jsmart2021@gmail.com>,
linux-scsi@vger.kernel.org
Cc: lkp@intel.com, kbuild-all@lists.01.org,
James Smart <jsmart2021@gmail.com>,
Justin Tee <justin.tee@broadcom.com>
Subject: Re: [PATCH 20/26] lpfc: Fix field overload in lpfc_iocbq data structure
Date: Fri, 22 Apr 2022 17:51:13 +0300 [thread overview]
Message-ID: <202204190252.8068PeSp-lkp@intel.com> (raw)
In-Reply-To: <20220412222008.126521-21-jsmart2021@gmail.com>
Hi James,
url: https://github.com/intel-lab-lkp/linux/commits/James-Smart/lpfc-Update-lpfc-to-revision-14-2-0-2/20220413-073746
base: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next
config: x86_64-randconfig-m001-20220418 (https://download.01.org/0day-ci/archive/20220419/202204190252.8068PeSp-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.2.0-19) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
drivers/scsi/lpfc/lpfc_sli.c:22305 lpfc_sli_prep_wqe() error: we previously assumed 'ndlp' could be null (see line 22298)
vim +/ndlp +22305 drivers/scsi/lpfc/lpfc_sli.c
561341425bcc70 James Smart 2022-02-24 22239 void
561341425bcc70 James Smart 2022-02-24 22240 lpfc_sli_prep_wqe(struct lpfc_hba *phba, struct lpfc_iocbq *job)
561341425bcc70 James Smart 2022-02-24 22241 {
561341425bcc70 James Smart 2022-02-24 22242 u8 cmnd;
561341425bcc70 James Smart 2022-02-24 22243 u32 *pcmd;
561341425bcc70 James Smart 2022-02-24 22244 u32 if_type = 0;
561341425bcc70 James Smart 2022-02-24 22245 u32 fip, abort_tag;
561341425bcc70 James Smart 2022-02-24 22246 struct lpfc_nodelist *ndlp = NULL;
561341425bcc70 James Smart 2022-02-24 22247 union lpfc_wqe128 *wqe = &job->wqe;
561341425bcc70 James Smart 2022-02-24 22248 u32 els_id = LPFC_ELS_ID_DEFAULT;
561341425bcc70 James Smart 2022-02-24 22249 u8 command_type = ELS_COMMAND_NON_FIP;
561341425bcc70 James Smart 2022-02-24 22250
561341425bcc70 James Smart 2022-02-24 22251 fip = phba->hba_flag & HBA_FIP_SUPPORT;
561341425bcc70 James Smart 2022-02-24 22252 /* The fcp commands will set command type */
561341425bcc70 James Smart 2022-02-24 22253 if (job->cmd_flag & LPFC_IO_FCP)
561341425bcc70 James Smart 2022-02-24 22254 command_type = FCP_COMMAND;
561341425bcc70 James Smart 2022-02-24 22255 else if (fip && (job->cmd_flag & LPFC_FIP_ELS_ID_MASK))
561341425bcc70 James Smart 2022-02-24 22256 command_type = ELS_COMMAND_FIP;
561341425bcc70 James Smart 2022-02-24 22257 else
561341425bcc70 James Smart 2022-02-24 22258 command_type = ELS_COMMAND_NON_FIP;
561341425bcc70 James Smart 2022-02-24 22259
561341425bcc70 James Smart 2022-02-24 22260 abort_tag = job->iotag;
561341425bcc70 James Smart 2022-02-24 22261 cmnd = bf_get(wqe_cmnd, &wqe->els_req.wqe_com);
561341425bcc70 James Smart 2022-02-24 22262
561341425bcc70 James Smart 2022-02-24 22263 switch (cmnd) {
561341425bcc70 James Smart 2022-02-24 22264 case CMD_ELS_REQUEST64_WQE:
536304e3919a95 James Smart 2022-04-12 22265 ndlp = job->ndlp;
561341425bcc70 James Smart 2022-02-24 22266
561341425bcc70 James Smart 2022-02-24 22267 /* CCP CCPE PV PRI in word10 were set in the memcpy */
561341425bcc70 James Smart 2022-02-24 22268 if (command_type == ELS_COMMAND_FIP)
561341425bcc70 James Smart 2022-02-24 22269 els_id = ((job->cmd_flag & LPFC_FIP_ELS_ID_MASK)
561341425bcc70 James Smart 2022-02-24 22270 >> LPFC_FIP_ELS_ID_SHIFT);
561341425bcc70 James Smart 2022-02-24 22271
561341425bcc70 James Smart 2022-02-24 22272 if_type = bf_get(lpfc_sli_intf_if_type,
561341425bcc70 James Smart 2022-02-24 22273 &phba->sli4_hba.sli_intf);
561341425bcc70 James Smart 2022-02-24 22274 if (if_type >= LPFC_SLI_INTF_IF_TYPE_2) {
536304e3919a95 James Smart 2022-04-12 22275 pcmd = (u32 *)job->cmd_dmabuf->virt;
561341425bcc70 James Smart 2022-02-24 22276 if (pcmd && (*pcmd == ELS_CMD_FLOGI ||
561341425bcc70 James Smart 2022-02-24 22277 *pcmd == ELS_CMD_SCR ||
561341425bcc70 James Smart 2022-02-24 22278 *pcmd == ELS_CMD_RDF ||
561341425bcc70 James Smart 2022-02-24 22279 *pcmd == ELS_CMD_EDC ||
561341425bcc70 James Smart 2022-02-24 22280 *pcmd == ELS_CMD_RSCN_XMT ||
561341425bcc70 James Smart 2022-02-24 22281 *pcmd == ELS_CMD_FDISC ||
561341425bcc70 James Smart 2022-02-24 22282 *pcmd == ELS_CMD_LOGO ||
561341425bcc70 James Smart 2022-02-24 22283 *pcmd == ELS_CMD_QFPA ||
561341425bcc70 James Smart 2022-02-24 22284 *pcmd == ELS_CMD_UVEM ||
561341425bcc70 James Smart 2022-02-24 22285 *pcmd == ELS_CMD_PLOGI)) {
561341425bcc70 James Smart 2022-02-24 22286 bf_set(els_req64_sp, &wqe->els_req, 1);
561341425bcc70 James Smart 2022-02-24 22287 bf_set(els_req64_sid, &wqe->els_req,
561341425bcc70 James Smart 2022-02-24 22288 job->vport->fc_myDID);
561341425bcc70 James Smart 2022-02-24 22289
561341425bcc70 James Smart 2022-02-24 22290 if ((*pcmd == ELS_CMD_FLOGI) &&
561341425bcc70 James Smart 2022-02-24 22291 !(phba->fc_topology ==
561341425bcc70 James Smart 2022-02-24 22292 LPFC_TOPOLOGY_LOOP))
561341425bcc70 James Smart 2022-02-24 22293 bf_set(els_req64_sid, &wqe->els_req, 0);
561341425bcc70 James Smart 2022-02-24 22294
561341425bcc70 James Smart 2022-02-24 22295 bf_set(wqe_ct, &wqe->els_req.wqe_com, 1);
561341425bcc70 James Smart 2022-02-24 22296 bf_set(wqe_ctxt_tag, &wqe->els_req.wqe_com,
561341425bcc70 James Smart 2022-02-24 22297 phba->vpi_ids[job->vport->vpi]);
536304e3919a95 James Smart 2022-04-12 @22298 } else if (pcmd && ndlp) {
^^^^
Check for NULL
561341425bcc70 James Smart 2022-02-24 22299 bf_set(wqe_ct, &wqe->els_req.wqe_com, 0);
561341425bcc70 James Smart 2022-02-24 22300 bf_set(wqe_ctxt_tag, &wqe->els_req.wqe_com,
561341425bcc70 James Smart 2022-02-24 22301 phba->sli4_hba.rpi_ids[ndlp->nlp_rpi]);
561341425bcc70 James Smart 2022-02-24 22302 }
561341425bcc70 James Smart 2022-02-24 22303 }
561341425bcc70 James Smart 2022-02-24 22304
561341425bcc70 James Smart 2022-02-24 @22305 bf_set(wqe_temp_rpi, &wqe->els_req.wqe_com,
The kbuild email generator chopped off the important line but it looks
like this:
phba->sli4_hba.rpi_ids[ndlp->nlp_rpi]);
^^^^^^
Unchecked dereference.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
next prev parent reply other threads:[~2022-04-22 14:51 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-12 22:19 [PATCH 00/26] lpfc: Update lpfc to revision 14.2.0.2 James Smart
2022-04-12 22:19 ` [PATCH 01/26] lpfc: Tweak message log categories for ELS/FDMI/NVME Rescan James Smart
2022-04-12 22:19 ` [PATCH 02/26] lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg James Smart
2022-04-12 22:19 ` [PATCH 03/26] lpfc: Fix diagnostic fw logging after a function reset James Smart
2022-04-12 22:19 ` [PATCH 04/26] lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field James Smart
2022-04-12 22:19 ` [PATCH 05/26] lpfc: Requeue SCSI I/O to upper layer when fw reports link down James Smart
2022-04-12 22:19 ` [PATCH 06/26] lpfc: Fix SCSI I/O completion and abort handler deadlock James Smart
2022-04-12 22:19 ` [PATCH 07/26] lpfc: Clear fabric topology flag before initiating a new FLOGI James Smart
2022-04-12 22:19 ` [PATCH 08/26] lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI James Smart
2022-04-12 22:19 ` [PATCH 09/26] lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT James Smart
2022-04-12 22:19 ` [PATCH 10/26] lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit James Smart
2022-04-12 22:19 ` [PATCH 11/26] lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted James Smart
2022-04-12 22:19 ` [PATCH 12/26] lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path James Smart
2022-04-12 22:19 ` [PATCH 13/26] lpfc: Move MI module parameter check to handle dynamic disable James Smart
2022-04-12 22:19 ` [PATCH 14/26] lpfc: Correct CRC32 calculation for congestion stats James Smart
2022-04-12 22:19 ` [PATCH 15/26] lpfc: Fix call trace observed during I/O with CMF enabled James Smart
2022-04-12 22:19 ` [PATCH 16/26] lpfc: Revise FDMI reporting of supported port speed for trunk groups James Smart
2022-04-12 22:19 ` [PATCH 17/26] lpfc: Remove false FDMI NVME FC-4 support for NPIV ports James Smart
2022-04-12 22:20 ` [PATCH 18/26] lpfc: Register for Application Services FC-4 type in Fabric topology James Smart
2022-04-12 22:20 ` [PATCH 19/26] lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion James Smart
2022-04-12 22:20 ` [PATCH 20/26] lpfc: Fix field overload in lpfc_iocbq data structure James Smart
2022-04-13 16:25 ` kernel test robot
2022-04-22 14:51 ` Dan Carpenter [this message]
2022-04-12 22:20 ` [PATCH 21/26] lpfc: Refactor cleanup of mailbox commands James Smart
2022-04-12 22:20 ` [PATCH 22/26] lpfc: Change FA-PWWN detection methodology James Smart
2022-04-12 22:20 ` [PATCH 23/26] lpfc: Update stat accounting for READ_STATUS mbox command James Smart
2022-04-12 22:20 ` [PATCH 24/26] lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE James Smart
2022-04-12 22:20 ` [PATCH 25/26] lpfc: Update lpfc version to 14.2.0.2 James Smart
2022-04-12 22:20 ` [PATCH 26/26] lpfc: Copyright updates for 14.2.0.2 patches James Smart
2022-04-19 2:50 ` [PATCH 00/26] lpfc: Update lpfc to revision 14.2.0.2 Martin K. Petersen
2022-04-26 4:00 ` Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202204190252.8068PeSp-lkp@intel.com \
--to=dan.carpenter@oracle.com \
--cc=jsmart2021@gmail.com \
--cc=justin.tee@broadcom.com \
--cc=kbuild-all@lists.01.org \
--cc=kbuild@lists.01.org \
--cc=linux-scsi@vger.kernel.org \
--cc=lkp@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).