drivers/infiniband/hw/cxgb3/iwch_provider.c: uninitialized variable used

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* drivers/infiniband/hw/cxgb3/iwch_provider.c: uninitialized variable used
@ 2007-03-19  9:26 Adrian Bunk
  2007-03-19 14:05 ` Steve Wise
  0 siblings, 1 reply; 2+ messages in thread
From: Adrian Bunk @ 2007-03-19  9:26 UTC (permalink / raw)
  To: Steve Wise, Roland Dreier; +Cc: mshefty, halr, openib-general, linux-kernel

The Coverity checker spotted that "npages" will be used uninitialized in 
the following code if !(mr_rereg_mask & IB_MR_REREG_TRANS):

<--  snip  -->

...
static int iwch_reregister_phys_mem(struct ib_mr *mr,
                                     int mr_rereg_mask,
                                     struct ib_pd *pd,
                                     struct ib_phys_buf *buffer_list,
                                     int num_phys_buf,
                                     int acc, u64 * iova_start)
{

        struct iwch_mr mh, *mhp;
        struct iwch_pd *php;
        struct iwch_dev *rhp;
        __be64 *page_list = NULL;
        int shift = 0;
        u64 total_size;
        int npages;
        int ret;

        PDBG("%s ib_mr %p ib_pd %p\n", __FUNCTION__, mr, pd);

        /* There can be no memory windows */
        if (atomic_read(&mr->usecnt))
                return -EINVAL;

        mhp = to_iwch_mr(mr);
        rhp = mhp->rhp;
        php = to_iwch_pd(mr->pd);

        /* make sure we are on the same adapter */
        if (rhp != php->rhp)
                return -EINVAL;

        memcpy(&mh, mhp, sizeof *mhp);

        if (mr_rereg_mask & IB_MR_REREG_PD)
                php = to_iwch_pd(pd);
        if (mr_rereg_mask & IB_MR_REREG_ACCESS)
                mh.attr.perms = iwch_ib_to_tpt_access(acc);
        if (mr_rereg_mask & IB_MR_REREG_TRANS)
                ret = build_phys_page_list(buffer_list, num_phys_buf,
                                           iova_start,
                                           &total_size, &npages,
                                           &shift, &page_list);

        ret = iwch_reregister_mem(rhp, php, &mh, shift, page_list, npages);
...

<--  snip  -->

Looking at the code, it also seems some orignally planned error handling 
code for the build_phys_page_list() call was forgotten ("ret" is never 
checked before it's overwritten again).

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: drivers/infiniband/hw/cxgb3/iwch_provider.c: uninitialized variable used
  2007-03-19  9:26 drivers/infiniband/hw/cxgb3/iwch_provider.c: uninitialized variable used Adrian Bunk
@ 2007-03-19 14:05 ` Steve Wise
  0 siblings, 0 replies; 2+ messages in thread
From: Steve Wise @ 2007-03-19 14:05 UTC (permalink / raw)
  To: Adrian Bunk; +Cc: Roland Dreier, mshefty, halr, openib-general, linux-kernel


Thanks Adrian,

I'll address this...

Steve.


On Mon, 2007-03-19 at 10:26 +0100, Adrian Bunk wrote:
> The Coverity checker spotted that "npages" will be used uninitialized in 
> the following code if !(mr_rereg_mask & IB_MR_REREG_TRANS):
> 
> <--  snip  -->
> 
> ...
> static int iwch_reregister_phys_mem(struct ib_mr *mr,
>                                      int mr_rereg_mask,
>                                      struct ib_pd *pd,
>                                      struct ib_phys_buf *buffer_list,
>                                      int num_phys_buf,
>                                      int acc, u64 * iova_start)
> {
> 
>         struct iwch_mr mh, *mhp;
>         struct iwch_pd *php;
>         struct iwch_dev *rhp;
>         __be64 *page_list = NULL;
>         int shift = 0;
>         u64 total_size;
>         int npages;
>         int ret;
> 
>         PDBG("%s ib_mr %p ib_pd %p\n", __FUNCTION__, mr, pd);
> 
>         /* There can be no memory windows */
>         if (atomic_read(&mr->usecnt))
>                 return -EINVAL;
> 
>         mhp = to_iwch_mr(mr);
>         rhp = mhp->rhp;
>         php = to_iwch_pd(mr->pd);
> 
>         /* make sure we are on the same adapter */
>         if (rhp != php->rhp)
>                 return -EINVAL;
> 
>         memcpy(&mh, mhp, sizeof *mhp);
> 
>         if (mr_rereg_mask & IB_MR_REREG_PD)
>                 php = to_iwch_pd(pd);
>         if (mr_rereg_mask & IB_MR_REREG_ACCESS)
>                 mh.attr.perms = iwch_ib_to_tpt_access(acc);
>         if (mr_rereg_mask & IB_MR_REREG_TRANS)
>                 ret = build_phys_page_list(buffer_list, num_phys_buf,
>                                            iova_start,
>                                            &total_size, &npages,
>                                            &shift, &page_list);
> 
>         ret = iwch_reregister_mem(rhp, php, &mh, shift, page_list, npages);
> ...
> 
> <--  snip  -->
> 
> Looking at the code, it also seems some orignally planned error handling 
> code for the build_phys_page_list() call was forgotten ("ret" is never 
> checked before it's overwritten again).
> 
> cu
> Adrian
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2007-03-19 14:05 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-19  9:26 drivers/infiniband/hw/cxgb3/iwch_provider.c: uninitialized variable used Adrian Bunk
2007-03-19 14:05 ` Steve Wise

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox