[PATCH v2] qed: fix possible uninit pointer read in qed_mcp_nvm_info_populate()

[PATCH v2] qed: fix possible uninit pointer read in qed_mcp_nvm_info_populate()

[Gianfranco Trad]

Coverity reports an uninit pointer read in qed_mcp_nvm_info_populate().
If EOPNOTSUPP is returned from qed_mcp_bist_nvm_get_num_images() ensure
nvm_info.num_images is set to 0 to avoid possible uninit assignment
to p_hwfn->nvm_info.image_att later on in out label.

Closes: https://scan5.scan.coverity.com/#/project-view/63204/10063?selectedIssue=1636666
Suggested-by: Simon Horman <horms@kernel.org>
Signed-off-by: Gianfranco Trad <gianf.trad@gmail.com>
---
Notes:
  - Changes in v2: set nvm_info.num_images to 0 before goto out.
  - Link to v1: https://lore.kernel.org/all/20241211134041.65860-2-gianf.trad@gmail.com/

 drivers/net/ethernet/qlogic/qed/qed_mcp.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c
index b45efc272fdb..c7f497c36f66 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c
@@ -3358,6 +3358,7 @@ int qed_mcp_nvm_info_populate(struct qed_hwfn *p_hwfn)
 					     p_ptt, &nvm_info.num_images);
 	if (rc == -EOPNOTSUPP) {
 		DP_INFO(p_hwfn, "DRV_MSG_CODE_BIST_TEST is not supported\n");
+		nvm_info.num_images = 0;
 		goto out;
 	} else if (rc || !nvm_info.num_images) {
 		DP_ERR(p_hwfn, "Failed getting number of images\n");
-- 
2.43.0

Re: [PATCH v2] qed: fix possible uninit pointer read in qed_mcp_nvm_info_populate()

[Simon Horman]

On Sun, Dec 15, 2024 at 02:17:34AM +0100, Gianfranco Trad wrote:
> Coverity reports an uninit pointer read in qed_mcp_nvm_info_populate().
> If EOPNOTSUPP is returned from qed_mcp_bist_nvm_get_num_images() ensure
> nvm_info.num_images is set to 0 to avoid possible uninit assignment
> to p_hwfn->nvm_info.image_att later on in out label.
> 
> Closes: https://scan5.scan.coverity.com/#/project-view/63204/10063?selectedIssue=1636666
> Suggested-by: Simon Horman <horms@kernel.org>
> Signed-off-by: Gianfranco Trad <gianf.trad@gmail.com>
> ---
> Notes:
>   - Changes in v2: set nvm_info.num_images to 0 before goto out.
>   - Link to v1: https://lore.kernel.org/all/20241211134041.65860-2-gianf.trad@gmail.com/

Thanks for the update.

Reviewed-by: Simon Horman <horms@kernel.org>

Re: [PATCH v2] qed: fix possible uninit pointer read in qed_mcp_nvm_info_populate()

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:

On Sun, 15 Dec 2024 02:17:34 +0100 you wrote:
> Coverity reports an uninit pointer read in qed_mcp_nvm_info_populate().
> If EOPNOTSUPP is returned from qed_mcp_bist_nvm_get_num_images() ensure
> nvm_info.num_images is set to 0 to avoid possible uninit assignment
> to p_hwfn->nvm_info.image_att later on in out label.
> 
> Closes: https://scan5.scan.coverity.com/#/project-view/63204/10063?selectedIssue=1636666
> Suggested-by: Simon Horman <horms@kernel.org>
> Signed-off-by: Gianfranco Trad <gianf.trad@gmail.com>
> 
> [...]

Here is the summary with links:
  - [v2] qed: fix possible uninit pointer read in qed_mcp_nvm_info_populate()
    https://git.kernel.org/netdev/net/c/7ed2d9158877

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html