| Message ID | 20221118121740.128877-1-arefev@swemel.ru |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp161614wrr;
Fri, 18 Nov 2022 04:19:16 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf73hfPwFxVqoYfibdibDwo3PcfjopGJau4ZktotwIc8p6YIf4kRDsXNcTo6UJh+p7etJhii
X-Received: by 2002:a17:906:2ec7:b0:79b:413b:d64 with SMTP id
s7-20020a1709062ec700b0079b413b0d64mr5623962eji.538.1668773956019;
Fri, 18 Nov 2022 04:19:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668773956; cv=none;
d=google.com; s=arc-20160816;
b=PhFNDw0z2GY2VYLjI8kIuu0Z+96hYCH2OER5YU7PvPXqH9mI2Ig71lb1LqBY3aF4UC
Cb3GAfX2PTlX3rEOtOHMnj9FWELjbS+fLg7neRGMEzaQuzxrVZSujPH+H55SFxd2qWz0
DF4pBstHzhnu8dtYdyVbt+C471B9pPQ2zkmAeo2lBp3s3uQZ/b3sqJH5YKn1sS6gTh6I
MxF/5p9lb1E4mhbeiSWBxkMx1Gpbn8FeBnJP/HYohfgVkRA1ZakcK/7UeomN88it6ltu
vcIjLwA/aFxWPL0Eghp/A4NNv6xvpGlwgLC/77g8Cs1araezqr6DKV5pUu5Ih3mxvWtd
tp2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:dkim-signature:from;
bh=ac6hqu8MRPhDQ5SpxuNlbB+ZBkfygCfSzR81j36kZp0=;
b=XuhRCnyP7sbWtixxxyi/LJHX/phmniZXLaZS1vuQNbfIyIEpDKbtqzQuhFeuZSvj16
F7NT7NXvHTPjBPE5h4VEjsSFemru4fopo2sX6edhXCKWq/6+LBrauX/WnrGkDbv9CiCw
W6qJ7HhwSikkhlPba//NZfrJDtEMSwrgPdzuZHSR3T530YJqcd8Sl5fHMDmxwpRa1ReX
AOKrMVgKaMw8fblnLiPPOv97/yhtyJwEvbAtRR1BM9mCrkFVNohlmieU2NPCVhB534bZ
o2VBviUYaCYVHgwchCyDKVgugOU7oXlP4nXCpfmakh9cFRkROa5GCHvl8iGPSivqXyPs
POEw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@swemel.ru header.s=mail header.b=hfsh3qVW;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=swemel.ru
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
o10-20020a056402038a00b00467c3cbab04si2805187edv.66.2022.11.18.04.18.45;
Fri, 18 Nov 2022 04:19:16 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@swemel.ru header.s=mail header.b=hfsh3qVW;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=swemel.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S241756AbiKRMSH (ORCPT <rfc822;kkmonlee@gmail.com> + 99 others);
Fri, 18 Nov 2022 07:18:07 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58740 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S241762AbiKRMRu (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Fri, 18 Nov 2022 07:17:50 -0500
Received: from mx.swemel.ru (mx.swemel.ru [95.143.211.150])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 485DC97371;
Fri, 18 Nov 2022 04:17:43 -0800 (PST)
From: Denis Arefev <arefev@swemel.ru>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=swemel.ru; s=mail;
t=1668773861;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding;
bh=ac6hqu8MRPhDQ5SpxuNlbB+ZBkfygCfSzR81j36kZp0=;
b=hfsh3qVWGl23RR5TGxSoDvRbF+Yh+gHCOdhWAsTYzwXm4CF6cYOrqEKpnXhXptIA7/7IsY
4yxctKsaBRccVHrdiC5VlzFlncqcBJnXi3675V5gjlwIQ0XGMlvxni4o2hbvQ5FcEAeYad
1ldpL0YAOyHm5KG9S+WDkZdjlV2QlJQ=
To: Karen Xie <kxie@chelsio.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org,
lvc-project@linuxtesting.org, trufanov@swemel.ru, vfh@swemel.ru
Subject: [PATCH v2] cxgbi: cxgb4i: Added pointer check
Date: Fri, 18 Nov 2022 15:17:40 +0300
Message-Id: <20221118121740.128877-1-arefev@swemel.ru>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1749836319576459843?=
X-GMAIL-MSGID: =?utf-8?q?1749836319576459843?=
|
| Series |
[v2] cxgbi: cxgb4i: Added pointer check
|
|
Commit Message
Denis Arefev
Nov. 18, 2022, 12:17 p.m. UTC
Return value of a function 'alloc_wr' is dereferenced at cxgb4i.c:624
without checking for null, but it is usually checked for this function
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Denis Arefev <arefev@swemel.ru>
---
drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 2 ++
1 file changed, 2 insertions(+)
Comments
Replace Karen with Varun. On 11/18/22 6:17 AM, Denis Arefev wrote: > Return value of a function 'alloc_wr' is dereferenced at cxgb4i.c:624 > without checking for null, but it is usually checked for this function > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Signed-off-by: Denis Arefev <arefev@swemel.ru> > --- > drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c > index 2c3491528d42..b93bd36dcb2d 100644 > --- a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c > +++ b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c > @@ -620,6 +620,8 @@ static inline int send_tx_flowc_wr(struct cxgbi_sock *csk) > #endif > flowclen16 = tx_flowc_wr_credits(&nparams, &flowclen); > skb = alloc_wr(flowclen, 0, GFP_ATOMIC); > + if (!skb) > + return -ENOMEM; If this returns a negative value push_tx_frames is going to mishandle it. I'm not sure how to best handle the failure there, but I cc'd the correct maintainer, Varun.
>> Return value of a function 'alloc_wr' is dereferenced at cxgb4i.c:624 >> without checking for null, but it is usually checked for this function >> >> Found by Linux Verification Center (linuxtesting.org) with SVACE. >> >> Signed-off-by: Denis Arefev <arefev@swemel.ru> >> --- >> drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c >> index 2c3491528d42..b93bd36dcb2d 100644 >> --- a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c >> +++ b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c >> @@ -620,6 +620,8 @@ static inline int send_tx_flowc_wr(struct cxgbi_sock *csk) >> #endif >> flowclen16 = tx_flowc_wr_credits(&nparams, &flowclen); >> skb = alloc_wr(flowclen, 0, GFP_ATOMIC); >> + if (!skb) >> + return -ENOMEM; > >If this returns a negative value push_tx_frames is going to mishandle it. >I'm not sure how to best handle the failure there, but I cc'd the correct >maintainer, Varun. push_tx_frames() can not handle negative return value from send_tx_flowc_wr(), to fix this issue we can preallocate a skb in alloc_cpls() and use this skb in send_tx_flowc_wr().
diff --git a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c index 2c3491528d42..b93bd36dcb2d 100644 --- a/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c +++ b/drivers/scsi/cxgbi/cxgb4i/cxgb4i.c @@ -620,6 +620,8 @@ static inline int send_tx_flowc_wr(struct cxgbi_sock *csk) #endif flowclen16 = tx_flowc_wr_credits(&nparams, &flowclen); skb = alloc_wr(flowclen, 0, GFP_ATOMIC); + if (!skb) + return -ENOMEM; flowc = (struct fw_flowc_wr *)skb->head; flowc->op_to_nparams = htonl(FW_WR_OP_V(FW_FLOWC_WR) | FW_FLOWC_WR_NPARAMS_V(nparams));