From: Doug Ledford <dledford@redhat.com>
To: Bernard Metzler <BMT@zurich.ibm.com>,
Dan Carpenter <dan.carpenter@oracle.com>
Cc: linux-rdma@vger.kernel.org
Subject: Re: [bug report] rdma/siw: queue pair methods
Date: Mon, 29 Jul 2019 13:36:31 -0400 [thread overview]
Message-ID: <9c4975b8fed483c0911f27f4b90c0566962ada3d.camel@redhat.com> (raw)
In-Reply-To: <OF61E386ED.49A73798-ON00258444.003BD6A6-00258444.003CC8D9@notes.na.collabserv.com>
[-- Attachment #1: Type: text/plain, Size: 4172 bytes --]
On Sat, 2019-07-27 at 11:03 +0000, Bernard Metzler wrote:
> -----"Dan Carpenter" <dan.carpenter@oracle.com> wrote: -----
>
> > To: bmt@zurich.ibm.com
> > From: "Dan Carpenter" <dan.carpenter@oracle.com>
> > Date: 07/26/2019 10:11AM
> > Cc: linux-rdma@vger.kernel.org
> > Subject: [EXTERNAL] [bug report] rdma/siw: queue pair methods
> >
> > Hello Bernard Metzler,
> >
> > The patch f29dd55b0236: "rdma/siw: queue pair methods" from Jun 20,
> > 2019, leads to the following static checker warning:
> >
> > drivers/infiniband/sw/siw/siw_qp.c:226 siw_qp_enable_crc()
> > warn: variable dereferenced before check 'siw_crypto_shash' (see
> > line 223)
> >
> > drivers/infiniband/sw/siw/siw_qp.c
> > 219 static int siw_qp_enable_crc(struct siw_qp *qp)
> > 220 {
> > 221 struct siw_rx_stream *c_rx = &qp->rx_stream;
> > 222 struct siw_iwarp_tx *c_tx = &qp->tx_ctx;
> > 223 int size = crypto_shash_descsize(siw_crypto_shash) +
> > ^^^^^^^^^^^^^^^^
> > Dereferenced inside function.
> >
> > 224 sizeof(struct shash_desc);
> > 225
> > 226 if (siw_crypto_shash == NULL)
> > ^^^^^^^^^^^^^^^^^^^^^^^^
> > Checked too late.
> >
> > 227 return -ENOENT;
> > 228
> > 229 c_tx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> > 230 c_rx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> > 231 if (!c_tx->mpa_crc_hd || !c_rx->mpa_crc_hd) {
> > 232 kfree(c_tx->mpa_crc_hd);
> > 233 kfree(c_rx->mpa_crc_hd);
> > 234 c_tx->mpa_crc_hd = NULL;
> > 235 c_rx->mpa_crc_hd = NULL;
> > 236 return -ENOMEM;
> > 237 }
> > 238 c_tx->mpa_crc_hd->tfm = siw_crypto_shash;
> > 239 c_rx->mpa_crc_hd->tfm = siw_crypto_shash;
> > 240
> > 241 return 0;
> > 242 }
> >
> > regards,
> > dan carpenter
> >
> >
>
> Hi Dan,
> many thanks for catching this one! The fix of course is simple:
>
Hi Bernard,
This patch was ignored by patchworks for some reason. If I hadn't
noticed that it was here, but not in patchworks and also not applied
previously by Jason, it would have been missed entirely. I suspect it's
because the patch was embedded in a reply, but I'm not sure as that
normally seems to work. In any case, I might suggest next time you
reply to the bug report that you have a fix, and then use git send-email
to send the patch, just to be on the safe side in terms of things
getting lost.
With all that said, applied to for-rc along with some fix ups to the log
message (added Reported-by: and Fixes: tags).
> From c13b5da99aea7766a61aabe33e9943618f4505cf Mon Sep 17 00:00:00 2001
> From: Bernard Metzler <bmt@zurich.ibm.com>
> Date: Sat, 27 Jul 2019 12:38:32 +0200
> Subject: [PATCH] Do not dereference 'siw_crypto_shash' before checking
>
> Signed-off-by: Bernard Metzler <bmt@zurich.ibm.com>
> ---
> drivers/infiniband/sw/siw/siw_qp.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/infiniband/sw/siw/siw_qp.c
> b/drivers/infiniband/sw/siw/siw_qp.c
> index 11383d9f95ef..e27bd5b35b96 100644
> --- a/drivers/infiniband/sw/siw/siw_qp.c
> +++ b/drivers/infiniband/sw/siw/siw_qp.c
> @@ -220,12 +220,14 @@ static int siw_qp_enable_crc(struct siw_qp *qp)
> {
> struct siw_rx_stream *c_rx = &qp->rx_stream;
> struct siw_iwarp_tx *c_tx = &qp->tx_ctx;
> - int size = crypto_shash_descsize(siw_crypto_shash) +
> - sizeof(struct shash_desc);
> + int size;
>
> if (siw_crypto_shash == NULL)
> return -ENOENT;
>
> + size = crypto_shash_descsize(siw_crypto_shash) +
> + sizeof(struct shash_desc);
> +
> c_tx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> c_rx->mpa_crc_hd = kzalloc(size, GFP_KERNEL);
> if (!c_tx->mpa_crc_hd || !c_rx->mpa_crc_hd) {
--
Doug Ledford <dledford@redhat.com>
GPG KeyID: B826A3330E572FDD
Fingerprint = AE6B 1BDA 122B 23B4 265B 1274 B826 A333 0E57 2FDD
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2019-07-29 17:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-26 8:10 [bug report] rdma/siw: queue pair methods Dan Carpenter
2019-07-27 11:03 ` Bernard Metzler
2019-07-29 17:36 ` Doug Ledford [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9c4975b8fed483c0911f27f4b90c0566962ada3d.camel@redhat.com \
--to=dledford@redhat.com \
--cc=BMT@zurich.ibm.com \
--cc=dan.carpenter@oracle.com \
--cc=linux-rdma@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.