From: Dan Carpenter <dan.carpenter@oracle.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: kbuild@lists.01.org, Jie Deng <jie.deng@intel.com>,
linux-i2c@vger.kernel.org,
virtualization@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, lkp@intel.com,
kbuild-all@lists.01.org, mst@redhat.com, jasowang@redhat.com,
wsa+renesas@sang-engineering.com, wsa@kernel.org,
jarkko.nikula@linux.intel.com, jdelvare@suse.de
Subject: Re: [PATCH v2] i2c: virtio: add a virtio i2c frontend driver
Date: Mon, 14 Sep 2020 18:47:27 +0300 [thread overview]
Message-ID: <20200914154726.GE18329@kadam> (raw)
In-Reply-To: <20200914152455.GI3956970@smile.fi.intel.com>
On Mon, Sep 14, 2020 at 06:24:55PM +0300, Andy Shevchenko wrote:
> On Mon, Sep 14, 2020 at 05:48:07PM +0300, Dan Carpenter wrote:
> > Hi Jie,
> >
> > url: https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git i2c/for-next
> > config: parisc-randconfig-m031-20200913 (attached as .config)
> > compiler: hppa-linux-gcc (GCC) 9.3.0
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > smatch warnings:
> > drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we previously assumed 'vmsg' could be null (see line 137)
> >
>
> It's quite possible a false positive. Look at 122. But I agree that for-loop is
> not the best for such things to understand. Perhaps switching to do {} while ()
> will make it better.
>
Smatch is assuming that virtqueue_get_buf() can return NULL on the last
iteration through the loop.
regards,
dan carpenter
> > # https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d
> > git remote add linux-review https://github.com/0day-ci/linux
> > git fetch --no-tags linux-review Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > git checkout 0a54ec771966748fcbc86256b830b5f786168b7d
> > vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 109 static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> > 0a54ec77196674 Jie Deng 2020-09-11 110 {
> > 0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = i2c_get_adapdata(adap);
> > 0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq;
> > 0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left;
> > 0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0;
> > 0a54ec77196674 Jie Deng 2020-09-11 116
> > 0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 120
> > 0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) {
> > 0a54ec77196674 Jie Deng 2020-09-11 122 ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
> > 0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) {
> > 0a54ec77196674 Jie Deng 2020-09-11 124 dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
> > 0a54ec77196674 Jie Deng 2020-09-11 125 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 126 }
> > 0a54ec77196674 Jie Deng 2020-09-11 127
> > 0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq);
> > 0a54ec77196674 Jie Deng 2020-09-11 129
> > 0a54ec77196674 Jie Deng 2020-09-11 130 time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
> > 0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) {
> > 0a54ec77196674 Jie Deng 2020-09-11 132 dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
> > 0a54ec77196674 Jie Deng 2020-09-11 133 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 134 }
> > 0a54ec77196674 Jie Deng 2020-09-11 135
> > 0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
> > 0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) {
> > ^^^^
> > Check for NULL.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should point to the same address with &vi->vmsg */
> > 0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != &vi->vmsg) {
> > 0a54ec77196674 Jie Deng 2020-09-11 140 dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 141 i, le16_to_cpu(vmsg->hdr.addr));
> > 0a54ec77196674 Jie Deng 2020-09-11 142 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 143 }
> > 0a54ec77196674 Jie Deng 2020-09-11 144 if (vmsg->status != VIRTIO_I2C_MSG_OK) {
> > 0a54ec77196674 Jie Deng 2020-09-11 145 dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 146 i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
> > 0a54ec77196674 Jie Deng 2020-09-11 147 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 148 }
> > 0a54ec77196674 Jie Deng 2020-09-11 149 if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
> > 0a54ec77196674 Jie Deng 2020-09-11 150 memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
> > 0a54ec77196674 Jie Deng 2020-09-11 151
> > 0a54ec77196674 Jie Deng 2020-09-11 152 kfree(vmsg->buf);
> > 0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 154 }
> > 0a54ec77196674 Jie Deng 2020-09-11 155
> > 0a54ec77196674 Jie Deng 2020-09-11 156 reinit_completion(&vi->completion);
> > 0a54ec77196674 Jie Deng 2020-09-11 157 }
> > 0a54ec77196674 Jie Deng 2020-09-11 158
> > 0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf);
> > ^^^^^^^^^
> > Unchecked dereference.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i);
> > 0a54ec77196674 Jie Deng 2020-09-11 162 }
> >
> > ---
> > 0-DAY CI Kernel Test Service, Intel Corporation
> > https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
>
>
> --
> With Best Regards,
> Andy Shevchenko
>
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: kbuild-all@lists.01.org, lkp@intel.com, mst@redhat.com,
kbuild@lists.01.org, linux-kernel@vger.kernel.org,
virtualization@lists.linux-foundation.org, wsa@kernel.org,
wsa+renesas@sang-engineering.com, jarkko.nikula@linux.intel.com,
linux-i2c@vger.kernel.org, jdelvare@suse.de
Subject: Re: [PATCH v2] i2c: virtio: add a virtio i2c frontend driver
Date: Mon, 14 Sep 2020 18:47:27 +0300 [thread overview]
Message-ID: <20200914154726.GE18329@kadam> (raw)
In-Reply-To: <20200914152455.GI3956970@smile.fi.intel.com>
On Mon, Sep 14, 2020 at 06:24:55PM +0300, Andy Shevchenko wrote:
> On Mon, Sep 14, 2020 at 05:48:07PM +0300, Dan Carpenter wrote:
> > Hi Jie,
> >
> > url: https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git i2c/for-next
> > config: parisc-randconfig-m031-20200913 (attached as .config)
> > compiler: hppa-linux-gcc (GCC) 9.3.0
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > smatch warnings:
> > drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we previously assumed 'vmsg' could be null (see line 137)
> >
>
> It's quite possible a false positive. Look at 122. But I agree that for-loop is
> not the best for such things to understand. Perhaps switching to do {} while ()
> will make it better.
>
Smatch is assuming that virtqueue_get_buf() can return NULL on the last
iteration through the loop.
regards,
dan carpenter
> > # https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d
> > git remote add linux-review https://github.com/0day-ci/linux
> > git fetch --no-tags linux-review Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > git checkout 0a54ec771966748fcbc86256b830b5f786168b7d
> > vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 109 static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> > 0a54ec77196674 Jie Deng 2020-09-11 110 {
> > 0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = i2c_get_adapdata(adap);
> > 0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq;
> > 0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left;
> > 0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0;
> > 0a54ec77196674 Jie Deng 2020-09-11 116
> > 0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 120
> > 0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) {
> > 0a54ec77196674 Jie Deng 2020-09-11 122 ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
> > 0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) {
> > 0a54ec77196674 Jie Deng 2020-09-11 124 dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
> > 0a54ec77196674 Jie Deng 2020-09-11 125 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 126 }
> > 0a54ec77196674 Jie Deng 2020-09-11 127
> > 0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq);
> > 0a54ec77196674 Jie Deng 2020-09-11 129
> > 0a54ec77196674 Jie Deng 2020-09-11 130 time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
> > 0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) {
> > 0a54ec77196674 Jie Deng 2020-09-11 132 dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
> > 0a54ec77196674 Jie Deng 2020-09-11 133 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 134 }
> > 0a54ec77196674 Jie Deng 2020-09-11 135
> > 0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
> > 0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) {
> > ^^^^
> > Check for NULL.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should point to the same address with &vi->vmsg */
> > 0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != &vi->vmsg) {
> > 0a54ec77196674 Jie Deng 2020-09-11 140 dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 141 i, le16_to_cpu(vmsg->hdr.addr));
> > 0a54ec77196674 Jie Deng 2020-09-11 142 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 143 }
> > 0a54ec77196674 Jie Deng 2020-09-11 144 if (vmsg->status != VIRTIO_I2C_MSG_OK) {
> > 0a54ec77196674 Jie Deng 2020-09-11 145 dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 146 i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
> > 0a54ec77196674 Jie Deng 2020-09-11 147 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 148 }
> > 0a54ec77196674 Jie Deng 2020-09-11 149 if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
> > 0a54ec77196674 Jie Deng 2020-09-11 150 memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
> > 0a54ec77196674 Jie Deng 2020-09-11 151
> > 0a54ec77196674 Jie Deng 2020-09-11 152 kfree(vmsg->buf);
> > 0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 154 }
> > 0a54ec77196674 Jie Deng 2020-09-11 155
> > 0a54ec77196674 Jie Deng 2020-09-11 156 reinit_completion(&vi->completion);
> > 0a54ec77196674 Jie Deng 2020-09-11 157 }
> > 0a54ec77196674 Jie Deng 2020-09-11 158
> > 0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf);
> > ^^^^^^^^^
> > Unchecked dereference.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i);
> > 0a54ec77196674 Jie Deng 2020-09-11 162 }
> >
> > ---
> > 0-DAY CI Kernel Test Service, Intel Corporation
> > https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
>
>
> --
> With Best Regards,
> Andy Shevchenko
>
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org
Subject: Re: [PATCH v2] i2c: virtio: add a virtio i2c frontend driver
Date: Mon, 14 Sep 2020 18:47:27 +0300 [thread overview]
Message-ID: <20200914154726.GE18329@kadam> (raw)
In-Reply-To: <20200914152455.GI3956970@smile.fi.intel.com>
[-- Attachment #1: Type: text/plain, Size: 5832 bytes --]
On Mon, Sep 14, 2020 at 06:24:55PM +0300, Andy Shevchenko wrote:
> On Mon, Sep 14, 2020 at 05:48:07PM +0300, Dan Carpenter wrote:
> > Hi Jie,
> >
> > url: https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git i2c/for-next
> > config: parisc-randconfig-m031-20200913 (attached as .config)
> > compiler: hppa-linux-gcc (GCC) 9.3.0
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > smatch warnings:
> > drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we previously assumed 'vmsg' could be null (see line 137)
> >
>
> It's quite possible a false positive. Look at 122. But I agree that for-loop is
> not the best for such things to understand. Perhaps switching to do {} while ()
> will make it better.
>
Smatch is assuming that virtqueue_get_buf() can return NULL on the last
iteration through the loop.
regards,
dan carpenter
> > # https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d
> > git remote add linux-review https://github.com/0day-ci/linux
> > git fetch --no-tags linux-review Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > git checkout 0a54ec771966748fcbc86256b830b5f786168b7d
> > vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 109 static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> > 0a54ec77196674 Jie Deng 2020-09-11 110 {
> > 0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = i2c_get_adapdata(adap);
> > 0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq;
> > 0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left;
> > 0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0;
> > 0a54ec77196674 Jie Deng 2020-09-11 116
> > 0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 120
> > 0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) {
> > 0a54ec77196674 Jie Deng 2020-09-11 122 ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
> > 0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) {
> > 0a54ec77196674 Jie Deng 2020-09-11 124 dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
> > 0a54ec77196674 Jie Deng 2020-09-11 125 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 126 }
> > 0a54ec77196674 Jie Deng 2020-09-11 127
> > 0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq);
> > 0a54ec77196674 Jie Deng 2020-09-11 129
> > 0a54ec77196674 Jie Deng 2020-09-11 130 time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
> > 0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) {
> > 0a54ec77196674 Jie Deng 2020-09-11 132 dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
> > 0a54ec77196674 Jie Deng 2020-09-11 133 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 134 }
> > 0a54ec77196674 Jie Deng 2020-09-11 135
> > 0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
> > 0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) {
> > ^^^^
> > Check for NULL.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should point to the same address with &vi->vmsg */
> > 0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != &vi->vmsg) {
> > 0a54ec77196674 Jie Deng 2020-09-11 140 dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 141 i, le16_to_cpu(vmsg->hdr.addr));
> > 0a54ec77196674 Jie Deng 2020-09-11 142 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 143 }
> > 0a54ec77196674 Jie Deng 2020-09-11 144 if (vmsg->status != VIRTIO_I2C_MSG_OK) {
> > 0a54ec77196674 Jie Deng 2020-09-11 145 dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 146 i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
> > 0a54ec77196674 Jie Deng 2020-09-11 147 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 148 }
> > 0a54ec77196674 Jie Deng 2020-09-11 149 if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
> > 0a54ec77196674 Jie Deng 2020-09-11 150 memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
> > 0a54ec77196674 Jie Deng 2020-09-11 151
> > 0a54ec77196674 Jie Deng 2020-09-11 152 kfree(vmsg->buf);
> > 0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 154 }
> > 0a54ec77196674 Jie Deng 2020-09-11 155
> > 0a54ec77196674 Jie Deng 2020-09-11 156 reinit_completion(&vi->completion);
> > 0a54ec77196674 Jie Deng 2020-09-11 157 }
> > 0a54ec77196674 Jie Deng 2020-09-11 158
> > 0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf);
> > ^^^^^^^^^
> > Unchecked dereference.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i);
> > 0a54ec77196674 Jie Deng 2020-09-11 162 }
> >
> > ---
> > 0-DAY CI Kernel Test Service, Intel Corporation
> > https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
>
>
>
> --
> With Best Regards,
> Andy Shevchenko
>
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH v2] i2c: virtio: add a virtio i2c frontend driver
Date: Mon, 14 Sep 2020 18:47:27 +0300 [thread overview]
Message-ID: <20200914154726.GE18329@kadam> (raw)
In-Reply-To: <20200914152455.GI3956970@smile.fi.intel.com>
[-- Attachment #1: Type: text/plain, Size: 5832 bytes --]
On Mon, Sep 14, 2020 at 06:24:55PM +0300, Andy Shevchenko wrote:
> On Mon, Sep 14, 2020 at 05:48:07PM +0300, Dan Carpenter wrote:
> > Hi Jie,
> >
> > url: https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git i2c/for-next
> > config: parisc-randconfig-m031-20200913 (attached as .config)
> > compiler: hppa-linux-gcc (GCC) 9.3.0
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > smatch warnings:
> > drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we previously assumed 'vmsg' could be null (see line 137)
> >
>
> It's quite possible a false positive. Look at 122. But I agree that for-loop is
> not the best for such things to understand. Perhaps switching to do {} while ()
> will make it better.
>
Smatch is assuming that virtqueue_get_buf() can return NULL on the last
iteration through the loop.
regards,
dan carpenter
> > # https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d
> > git remote add linux-review https://github.com/0day-ci/linux
> > git fetch --no-tags linux-review Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013
> > git checkout 0a54ec771966748fcbc86256b830b5f786168b7d
> > vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 109 static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num)
> > 0a54ec77196674 Jie Deng 2020-09-11 110 {
> > 0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = i2c_get_adapdata(adap);
> > 0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq;
> > 0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left;
> > 0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0;
> > 0a54ec77196674 Jie Deng 2020-09-11 116
> > 0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg;
> > 0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 120
> > 0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) {
> > 0a54ec77196674 Jie Deng 2020-09-11 122 ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]);
> > 0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) {
> > 0a54ec77196674 Jie Deng 2020-09-11 124 dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i);
> > 0a54ec77196674 Jie Deng 2020-09-11 125 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 126 }
> > 0a54ec77196674 Jie Deng 2020-09-11 127
> > 0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq);
> > 0a54ec77196674 Jie Deng 2020-09-11 129
> > 0a54ec77196674 Jie Deng 2020-09-11 130 time_left = wait_for_completion_timeout(&vi->completion, adap->timeout);
> > 0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) {
> > 0a54ec77196674 Jie Deng 2020-09-11 132 dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr);
> > 0a54ec77196674 Jie Deng 2020-09-11 133 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 134 }
> > 0a54ec77196674 Jie Deng 2020-09-11 135
> > 0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len);
> > 0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) {
> > ^^^^
> > Check for NULL.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should point to the same address with &vi->vmsg */
> > 0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != &vi->vmsg) {
> > 0a54ec77196674 Jie Deng 2020-09-11 140 dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 141 i, le16_to_cpu(vmsg->hdr.addr));
> > 0a54ec77196674 Jie Deng 2020-09-11 142 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 143 }
> > 0a54ec77196674 Jie Deng 2020-09-11 144 if (vmsg->status != VIRTIO_I2C_MSG_OK) {
> > 0a54ec77196674 Jie Deng 2020-09-11 145 dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n",
> > 0a54ec77196674 Jie Deng 2020-09-11 146 i, le16_to_cpu(vmsg->hdr.addr), vmsg->status);
> > 0a54ec77196674 Jie Deng 2020-09-11 147 break;
> > 0a54ec77196674 Jie Deng 2020-09-11 148 }
> > 0a54ec77196674 Jie Deng 2020-09-11 149 if ((msgs[i].flags & I2C_M_RD) && msgs[i].len)
> > 0a54ec77196674 Jie Deng 2020-09-11 150 memcpy(msgs[i].buf, vmsg->buf, msgs[i].len);
> > 0a54ec77196674 Jie Deng 2020-09-11 151
> > 0a54ec77196674 Jie Deng 2020-09-11 152 kfree(vmsg->buf);
> > 0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = NULL;
> > 0a54ec77196674 Jie Deng 2020-09-11 154 }
> > 0a54ec77196674 Jie Deng 2020-09-11 155
> > 0a54ec77196674 Jie Deng 2020-09-11 156 reinit_completion(&vi->completion);
> > 0a54ec77196674 Jie Deng 2020-09-11 157 }
> > 0a54ec77196674 Jie Deng 2020-09-11 158
> > 0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock);
> > 0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf);
> > ^^^^^^^^^
> > Unchecked dereference.
> >
> > 0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i);
> > 0a54ec77196674 Jie Deng 2020-09-11 162 }
> >
> > ---
> > 0-DAY CI Kernel Test Service, Intel Corporation
> > https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
>
>
>
> --
> With Best Regards,
> Andy Shevchenko
>
next prev parent reply other threads:[~2020-09-14 15:53 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-11 3:48 [PATCH v2] i2c: virtio: add a virtio i2c frontend driver Jie Deng
2020-09-11 3:48 ` Jie Deng
2020-09-11 3:53 ` Randy Dunlap
2020-09-11 3:53 ` Randy Dunlap
2020-09-14 1:16 ` Jie Deng
2020-09-14 1:16 ` Jie Deng
2020-09-14 2:46 ` Jason Wang
2020-09-14 2:46 ` Jason Wang
2020-09-14 3:43 ` Jie Deng
2020-09-14 3:43 ` Jie Deng
2020-09-14 14:48 ` Dan Carpenter
2020-09-14 14:48 ` Dan Carpenter
2020-09-14 14:48 ` Dan Carpenter
2020-09-14 14:48 ` Dan Carpenter
2020-09-14 15:24 ` Andy Shevchenko
2020-09-14 15:24 ` Andy Shevchenko
2020-09-14 15:47 ` Dan Carpenter [this message]
2020-09-14 15:47 ` Dan Carpenter
2020-09-14 15:47 ` Dan Carpenter
2020-09-14 15:47 ` Dan Carpenter
2020-09-14 16:08 ` Andy Shevchenko
2020-09-14 16:08 ` Andy Shevchenko
2020-09-14 16:08 ` Andy Shevchenko
2020-09-12 21:57 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200914154726.GE18329@kadam \
--to=dan.carpenter@oracle.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=jarkko.nikula@linux.intel.com \
--cc=jasowang@redhat.com \
--cc=jdelvare@suse.de \
--cc=jie.deng@intel.com \
--cc=kbuild-all@lists.01.org \
--cc=kbuild@lists.01.org \
--cc=linux-i2c@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=mst@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=wsa+renesas@sang-engineering.com \
--cc=wsa@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.