On Mon, Sep 14, 2020 at 06:24:55PM +0300, Andy Shevchenko wrote: > On Mon, Sep 14, 2020 at 05:48:07PM +0300, Dan Carpenter wrote: > > Hi Jie, > > > > url: https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013 > > base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git i2c/for-next > > config: parisc-randconfig-m031-20200913 (attached as .config) > > compiler: hppa-linux-gcc (GCC) 9.3.0 > > > > If you fix the issue, kindly add following tag as appropriate > > Reported-by: kernel test robot > > Reported-by: Dan Carpenter > > > > smatch warnings: > > drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we previously assumed 'vmsg' could be null (see line 137) > > > > It's quite possible a false positive. Look at 122. But I agree that for-loop is > not the best for such things to understand. Perhaps switching to do {} while () > will make it better. > Smatch is assuming that virtqueue_get_buf() can return NULL on the last iteration through the loop. regards, dan carpenter > > # https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d > > git remote add linux-review https://github.com/0day-ci/linux > > git fetch --no-tags linux-review Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013 > > git checkout 0a54ec771966748fcbc86256b830b5f786168b7d > > vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c > > > > 0a54ec77196674 Jie Deng 2020-09-11 109 static int virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num) > > 0a54ec77196674 Jie Deng 2020-09-11 110 { > > 0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = i2c_get_adapdata(adap); > > 0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq; > > 0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg; > > 0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left; > > 0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0; > > 0a54ec77196674 Jie Deng 2020-09-11 116 > > 0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock); > > 0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg; > > 0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL; > > 0a54ec77196674 Jie Deng 2020-09-11 120 > > 0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) { > > 0a54ec77196674 Jie Deng 2020-09-11 122 ret = virtio_i2c_add_msg(vq, vmsg, &msgs[i]); > > 0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) { > > 0a54ec77196674 Jie Deng 2020-09-11 124 dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i); > > 0a54ec77196674 Jie Deng 2020-09-11 125 break; > > 0a54ec77196674 Jie Deng 2020-09-11 126 } > > 0a54ec77196674 Jie Deng 2020-09-11 127 > > 0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq); > > 0a54ec77196674 Jie Deng 2020-09-11 129 > > 0a54ec77196674 Jie Deng 2020-09-11 130 time_left = wait_for_completion_timeout(&vi->completion, adap->timeout); > > 0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) { > > 0a54ec77196674 Jie Deng 2020-09-11 132 dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr); > > 0a54ec77196674 Jie Deng 2020-09-11 133 break; > > 0a54ec77196674 Jie Deng 2020-09-11 134 } > > 0a54ec77196674 Jie Deng 2020-09-11 135 > > 0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct virtio_i2c_msg *)virtqueue_get_buf(vq, &len); > > 0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) { > > ^^^^ > > Check for NULL. > > > > 0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should point to the same address with &vi->vmsg */ > > 0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != &vi->vmsg) { > > 0a54ec77196674 Jie Deng 2020-09-11 140 dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n", > > 0a54ec77196674 Jie Deng 2020-09-11 141 i, le16_to_cpu(vmsg->hdr.addr)); > > 0a54ec77196674 Jie Deng 2020-09-11 142 break; > > 0a54ec77196674 Jie Deng 2020-09-11 143 } > > 0a54ec77196674 Jie Deng 2020-09-11 144 if (vmsg->status != VIRTIO_I2C_MSG_OK) { > > 0a54ec77196674 Jie Deng 2020-09-11 145 dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n", > > 0a54ec77196674 Jie Deng 2020-09-11 146 i, le16_to_cpu(vmsg->hdr.addr), vmsg->status); > > 0a54ec77196674 Jie Deng 2020-09-11 147 break; > > 0a54ec77196674 Jie Deng 2020-09-11 148 } > > 0a54ec77196674 Jie Deng 2020-09-11 149 if ((msgs[i].flags & I2C_M_RD) && msgs[i].len) > > 0a54ec77196674 Jie Deng 2020-09-11 150 memcpy(msgs[i].buf, vmsg->buf, msgs[i].len); > > 0a54ec77196674 Jie Deng 2020-09-11 151 > > 0a54ec77196674 Jie Deng 2020-09-11 152 kfree(vmsg->buf); > > 0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = NULL; > > 0a54ec77196674 Jie Deng 2020-09-11 154 } > > 0a54ec77196674 Jie Deng 2020-09-11 155 > > 0a54ec77196674 Jie Deng 2020-09-11 156 reinit_completion(&vi->completion); > > 0a54ec77196674 Jie Deng 2020-09-11 157 } > > 0a54ec77196674 Jie Deng 2020-09-11 158 > > 0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock); > > 0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf); > > ^^^^^^^^^ > > Unchecked dereference. > > > > 0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i); > > 0a54ec77196674 Jie Deng 2020-09-11 162 } > > > > --- > > 0-DAY CI Kernel Test Service, Intel Corporation > > https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org > > > > -- > With Best Regards, > Andy Shevchenko >