CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Tiwei Bie <tiwei.bie@intel.com>
CC: "Michael S. Tsirkin" <mst@redhat.com>
CC: "Eugenio Pérez" <eperezma@redhat.com>
CC: Jason Wang <jasowang@redhat.com>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62
commit: 4c8cf31885f69e86be0b5b9e6677a26797365e1d vhost: introduce vDPA-based backend
date:   9 months ago
:::::: branch date: 23 hours ago
:::::: commit date: 9 months ago
config: ia64-randconfig-m031-20210105 (attached as .config)
compiler: ia64-linux-gcc (GCC) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
drivers/vhost/vhost.c:1208 vhost_chr_read_iter() error: potentially dereferencing uninitialized 'msg'.
drivers/vhost/vhost.c:1516 vhost_vring_set_num_addr() error: uninitialized symbol 'r'.

vim +/msg +1208 drivers/vhost/vhost.c

6b1e6cc7855b09a Jason Wang 2016-06-23  1150  
6b1e6cc7855b09a Jason Wang 2016-06-23  1151  ssize_t vhost_chr_read_iter(struct vhost_dev *dev, struct iov_iter *to,
6b1e6cc7855b09a Jason Wang 2016-06-23  1152  			    int noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23  1153  {
6b1e6cc7855b09a Jason Wang 2016-06-23  1154  	DEFINE_WAIT(wait);
6b1e6cc7855b09a Jason Wang 2016-06-23  1155  	struct vhost_msg_node *node;
6b1e6cc7855b09a Jason Wang 2016-06-23  1156  	ssize_t ret = 0;
6b1e6cc7855b09a Jason Wang 2016-06-23  1157  	unsigned size = sizeof(struct vhost_msg);
6b1e6cc7855b09a Jason Wang 2016-06-23  1158  
6b1e6cc7855b09a Jason Wang 2016-06-23  1159  	if (iov_iter_count(to) < size)
6b1e6cc7855b09a Jason Wang 2016-06-23  1160  		return 0;
6b1e6cc7855b09a Jason Wang 2016-06-23  1161  
6b1e6cc7855b09a Jason Wang 2016-06-23  1162  	while (1) {
6b1e6cc7855b09a Jason Wang 2016-06-23  1163  		if (!noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23  1164  			prepare_to_wait(&dev->wait, &wait,
6b1e6cc7855b09a Jason Wang 2016-06-23  1165  					TASK_INTERRUPTIBLE);
6b1e6cc7855b09a Jason Wang 2016-06-23  1166  
6b1e6cc7855b09a Jason Wang 2016-06-23  1167  		node = vhost_dequeue_msg(dev, &dev->read_list);
6b1e6cc7855b09a Jason Wang 2016-06-23  1168  		if (node)
6b1e6cc7855b09a Jason Wang 2016-06-23  1169  			break;
6b1e6cc7855b09a Jason Wang 2016-06-23  1170  		if (noblock) {
6b1e6cc7855b09a Jason Wang 2016-06-23  1171  			ret = -EAGAIN;
6b1e6cc7855b09a Jason Wang 2016-06-23  1172  			break;
6b1e6cc7855b09a Jason Wang 2016-06-23  1173  		}
6b1e6cc7855b09a Jason Wang 2016-06-23  1174  		if (signal_pending(current)) {
6b1e6cc7855b09a Jason Wang 2016-06-23  1175  			ret = -ERESTARTSYS;
6b1e6cc7855b09a Jason Wang 2016-06-23  1176  			break;
6b1e6cc7855b09a Jason Wang 2016-06-23  1177  		}
6b1e6cc7855b09a Jason Wang 2016-06-23  1178  		if (!dev->iotlb) {
6b1e6cc7855b09a Jason Wang 2016-06-23  1179  			ret = -EBADFD;
6b1e6cc7855b09a Jason Wang 2016-06-23  1180  			break;
6b1e6cc7855b09a Jason Wang 2016-06-23  1181  		}
6b1e6cc7855b09a Jason Wang 2016-06-23  1182  
6b1e6cc7855b09a Jason Wang 2016-06-23  1183  		schedule();
6b1e6cc7855b09a Jason Wang 2016-06-23  1184  	}
6b1e6cc7855b09a Jason Wang 2016-06-23  1185  
6b1e6cc7855b09a Jason Wang 2016-06-23  1186  	if (!noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23  1187  		finish_wait(&dev->wait, &wait);
6b1e6cc7855b09a Jason Wang 2016-06-23  1188  
6b1e6cc7855b09a Jason Wang 2016-06-23  1189  	if (node) {
429711aec282c4b Jason Wang 2018-08-06  1190  		struct vhost_iotlb_msg *msg;
429711aec282c4b Jason Wang 2018-08-06  1191  		void *start = &node->msg;
429711aec282c4b Jason Wang 2018-08-06  1192  
429711aec282c4b Jason Wang 2018-08-06  1193  		switch (node->msg.type) {
429711aec282c4b Jason Wang 2018-08-06  1194  		case VHOST_IOTLB_MSG:
429711aec282c4b Jason Wang 2018-08-06  1195  			size = sizeof(node->msg);
429711aec282c4b Jason Wang 2018-08-06  1196  			msg = &node->msg.iotlb;
429711aec282c4b Jason Wang 2018-08-06  1197  			break;
429711aec282c4b Jason Wang 2018-08-06  1198  		case VHOST_IOTLB_MSG_V2:
429711aec282c4b Jason Wang 2018-08-06  1199  			size = sizeof(node->msg_v2);
429711aec282c4b Jason Wang 2018-08-06  1200  			msg = &node->msg_v2.iotlb;
429711aec282c4b Jason Wang 2018-08-06  1201  			break;
429711aec282c4b Jason Wang 2018-08-06  1202  		default:
429711aec282c4b Jason Wang 2018-08-06  1203  			BUG();
429711aec282c4b Jason Wang 2018-08-06  1204  			break;
429711aec282c4b Jason Wang 2018-08-06  1205  		}
6b1e6cc7855b09a Jason Wang 2016-06-23  1206  
429711aec282c4b Jason Wang 2018-08-06  1207  		ret = copy_to_iter(start, size, to);
429711aec282c4b Jason Wang 2018-08-06 @1208  		if (ret != size || msg->type != VHOST_IOTLB_MISS) {
6b1e6cc7855b09a Jason Wang 2016-06-23  1209  			kfree(node);
6b1e6cc7855b09a Jason Wang 2016-06-23  1210  			return ret;
6b1e6cc7855b09a Jason Wang 2016-06-23  1211  		}
6b1e6cc7855b09a Jason Wang 2016-06-23  1212  		vhost_enqueue_msg(dev, &dev->pending_list, node);
6b1e6cc7855b09a Jason Wang 2016-06-23  1213  	}
6b1e6cc7855b09a Jason Wang 2016-06-23  1214  
6b1e6cc7855b09a Jason Wang 2016-06-23  1215  	return ret;
6b1e6cc7855b09a Jason Wang 2016-06-23  1216  }
6b1e6cc7855b09a Jason Wang 2016-06-23  1217  EXPORT_SYMBOL_GPL(vhost_chr_read_iter);
6b1e6cc7855b09a Jason Wang 2016-06-23  1218  

:::::: The code at line 1208 was first introduced by commit
:::::: 429711aec282c4b5fe5bbd7b2f0bbbff4110ffb2 vhost: switch to use new message format

:::::: TO: Jason Wang <jasowang@redhat.com>
:::::: CC: David S. Miller <davem@davemloft.net>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org