* drivers/vhost/vhost.c:1208 vhost_chr_read_iter() error: potentially dereferencing uninitialized 'msg'.
@ 2021-01-04 23:09 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2021-01-04 23:09 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 5830 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Tiwei Bie <tiwei.bie@intel.com>
CC: "Michael S. Tsirkin" <mst@redhat.com>
CC: "Eugenio Pérez" <eperezma@redhat.com>
CC: Jason Wang <jasowang@redhat.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62
commit: 4c8cf31885f69e86be0b5b9e6677a26797365e1d vhost: introduce vDPA-based backend
date: 9 months ago
:::::: branch date: 23 hours ago
:::::: commit date: 9 months ago
config: ia64-randconfig-m031-20210105 (attached as .config)
compiler: ia64-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
drivers/vhost/vhost.c:1208 vhost_chr_read_iter() error: potentially dereferencing uninitialized 'msg'.
drivers/vhost/vhost.c:1516 vhost_vring_set_num_addr() error: uninitialized symbol 'r'.
vim +/msg +1208 drivers/vhost/vhost.c
6b1e6cc7855b09a Jason Wang 2016-06-23 1150
6b1e6cc7855b09a Jason Wang 2016-06-23 1151 ssize_t vhost_chr_read_iter(struct vhost_dev *dev, struct iov_iter *to,
6b1e6cc7855b09a Jason Wang 2016-06-23 1152 int noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23 1153 {
6b1e6cc7855b09a Jason Wang 2016-06-23 1154 DEFINE_WAIT(wait);
6b1e6cc7855b09a Jason Wang 2016-06-23 1155 struct vhost_msg_node *node;
6b1e6cc7855b09a Jason Wang 2016-06-23 1156 ssize_t ret = 0;
6b1e6cc7855b09a Jason Wang 2016-06-23 1157 unsigned size = sizeof(struct vhost_msg);
6b1e6cc7855b09a Jason Wang 2016-06-23 1158
6b1e6cc7855b09a Jason Wang 2016-06-23 1159 if (iov_iter_count(to) < size)
6b1e6cc7855b09a Jason Wang 2016-06-23 1160 return 0;
6b1e6cc7855b09a Jason Wang 2016-06-23 1161
6b1e6cc7855b09a Jason Wang 2016-06-23 1162 while (1) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1163 if (!noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23 1164 prepare_to_wait(&dev->wait, &wait,
6b1e6cc7855b09a Jason Wang 2016-06-23 1165 TASK_INTERRUPTIBLE);
6b1e6cc7855b09a Jason Wang 2016-06-23 1166
6b1e6cc7855b09a Jason Wang 2016-06-23 1167 node = vhost_dequeue_msg(dev, &dev->read_list);
6b1e6cc7855b09a Jason Wang 2016-06-23 1168 if (node)
6b1e6cc7855b09a Jason Wang 2016-06-23 1169 break;
6b1e6cc7855b09a Jason Wang 2016-06-23 1170 if (noblock) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1171 ret = -EAGAIN;
6b1e6cc7855b09a Jason Wang 2016-06-23 1172 break;
6b1e6cc7855b09a Jason Wang 2016-06-23 1173 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1174 if (signal_pending(current)) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1175 ret = -ERESTARTSYS;
6b1e6cc7855b09a Jason Wang 2016-06-23 1176 break;
6b1e6cc7855b09a Jason Wang 2016-06-23 1177 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1178 if (!dev->iotlb) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1179 ret = -EBADFD;
6b1e6cc7855b09a Jason Wang 2016-06-23 1180 break;
6b1e6cc7855b09a Jason Wang 2016-06-23 1181 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1182
6b1e6cc7855b09a Jason Wang 2016-06-23 1183 schedule();
6b1e6cc7855b09a Jason Wang 2016-06-23 1184 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1185
6b1e6cc7855b09a Jason Wang 2016-06-23 1186 if (!noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23 1187 finish_wait(&dev->wait, &wait);
6b1e6cc7855b09a Jason Wang 2016-06-23 1188
6b1e6cc7855b09a Jason Wang 2016-06-23 1189 if (node) {
429711aec282c4b Jason Wang 2018-08-06 1190 struct vhost_iotlb_msg *msg;
429711aec282c4b Jason Wang 2018-08-06 1191 void *start = &node->msg;
429711aec282c4b Jason Wang 2018-08-06 1192
429711aec282c4b Jason Wang 2018-08-06 1193 switch (node->msg.type) {
429711aec282c4b Jason Wang 2018-08-06 1194 case VHOST_IOTLB_MSG:
429711aec282c4b Jason Wang 2018-08-06 1195 size = sizeof(node->msg);
429711aec282c4b Jason Wang 2018-08-06 1196 msg = &node->msg.iotlb;
429711aec282c4b Jason Wang 2018-08-06 1197 break;
429711aec282c4b Jason Wang 2018-08-06 1198 case VHOST_IOTLB_MSG_V2:
429711aec282c4b Jason Wang 2018-08-06 1199 size = sizeof(node->msg_v2);
429711aec282c4b Jason Wang 2018-08-06 1200 msg = &node->msg_v2.iotlb;
429711aec282c4b Jason Wang 2018-08-06 1201 break;
429711aec282c4b Jason Wang 2018-08-06 1202 default:
429711aec282c4b Jason Wang 2018-08-06 1203 BUG();
429711aec282c4b Jason Wang 2018-08-06 1204 break;
429711aec282c4b Jason Wang 2018-08-06 1205 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1206
429711aec282c4b Jason Wang 2018-08-06 1207 ret = copy_to_iter(start, size, to);
429711aec282c4b Jason Wang 2018-08-06 @1208 if (ret != size || msg->type != VHOST_IOTLB_MISS) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1209 kfree(node);
6b1e6cc7855b09a Jason Wang 2016-06-23 1210 return ret;
6b1e6cc7855b09a Jason Wang 2016-06-23 1211 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1212 vhost_enqueue_msg(dev, &dev->pending_list, node);
6b1e6cc7855b09a Jason Wang 2016-06-23 1213 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1214
6b1e6cc7855b09a Jason Wang 2016-06-23 1215 return ret;
6b1e6cc7855b09a Jason Wang 2016-06-23 1216 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1217 EXPORT_SYMBOL_GPL(vhost_chr_read_iter);
6b1e6cc7855b09a Jason Wang 2016-06-23 1218
:::::: The code at line 1208 was first introduced by commit
:::::: 429711aec282c4b5fe5bbd7b2f0bbbff4110ffb2 vhost: switch to use new message format
:::::: TO: Jason Wang <jasowang@redhat.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 19039 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* drivers/vhost/vhost.c:1208 vhost_chr_read_iter() error: potentially dereferencing uninitialized 'msg'.
@ 2020-12-17 6:31 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2020-12-17 6:31 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 5950 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Tiwei Bie <tiwei.bie@intel.com>
CC: "Michael S. Tsirkin" <mst@redhat.com>
CC: "Eugenio Pérez" <eperezma@redhat.com>
CC: Jason Wang <jasowang@redhat.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: accefff5b547a9a1d959c7e76ad539bf2480e78b
commit: 4c8cf31885f69e86be0b5b9e6677a26797365e1d vhost: introduce vDPA-based backend
date: 9 months ago
:::::: branch date: 6 hours ago
:::::: commit date: 9 months ago
config: arc-randconfig-m031-20201217 (attached as .config)
compiler: arceb-elf-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
drivers/vhost/vhost.c:1208 vhost_chr_read_iter() error: potentially dereferencing uninitialized 'msg'.
drivers/vhost/vhost.c:1516 vhost_vring_set_num_addr() error: uninitialized symbol 'r'.
Old smatch warnings:
arch/arc/include/asm/thread_info.h:65 current_thread_info() error: uninitialized symbol 'sp'.
vim +/msg +1208 drivers/vhost/vhost.c
6b1e6cc7855b09a Jason Wang 2016-06-23 1150
6b1e6cc7855b09a Jason Wang 2016-06-23 1151 ssize_t vhost_chr_read_iter(struct vhost_dev *dev, struct iov_iter *to,
6b1e6cc7855b09a Jason Wang 2016-06-23 1152 int noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23 1153 {
6b1e6cc7855b09a Jason Wang 2016-06-23 1154 DEFINE_WAIT(wait);
6b1e6cc7855b09a Jason Wang 2016-06-23 1155 struct vhost_msg_node *node;
6b1e6cc7855b09a Jason Wang 2016-06-23 1156 ssize_t ret = 0;
6b1e6cc7855b09a Jason Wang 2016-06-23 1157 unsigned size = sizeof(struct vhost_msg);
6b1e6cc7855b09a Jason Wang 2016-06-23 1158
6b1e6cc7855b09a Jason Wang 2016-06-23 1159 if (iov_iter_count(to) < size)
6b1e6cc7855b09a Jason Wang 2016-06-23 1160 return 0;
6b1e6cc7855b09a Jason Wang 2016-06-23 1161
6b1e6cc7855b09a Jason Wang 2016-06-23 1162 while (1) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1163 if (!noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23 1164 prepare_to_wait(&dev->wait, &wait,
6b1e6cc7855b09a Jason Wang 2016-06-23 1165 TASK_INTERRUPTIBLE);
6b1e6cc7855b09a Jason Wang 2016-06-23 1166
6b1e6cc7855b09a Jason Wang 2016-06-23 1167 node = vhost_dequeue_msg(dev, &dev->read_list);
6b1e6cc7855b09a Jason Wang 2016-06-23 1168 if (node)
6b1e6cc7855b09a Jason Wang 2016-06-23 1169 break;
6b1e6cc7855b09a Jason Wang 2016-06-23 1170 if (noblock) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1171 ret = -EAGAIN;
6b1e6cc7855b09a Jason Wang 2016-06-23 1172 break;
6b1e6cc7855b09a Jason Wang 2016-06-23 1173 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1174 if (signal_pending(current)) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1175 ret = -ERESTARTSYS;
6b1e6cc7855b09a Jason Wang 2016-06-23 1176 break;
6b1e6cc7855b09a Jason Wang 2016-06-23 1177 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1178 if (!dev->iotlb) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1179 ret = -EBADFD;
6b1e6cc7855b09a Jason Wang 2016-06-23 1180 break;
6b1e6cc7855b09a Jason Wang 2016-06-23 1181 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1182
6b1e6cc7855b09a Jason Wang 2016-06-23 1183 schedule();
6b1e6cc7855b09a Jason Wang 2016-06-23 1184 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1185
6b1e6cc7855b09a Jason Wang 2016-06-23 1186 if (!noblock)
6b1e6cc7855b09a Jason Wang 2016-06-23 1187 finish_wait(&dev->wait, &wait);
6b1e6cc7855b09a Jason Wang 2016-06-23 1188
6b1e6cc7855b09a Jason Wang 2016-06-23 1189 if (node) {
429711aec282c4b Jason Wang 2018-08-06 1190 struct vhost_iotlb_msg *msg;
429711aec282c4b Jason Wang 2018-08-06 1191 void *start = &node->msg;
429711aec282c4b Jason Wang 2018-08-06 1192
429711aec282c4b Jason Wang 2018-08-06 1193 switch (node->msg.type) {
429711aec282c4b Jason Wang 2018-08-06 1194 case VHOST_IOTLB_MSG:
429711aec282c4b Jason Wang 2018-08-06 1195 size = sizeof(node->msg);
429711aec282c4b Jason Wang 2018-08-06 1196 msg = &node->msg.iotlb;
429711aec282c4b Jason Wang 2018-08-06 1197 break;
429711aec282c4b Jason Wang 2018-08-06 1198 case VHOST_IOTLB_MSG_V2:
429711aec282c4b Jason Wang 2018-08-06 1199 size = sizeof(node->msg_v2);
429711aec282c4b Jason Wang 2018-08-06 1200 msg = &node->msg_v2.iotlb;
429711aec282c4b Jason Wang 2018-08-06 1201 break;
429711aec282c4b Jason Wang 2018-08-06 1202 default:
429711aec282c4b Jason Wang 2018-08-06 1203 BUG();
429711aec282c4b Jason Wang 2018-08-06 1204 break;
429711aec282c4b Jason Wang 2018-08-06 1205 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1206
429711aec282c4b Jason Wang 2018-08-06 1207 ret = copy_to_iter(start, size, to);
429711aec282c4b Jason Wang 2018-08-06 @1208 if (ret != size || msg->type != VHOST_IOTLB_MISS) {
6b1e6cc7855b09a Jason Wang 2016-06-23 1209 kfree(node);
6b1e6cc7855b09a Jason Wang 2016-06-23 1210 return ret;
6b1e6cc7855b09a Jason Wang 2016-06-23 1211 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1212 vhost_enqueue_msg(dev, &dev->pending_list, node);
6b1e6cc7855b09a Jason Wang 2016-06-23 1213 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1214
6b1e6cc7855b09a Jason Wang 2016-06-23 1215 return ret;
6b1e6cc7855b09a Jason Wang 2016-06-23 1216 }
6b1e6cc7855b09a Jason Wang 2016-06-23 1217 EXPORT_SYMBOL_GPL(vhost_chr_read_iter);
6b1e6cc7855b09a Jason Wang 2016-06-23 1218
:::::: The code at line 1208 was first introduced by commit
:::::: 429711aec282c4b5fe5bbd7b2f0bbbff4110ffb2 vhost: switch to use new message format
:::::: TO: Jason Wang <jasowang@redhat.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 31290 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-01-04 23:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-04 23:09 drivers/vhost/vhost.c:1208 vhost_chr_read_iter() error: potentially dereferencing uninitialized 'msg' kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2020-12-17 6:31 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.