Yes! Thanks a lot for catching it. -----Original Message----- From: Julia Lawall [mailto:julia.lawall(a)inria.fr] Sent: Thursday, May 14, 2020 10:42 PM To: Lu, Baolu Cc: Lu Baolu ; kbuild-all(a)lists.01.org Subject: [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced. (fwd) Hello, Line 367 requires svm to be a valid pointer. This will cause problems with at least the gotos on lines 266 and 300. julia ---------- Forwarded message ---------- Date: Thu, 14 May 2020 18:31:21 +0800 From: kbuild test robot To: kbuild(a)lists.01.org Cc: lkp(a)intel.com, Julia Lawall Subject: [baolu:iommu/next/20200514 4/16] drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced. CC: kbuild-all(a)lists.01.org CC: Baolu Lu TO: Lu Baolu tree: baolu/iommu/next/20200514 head: 28c528ddc9501f8caba71dba375bd1d35403dd4b commit: 64e95c1afbadc5601bc100f6424b1848888613f7 [4/16] iommu/vt-d: Add bind guest PASID support :::::: branch date: 8 hours ago :::::: commit date: 8 hours ago If you fix the issue, kindly add following tag as appropriate Reported-by: kbuild test robot Reported-by: Julia Lawall coccinelle warnings: (new ones prefixed by >>) >> drivers/iommu/intel-svm.c:367:22-26: ERROR: svm is NULL but dereferenced. git remote add baolu git://bee.sh.intel.com/git/blu2/usb.git git remote update baolu git checkout 64e95c1afbadc5601bc100f6424b1848888613f7 vim +367 drivers/iommu/intel-svm.c 2f26e0a9c9860d David Woodhouse 2015-09-09 224 034d473109e907 Jacob Pan 2020-01-02 225 #define for_each_svm_dev(sdev, svm, d) \ 034d473109e907 Jacob Pan 2020-01-02 226 list_for_each_entry((sdev), &(svm)->devs, list) \ 034d473109e907 Jacob Pan 2020-01-02 227 if ((d) != (sdev)->dev) {} else 034d473109e907 Jacob Pan 2020-01-02 228 64e95c1afbadc5 Jacob Pan 2020-05-14 229 int intel_svm_bind_gpasid(struct iommu_domain *domain, struct device *dev, 64e95c1afbadc5 Jacob Pan 2020-05-14 230 struct iommu_gpasid_bind_data *data) 64e95c1afbadc5 Jacob Pan 2020-05-14 231 { 64e95c1afbadc5 Jacob Pan 2020-05-14 232 struct intel_iommu *iommu = intel_svm_device_to_iommu(dev); 64e95c1afbadc5 Jacob Pan 2020-05-14 233 struct dmar_domain *dmar_domain; 64e95c1afbadc5 Jacob Pan 2020-05-14 234 struct intel_svm_dev *sdev; 64e95c1afbadc5 Jacob Pan 2020-05-14 235 struct intel_svm *svm; 64e95c1afbadc5 Jacob Pan 2020-05-14 236 int ret = 0; 64e95c1afbadc5 Jacob Pan 2020-05-14 237 64e95c1afbadc5 Jacob Pan 2020-05-14 238 if (WARN_ON(!iommu) || !data) 64e95c1afbadc5 Jacob Pan 2020-05-14 239 return -EINVAL; 64e95c1afbadc5 Jacob Pan 2020-05-14 240 64e95c1afbadc5 Jacob Pan 2020-05-14 241 if (data->version != IOMMU_GPASID_BIND_VERSION_1 || 64e95c1afbadc5 Jacob Pan 2020-05-14 242 data->format != IOMMU_PASID_FORMAT_INTEL_VTD) 64e95c1afbadc5 Jacob Pan 2020-05-14 243 return -EINVAL; 64e95c1afbadc5 Jacob Pan 2020-05-14 244 64e95c1afbadc5 Jacob Pan 2020-05-14 245 if (dev_is_pci(dev)) { 64e95c1afbadc5 Jacob Pan 2020-05-14 246 /* VT-d supports devices with full 20 bit PASIDs only */ 64e95c1afbadc5 Jacob Pan 2020-05-14 247 if (pci_max_pasids(to_pci_dev(dev)) != PASID_MAX) 64e95c1afbadc5 Jacob Pan 2020-05-14 248 return -EINVAL; 64e95c1afbadc5 Jacob Pan 2020-05-14 249 } else { 64e95c1afbadc5 Jacob Pan 2020-05-14 250 return -ENOTSUPP; 64e95c1afbadc5 Jacob Pan 2020-05-14 251 } 64e95c1afbadc5 Jacob Pan 2020-05-14 252 64e95c1afbadc5 Jacob Pan 2020-05-14 253 /* 64e95c1afbadc5 Jacob Pan 2020-05-14 254 * We only check host PASID range, we have no knowledge to check 64e95c1afbadc5 Jacob Pan 2020-05-14 255 * guest PASID range. 64e95c1afbadc5 Jacob Pan 2020-05-14 256 */ 64e95c1afbadc5 Jacob Pan 2020-05-14 257 if (data->hpasid <= 0 || data->hpasid >= PASID_MAX) 64e95c1afbadc5 Jacob Pan 2020-05-14 258 return -EINVAL; 64e95c1afbadc5 Jacob Pan 2020-05-14 259 64e95c1afbadc5 Jacob Pan 2020-05-14 260 dmar_domain = to_dmar_domain(domain); 64e95c1afbadc5 Jacob Pan 2020-05-14 261 64e95c1afbadc5 Jacob Pan 2020-05-14 262 mutex_lock(&pasid_mutex); 64e95c1afbadc5 Jacob Pan 2020-05-14 263 svm = ioasid_find(NULL, data->hpasid, NULL); 64e95c1afbadc5 Jacob Pan 2020-05-14 264 if (IS_ERR(svm)) { 64e95c1afbadc5 Jacob Pan 2020-05-14 265 ret = PTR_ERR(svm); 64e95c1afbadc5 Jacob Pan 2020-05-14 266 goto out; 64e95c1afbadc5 Jacob Pan 2020-05-14 267 } 64e95c1afbadc5 Jacob Pan 2020-05-14 268 64e95c1afbadc5 Jacob Pan 2020-05-14 269 if (svm) { 64e95c1afbadc5 Jacob Pan 2020-05-14 270 /* 64e95c1afbadc5 Jacob Pan 2020-05-14 271 * If we found svm for the PASID, there must be at 64e95c1afbadc5 Jacob Pan 2020-05-14 272 * least one device bond, otherwise svm should be freed. 64e95c1afbadc5 Jacob Pan 2020-05-14 273 */ 64e95c1afbadc5 Jacob Pan 2020-05-14 274 if (WARN_ON(list_empty(&svm->devs))) { 64e95c1afbadc5 Jacob Pan 2020-05-14 275 ret = -EINVAL; 64e95c1afbadc5 Jacob Pan 2020-05-14 276 goto out; 64e95c1afbadc5 Jacob Pan 2020-05-14 277 } 64e95c1afbadc5 Jacob Pan 2020-05-14 278 64e95c1afbadc5 Jacob Pan 2020-05-14 279 for_each_svm_dev(sdev, svm, dev) { 64e95c1afbadc5 Jacob Pan 2020-05-14 280 /* 64e95c1afbadc5 Jacob Pan 2020-05-14 281 * For devices with aux domains, we should allow 64e95c1afbadc5 Jacob Pan 2020-05-14 282 * multiple bind calls with the same PASID and pdev. 64e95c1afbadc5 Jacob Pan 2020-05-14 283 */ 64e95c1afbadc5 Jacob Pan 2020-05-14 284 if (iommu_dev_feature_enabled(dev, 64e95c1afbadc5 Jacob Pan 2020-05-14 285 IOMMU_DEV_FEAT_AUX)) { 64e95c1afbadc5 Jacob Pan 2020-05-14 286 sdev->users++; 64e95c1afbadc5 Jacob Pan 2020-05-14 287 } else { 64e95c1afbadc5 Jacob Pan 2020-05-14 288 dev_warn_ratelimited(dev, 64e95c1afbadc5 Jacob Pan 2020-05-14 289 "Already bound with PASID %u\n", 64e95c1afbadc5 Jacob Pan 2020-05-14 290 svm->pasid); 64e95c1afbadc5 Jacob Pan 2020-05-14 291 ret = -EBUSY; 64e95c1afbadc5 Jacob Pan 2020-05-14 292 } 64e95c1afbadc5 Jacob Pan 2020-05-14 293 goto out; 64e95c1afbadc5 Jacob Pan 2020-05-14 294 } 64e95c1afbadc5 Jacob Pan 2020-05-14 295 } else { 64e95c1afbadc5 Jacob Pan 2020-05-14 296 /* We come here when PASID has never been bond to a device. */ 64e95c1afbadc5 Jacob Pan 2020-05-14 297 svm = kzalloc(sizeof(*svm), GFP_KERNEL); 64e95c1afbadc5 Jacob Pan 2020-05-14 298 if (!svm) { 64e95c1afbadc5 Jacob Pan 2020-05-14 299 ret = -ENOMEM; 64e95c1afbadc5 Jacob Pan 2020-05-14 300 goto out; 64e95c1afbadc5 Jacob Pan 2020-05-14 301 } 64e95c1afbadc5 Jacob Pan 2020-05-14 302 /* REVISIT: upper layer/VFIO can track host process that bind 64e95c1afbadc5 Jacob Pan 2020-05-14 303 * the PASID. ioasid_set = mm might be sufficient for vfio to 64e95c1afbadc5 Jacob Pan 2020-05-14 304 * check pasid VMM ownership. We can drop the following line 64e95c1afbadc5 Jacob Pan 2020-05-14 305 * once VFIO and IOASID set check is in place. 64e95c1afbadc5 Jacob Pan 2020-05-14 306 */ 64e95c1afbadc5 Jacob Pan 2020-05-14 307 svm->mm = get_task_mm(current); 64e95c1afbadc5 Jacob Pan 2020-05-14 308 svm->pasid = data->hpasid; 64e95c1afbadc5 Jacob Pan 2020-05-14 309 if (data->flags & IOMMU_SVA_GPASID_VAL) { 64e95c1afbadc5 Jacob Pan 2020-05-14 310 svm->gpasid = data->gpasid; 64e95c1afbadc5 Jacob Pan 2020-05-14 311 svm->flags |= SVM_FLAG_GUEST_PASID; 64e95c1afbadc5 Jacob Pan 2020-05-14 312 } 64e95c1afbadc5 Jacob Pan 2020-05-14 313 ioasid_set_data(data->hpasid, svm); 64e95c1afbadc5 Jacob Pan 2020-05-14 314 INIT_LIST_HEAD_RCU(&svm->devs); 64e95c1afbadc5 Jacob Pan 2020-05-14 315 mmput(svm->mm); 64e95c1afbadc5 Jacob Pan 2020-05-14 316 } 64e95c1afbadc5 Jacob Pan 2020-05-14 317 sdev = kzalloc(sizeof(*sdev), GFP_KERNEL); 64e95c1afbadc5 Jacob Pan 2020-05-14 318 if (!sdev) { 64e95c1afbadc5 Jacob Pan 2020-05-14 319 ret = -ENOMEM; 64e95c1afbadc5 Jacob Pan 2020-05-14 320 goto out; 64e95c1afbadc5 Jacob Pan 2020-05-14 321 } 64e95c1afbadc5 Jacob Pan 2020-05-14 322 sdev->dev = dev; 64e95c1afbadc5 Jacob Pan 2020-05-14 323 64e95c1afbadc5 Jacob Pan 2020-05-14 324 /* Only count users if device has aux domains */ 64e95c1afbadc5 Jacob Pan 2020-05-14 325 if (iommu_dev_feature_enabled(dev, IOMMU_DEV_FEAT_AUX)) 64e95c1afbadc5 Jacob Pan 2020-05-14 326 sdev->users = 1; 64e95c1afbadc5 Jacob Pan 2020-05-14 327 64e95c1afbadc5 Jacob Pan 2020-05-14 328 /* Set up device context entry for PASID if not enabled already */ 64e95c1afbadc5 Jacob Pan 2020-05-14 329 ret = intel_iommu_enable_pasid(iommu, sdev->dev); 64e95c1afbadc5 Jacob Pan 2020-05-14 330 if (ret) { 64e95c1afbadc5 Jacob Pan 2020-05-14 331 dev_err_ratelimited(dev, "Failed to enable PASID capability\n"); 64e95c1afbadc5 Jacob Pan 2020-05-14 332 kfree(sdev); 64e95c1afbadc5 Jacob Pan 2020-05-14 333 goto out; 64e95c1afbadc5 Jacob Pan 2020-05-14 334 } 64e95c1afbadc5 Jacob Pan 2020-05-14 335 64e95c1afbadc5 Jacob Pan 2020-05-14 336 /* 64e95c1afbadc5 Jacob Pan 2020-05-14 337 * PASID table is per device for better security. Therefore, for 64e95c1afbadc5 Jacob Pan 2020-05-14 338 * each bind of a new device even with an existing PASID, we need to 64e95c1afbadc5 Jacob Pan 2020-05-14 339 * call the nested mode setup function here. 64e95c1afbadc5 Jacob Pan 2020-05-14 340 */ 64e95c1afbadc5 Jacob Pan 2020-05-14 341 spin_lock(&iommu->lock); 64e95c1afbadc5 Jacob Pan 2020-05-14 342 ret = intel_pasid_setup_nested(iommu, 64e95c1afbadc5 Jacob Pan 2020-05-14 343 dev, 64e95c1afbadc5 Jacob Pan 2020-05-14 344 (pgd_t *)data->gpgd, 64e95c1afbadc5 Jacob Pan 2020-05-14 345 data->hpasid, 64e95c1afbadc5 Jacob Pan 2020-05-14 346 &data->vtd, 64e95c1afbadc5 Jacob Pan 2020-05-14 347 dmar_domain, 64e95c1afbadc5 Jacob Pan 2020-05-14 348 data->addr_width); 64e95c1afbadc5 Jacob Pan 2020-05-14 349 spin_unlock(&iommu->lock); 64e95c1afbadc5 Jacob Pan 2020-05-14 350 if (ret) { 64e95c1afbadc5 Jacob Pan 2020-05-14 351 dev_err_ratelimited(dev, "Failed to set up PASID %llu in nested mode, Err %d\n", 64e95c1afbadc5 Jacob Pan 2020-05-14 352 data->hpasid, ret); 64e95c1afbadc5 Jacob Pan 2020-05-14 353 /* 64e95c1afbadc5 Jacob Pan 2020-05-14 354 * PASID entry should be in cleared state if nested mode 64e95c1afbadc5 Jacob Pan 2020-05-14 355 * set up failed. So we only need to clear IOASID tracking 64e95c1afbadc5 Jacob Pan 2020-05-14 356 * data such that free call will succeed. 64e95c1afbadc5 Jacob Pan 2020-05-14 357 */ 64e95c1afbadc5 Jacob Pan 2020-05-14 358 kfree(sdev); 64e95c1afbadc5 Jacob Pan 2020-05-14 359 goto out; 64e95c1afbadc5 Jacob Pan 2020-05-14 360 } 64e95c1afbadc5 Jacob Pan 2020-05-14 361 64e95c1afbadc5 Jacob Pan 2020-05-14 362 svm->flags |= SVM_FLAG_GUEST_MODE; 64e95c1afbadc5 Jacob Pan 2020-05-14 363 64e95c1afbadc5 Jacob Pan 2020-05-14 364 init_rcu_head(&sdev->rcu); 64e95c1afbadc5 Jacob Pan 2020-05-14 365 list_add_rcu(&sdev->list, &svm->devs); 64e95c1afbadc5 Jacob Pan 2020-05-14 366 out: 64e95c1afbadc5 Jacob Pan 2020-05-14 @367 if (list_empty(&svm->devs)) { 64e95c1afbadc5 Jacob Pan 2020-05-14 368 ioasid_set_data(data->hpasid, NULL); 64e95c1afbadc5 Jacob Pan 2020-05-14 369 kfree(svm); 64e95c1afbadc5 Jacob Pan 2020-05-14 370 } 64e95c1afbadc5 Jacob Pan 2020-05-14 371 64e95c1afbadc5 Jacob Pan 2020-05-14 372 mutex_unlock(&pasid_mutex); 64e95c1afbadc5 Jacob Pan 2020-05-14 373 return ret; 64e95c1afbadc5 Jacob Pan 2020-05-14 374 } 64e95c1afbadc5 Jacob Pan 2020-05-14 375 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org