RE: [bug report] RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Subject: [bug report] RDMA/mana_ib: Add a driver for Microsoft Azure
> Network Adapter
> 
> Hello Long Li,
> 
> This is a semi-automatic email about new static checker warnings.
> 
> The patch 6dce3468a04c: "RDMA/mana_ib: Add a driver for Microsoft Azure
> Network Adapter" from Sep 20, 2022, leads to the following Smatch
> complaint:
> 
>     drivers/infiniband/hw/mana/qp.c:221 mana_ib_create_qp_rss()
>     warn: variable dereferenced before check 'udata' (see line 115)

Thank you, will fix this.

Long

> 
> drivers/infiniband/hw/mana/qp.c
>    114
>    115		if (udata->inlen < sizeof(ucmd))
>                     ^^^^^^^^^^^^
> This code assumes "udata" is non-NULL
> 
>    116			return -EINVAL;
>    117
>    118		ret = ib_copy_from_udata(&ucmd, udata, min(sizeof(ucmd),
> udata->inlen));
>    119		if (ret) {
>    120			ibdev_dbg(&mdev->ib_dev,
>    121				  "Failed copy from udata for create rss-qp,
> err %d\n",
>    122				  ret);
>    123			return -EFAULT;
>    124		}
>    125
>    126		if (attr->cap.max_recv_wr >
> MAX_SEND_BUFFERS_PER_QUEUE) {
>    127			ibdev_dbg(&mdev->ib_dev,
>    128				  "Requested max_recv_wr %d exceeding
> limit.\n",
>    129				  attr->cap.max_recv_wr);
>    130			return -EINVAL;
>    131		}
>    132
>    133		if (attr->cap.max_recv_sge > MAX_RX_WQE_SGL_ENTRIES) {
>    134			ibdev_dbg(&mdev->ib_dev,
>    135				  "Requested max_recv_sge %d exceeding
> limit.\n",
>    136				  attr->cap.max_recv_sge);
>    137			return -EINVAL;
>    138		}
>    139
>    140		if (ucmd.rx_hash_function !=
> MANA_IB_RX_HASH_FUNC_TOEPLITZ) {
>    141			ibdev_dbg(&mdev->ib_dev,
>    142				  "RX Hash function is not supported, %d\n",
>    143				  ucmd.rx_hash_function);
>    144			return -EINVAL;
>    145		}
>    146
>    147		/* IB ports start with 1, MANA start with 0 */
>    148		port = ucmd.port;
>    149		if (port < 1 || port > mc->num_ports) {
>    150			ibdev_dbg(&mdev->ib_dev, "Invalid port %u in
> creating qp\n",
>    151				  port);
>    152			return -EINVAL;
>    153		}
>    154		ndev = mc->ports[port - 1];
>    155		mpc = netdev_priv(ndev);
>    156
>    157		ibdev_dbg(&mdev->ib_dev, "rx_hash_function %d
> port %d\n",
>    158			  ucmd.rx_hash_function, port);
>    159
>    160		mana_ind_table = kzalloc(sizeof(mana_handle_t) *
>    161						 (1 << ind_tbl-
> >log_ind_tbl_size),
>    162					 GFP_KERNEL);
>    163		if (!mana_ind_table) {
>    164			ret = -ENOMEM;
>    165			goto fail;
>    166		}
>    167
>    168		qp->port = port;
>    169
>    170		for (i = 0; i < (1 << ind_tbl->log_ind_tbl_size); i++) {
>    171			struct mana_obj_spec wq_spec = {};
>    172			struct mana_obj_spec cq_spec = {};
>    173
>    174			ibwq = ind_tbl->ind_tbl[i];
>    175			wq = container_of(ibwq, struct mana_ib_wq, ibwq);
>    176
>    177			ibcq = ibwq->cq;
>    178			cq = container_of(ibcq, struct mana_ib_cq, ibcq);
>    179
>    180			wq_spec.gdma_region = wq->gdma_region;
>    181			wq_spec.queue_size = wq->wq_buf_size;
>    182
>    183			cq_spec.gdma_region = cq->gdma_region;
>    184			cq_spec.queue_size = cq->cqe * COMP_ENTRY_SIZE;
>    185			cq_spec.modr_ctx_id = 0;
>    186			cq_spec.attached_eq = GDMA_CQ_NO_EQ;
>    187
>    188			ret = mana_create_wq_obj(mpc, mpc->port_handle,
> GDMA_RQ,
>    189						 &wq_spec, &cq_spec, &wq-
> >rx_object);
>    190			if (ret)
>    191				goto fail;
>    192
>    193			/* The GDMA regions are now owned by the WQ
> object */
>    194			wq->gdma_region = GDMA_INVALID_DMA_REGION;
>    195			cq->gdma_region = GDMA_INVALID_DMA_REGION;
>    196
>    197			wq->id = wq_spec.queue_index;
>    198			cq->id = cq_spec.queue_index;
>    199
>    200			ibdev_dbg(&mdev->ib_dev,
>    201				  "ret %d rx_object 0x%llx wq id %llu cq
> id %llu\n",
>    202				  ret, wq->rx_object, wq->id, cq->id);
>    203
>    204			resp.entries[i].cqid = cq->id;
>    205			resp.entries[i].wqid = wq->id;
>    206
>    207			mana_ind_table[i] = wq->rx_object;
>    208		}
>    209		resp.num_entries = i;
>    210
>    211		ret = mana_ib_cfg_vport_steering(mdev, ndev, wq-
> >rx_object,
>    212						 mana_ind_table,
>    213						 ind_tbl->log_ind_tbl_size,
>    214						 ucmd.rx_hash_key_len,
>    215						 ucmd.rx_hash_key);
>    216		if (ret)
>    217			goto fail;
>    218
>    219		kfree(mana_ind_table);
>    220
>    221		if (udata) {
>                     ^^^^^
> Can it be NULL?
> 
>    222			ret = ib_copy_to_udata(udata, &resp, sizeof(resp));
>    223			if (ret) {
> 
> regards,
> dan carpenter
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux