On 2021/08/16 20:29, James Bottomley wrote: > On Mon, 2021-08-16 at 10:44 +0900, Damien Le Moal wrote: >> Avoid static checkers warnings about a potential NULL pointer >> dereference for the port info variable pi. To do so, test that at >> least >> one port info is available on entry to ata_host_alloc_pinfo() and >> start >> the ata port initialization for() loop with pi initialized to the >> first >> port info passed as argument (which is already checked to be non >> NULL). >> Within the for() loop, get the next port info, if it is not NULL, >> after initializing the ata port using the previous port info. >> >> Reported-by: kernel test robot <lkp@xxxxxxxxx> >> Signed-off-by: Damien Le Moal <damien.lemoal@xxxxxxx> >> --- >> drivers/ata/libata-core.c | 18 ++++++++++++++---- >> 1 file changed, 14 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c >> index 61c762961ca8..b237a718ea0f 100644 >> --- a/drivers/ata/libata-core.c >> +++ b/drivers/ata/libata-core.c >> @@ -5441,16 +5441,17 @@ struct ata_host *ata_host_alloc_pinfo(struct >> device *dev, >> struct ata_host *host; >> int i, j; >> >> + /* We must have at least one port info */ >> + if (!ppi[0]) >> + return NULL; > > I've got to ask why on this one: most libata drivers use a static array > for the port info. If the first element is NULL that's a coding > failure inside the driver, so WARN_ON would probably be more helpful to > the driver writer. > > What makes the static checker think ppi isn't NULL? > >> + >> host = ata_host_alloc(dev, n_ports); >> if (!host) >> return NULL; >> >> - for (i = 0, j = 0, pi = NULL; i < host->n_ports; i++) { >> + for (i = 0, j = 0, pi = ppi[0]; i < host->n_ports; i++) { >> struct ata_port *ap = host->ports[i]; >> >> - if (ppi[j]) >> - pi = ppi[j++]; >> - >> ap->pio_mask = pi->pio_mask; >> ap->mwdma_mask = pi->mwdma_mask; >> ap->udma_mask = pi->udma_mask; >> @@ -5460,6 +5461,15 @@ struct ata_host *ata_host_alloc_pinfo(struct >> device *dev, >> >> if (!host->ops && (pi->port_ops != >> &ata_dummy_port_ops)) >> host->ops = pi->port_ops; >> + >> + /* >> + * Check that the next port info is not NULL. >> + * If it is, keep using the current one. >> + */ >> + if (j < n_ports - 1 && ppi[j + 1]) { >> + j++; >> + pi = ppi[j]; >> + } > > This looks completely pointless: once you've verified ppi[0] is not > NULL above, there's no possible NULL deref in that loop and the static > checker should see it. If it doesn't we need a new static checker > because we shouldn't be perturbing code for broken tools. I do not know how to run that static checker which sent the warnings initially. I changed the code to avoid all the "dumb" cases it thinks are possible and leading to the NULL deref signaled. I think we should drop this patch. If the checker complains again, then I can revisit in a different series. Jens, can you drop this one when you apply the series (if you think it is good to apply). Or should I resend a v8 without this patch ? > > James > > > -- Damien Le Moal Western Digital Research