On 5/22/22 05:34, Sergey Shtylyov wrote:
> In an unlikely (and probably wrong?) case that the 'ppi' parameter of
> ata_host_alloc_pinfo() points to an array starting with a NULL pointer,
> there's going to be a kernel oops as the 'pi' local variable won't get
> reassigned from the initial value of NULL. Initialize 'pi' instead to
> '&ata_dummy_port_info' to fix the possible kernel oops for good...
>
> Found by Linux Verification Center (linuxtesting.org) with the SVACE static
> analysis tool.
>
> Signed-off-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
>
> ---
> This patch is against the 'for-next' branch of Damien's 'libata.git' repo.
>
> Changes in version 2:
> - switched from the 'pi' variable assignment in the *for* statement to the
> initializer, updating the patch description accordingly.
>
> drivers/ata/libata-core.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> Index: libata/drivers/ata/libata-core.c
> ===================================================================
> --- libata.orig/drivers/ata/libata-core.c
> +++ libata/drivers/ata/libata-core.c
> @@ -5462,7 +5462,7 @@ struct ata_host *ata_host_alloc_pinfo(st
> const struct ata_port_info * const * ppi,
> int n_ports)
> {
> - const struct ata_port_info *pi;
> + const struct ata_port_info *pi = &ata_dummy_port_info;
> struct ata_host *host;
> int i, j;
>
> @@ -5470,7 +5470,7 @@ struct ata_host *ata_host_alloc_pinfo(st
> if (!host)
> return NULL;
>
> - for (i = 0, j = 0, pi = NULL; i < host->n_ports; i++) {
> + for (i = 0, j = 0; i < host->n_ports; i++) {
> struct ata_port *ap = host->ports[i];
>
> if (ppi[j])
Applied to for-5.19-fixes. Thanks !
--
Damien Le Moal
Western Digital Research
