Hello Bob Pearson,
The patch 5bf944f24129: "RDMA/rxe: Add error messages" from Mar 3,
2023, leads to the following Smatch static checker warning:
drivers/infiniband/sw/rxe/rxe_verbs.c:1294 rxe_alloc_mr()
error: potential null dereference 'mr'. (kzalloc returns null)
drivers/infiniband/sw/rxe/rxe_verbs.c
1276 static struct ib_mr *rxe_alloc_mr(struct ib_pd *ibpd, enum ib_mr_type mr_type,
1277 u32 max_num_sg)
1278 {
1279 struct rxe_dev *rxe = to_rdev(ibpd->device);
1280 struct rxe_pd *pd = to_rpd(ibpd);
1281 struct rxe_mr *mr;
1282 int err, cleanup_err;
1283
1284 if (mr_type != IB_MR_TYPE_MEM_REG) {
1285 err = -EINVAL;
1286 rxe_dbg_pd(pd, "mr type %d not supported, err = %d",
1287 mr_type, err);
1288 goto err_out;
1289 }
1290
1291 mr = kzalloc(sizeof(*mr), GFP_KERNEL);
1292 if (!mr) {
1293 err = -ENOMEM;
--> 1294 rxe_dbg_mr(mr, "no memory for mr");
^^
NULL dereference.
1295 goto err_out;
1296 }
1297
1298 err = rxe_add_to_pool(&rxe->mr_pool, mr);
1299 if (err) {
1300 rxe_dbg_mr(mr, "unable to create mr, err = %d", err);
^^
mr->ibmr.device is not set yet so this doesn't work.
1301 goto err_free;
1302 }
1303
1304 rxe_get(pd);
1305 mr->ibmr.pd = ibpd;
1306 mr->ibmr.device = ibpd->device;
^^^^^^^^^^^^^^^
1307
1308 err = rxe_mr_init_fast(max_num_sg, mr);
1309 if (err) {
1310 rxe_dbg_mr(mr, "alloc_mr failed, err = %d", err);
1311 goto err_cleanup;
1312 }
1313
1314 rxe_finalize(mr);
1315 return &mr->ibmr;
1316
1317 err_cleanup:
1318 cleanup_err = rxe_cleanup(mr);
1319 if (cleanup_err)
1320 rxe_err_mr(mr, "cleanup failed, err = %d", err);
1321 err_free:
1322 kfree(mr);
1323 err_out:
1324 rxe_err_pd(pd, "returned err = %d", err);
1325 return ERR_PTR(err);
1326 }
regards,
dan carpenter
