On 3/29/23 01:30, Dan Carpenter wrote:
> Hello Bob Pearson,
>
> The patch 5bf944f24129: "RDMA/rxe: Add error messages" from Mar 3,
> 2023, leads to the following Smatch static checker warning:
>
> drivers/infiniband/sw/rxe/rxe_verbs.c:1294 rxe_alloc_mr()
> error: potential null dereference 'mr'. (kzalloc returns null)
>
> drivers/infiniband/sw/rxe/rxe_verbs.c
> 1276 static struct ib_mr *rxe_alloc_mr(struct ib_pd *ibpd, enum ib_mr_type mr_type,
> 1277 u32 max_num_sg)
> 1278 {
> 1279 struct rxe_dev *rxe = to_rdev(ibpd->device);
> 1280 struct rxe_pd *pd = to_rpd(ibpd);
> 1281 struct rxe_mr *mr;
> 1282 int err, cleanup_err;
> 1283
> 1284 if (mr_type != IB_MR_TYPE_MEM_REG) {
> 1285 err = -EINVAL;
> 1286 rxe_dbg_pd(pd, "mr type %d not supported, err = %d",
> 1287 mr_type, err);
> 1288 goto err_out;
> 1289 }
> 1290
> 1291 mr = kzalloc(sizeof(*mr), GFP_KERNEL);
> 1292 if (!mr) {
> 1293 err = -ENOMEM;
> --> 1294 rxe_dbg_mr(mr, "no memory for mr");
> ^^
> NULL dereference.
>
> 1295 goto err_out;
> 1296 }
> 1297
> 1298 err = rxe_add_to_pool(&rxe->mr_pool, mr);
> 1299 if (err) {
> 1300 rxe_dbg_mr(mr, "unable to create mr, err = %d", err);
> ^^
> mr->ibmr.device is not set yet so this doesn't work.
>
> 1301 goto err_free;
> 1302 }
> 1303
> 1304 rxe_get(pd);
> 1305 mr->ibmr.pd = ibpd;
> 1306 mr->ibmr.device = ibpd->device;
> ^^^^^^^^^^^^^^^
>
> 1307
> 1308 err = rxe_mr_init_fast(max_num_sg, mr);
> 1309 if (err) {
> 1310 rxe_dbg_mr(mr, "alloc_mr failed, err = %d", err);
> 1311 goto err_cleanup;
> 1312 }
> 1313
> 1314 rxe_finalize(mr);
> 1315 return &mr->ibmr;
> 1316
> 1317 err_cleanup:
> 1318 cleanup_err = rxe_cleanup(mr);
> 1319 if (cleanup_err)
> 1320 rxe_err_mr(mr, "cleanup failed, err = %d", err);
> 1321 err_free:
> 1322 kfree(mr);
> 1323 err_out:
> 1324 rxe_err_pd(pd, "returned err = %d", err);
> 1325 return ERR_PTR(err);
> 1326 }
>
> regards,
> dan carpenter
Thanks Dan, good call. -- Bob
