Hello Cheng Xu,
The patch 155055771704: "RDMA/erdma: Add verbs implementation" from
Jul 27, 2022 (linux-next), leads to the following Smatch static
checker warning:
drivers/infiniband/hw/erdma/erdma_verbs.c:1044 erdma_get_dma_mr()
error: potential zalloc NULL dereference: 'mr->mem.mtt'
drivers/infiniband/hw/erdma/erdma_verbs.c
1023 struct ib_mr *erdma_get_dma_mr(struct ib_pd *ibpd, int acc)
1024 {
1025 struct erdma_dev *dev = to_edev(ibpd->device);
1026 struct erdma_mr *mr;
1027 u32 stag;
1028 int ret;
1029
1030 mr = kzalloc(sizeof(*mr), GFP_KERNEL);
1031 if (!mr)
1032 return ERR_PTR(-ENOMEM);
1033
1034 ret = erdma_create_stag(dev, &stag);
1035 if (ret)
1036 goto out_free;
1037
1038 mr->type = ERDMA_MR_TYPE_DMA;
1039
1040 mr->ibmr.lkey = stag;
1041 mr->ibmr.rkey = stag;
1042 mr->ibmr.pd = ibpd;
1043 mr->access = ERDMA_MR_ACC_LR | to_erdma_access_flags(acc);
--> 1044 ret = regmr_cmd(dev, mr);
The "mr->mem.mtt" pointer is NULL here so regmr_cmd() will crash. There
are three callers and the other two are correct.
1045 if (ret)
1046 goto out_remove_stag;
1047
1048 return &mr->ibmr;
1049
1050 out_remove_stag:
1051 erdma_free_idx(&dev->res_cb[ERDMA_RES_TYPE_STAG_IDX],
1052 mr->ibmr.lkey >> 8);
1053
1054 out_free:
1055 kfree(mr);
1056
1057 return ERR_PTR(ret);
1058 }
regards,
dan carpenter
