[bug report] net/mlx5: HWS, added send engine and context handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Yevgeny Kliteynik,

Commit 2ca62599aa0b ("net/mlx5: HWS, added send engine and context
handling") from Jun 20, 2024 (linux-next), leads to the following
Smatch static checker warning:

drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_send.c:739 hws_send_ring_open_sq() warn: 'sq->dep_wqe' double freed
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_send.c:739 hws_send_ring_open_sq() warn: 'sq->wq_ctrl.buf.frags' double freed
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_send.c:739 hws_send_ring_open_sq() warn: 'sq->wr_priv' double freed

drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_send.c
    704 static int hws_send_ring_open_sq(struct mlx5hws_context *ctx,
    705                                  int numa_node,
    706                                  struct mlx5hws_send_engine *queue,
    707                                  struct mlx5hws_send_ring_sq *sq,
    708                                  struct mlx5hws_send_ring_cq *cq)
    709 {
    710         size_t buf_sz, sq_log_buf_sz;
    711         void *sqc_data, *wq;
    712         int err;
    713 
    714         sqc_data = kvzalloc(MLX5_ST_SZ_BYTES(sqc), GFP_KERNEL);
    715         if (!sqc_data)
    716                 return -ENOMEM;
    717 
    718         buf_sz = queue->num_entries * MAX_WQES_PER_RULE;
    719         sq_log_buf_sz = ilog2(roundup_pow_of_two(buf_sz));
    720 
    721         wq = MLX5_ADDR_OF(sqc, sqc_data, wq);
    722         MLX5_SET(wq, wq, log_wq_stride, ilog2(MLX5_SEND_WQE_BB));
    723         MLX5_SET(wq, wq, pd, ctx->pd_num);
    724         MLX5_SET(wq, wq, log_wq_sz, sq_log_buf_sz);
    725 
    726         err = hws_send_ring_alloc_sq(ctx->mdev, numa_node, queue, sq, sqc_data);
    727         if (err)
    728                 goto err_free_sqc;
    729 
    730         err = hws_send_ring_create_sq_rdy(ctx->mdev, ctx->pd_num, sqc_data,
    731                                           queue, sq, cq);
    732         if (err)
    733                 goto err_free_sq;

hws_send_ring_create_sq_rdy() calls hws_send_ring_close_sq() on error.

I would say that it's the free in hws_send_ring_create_sq_rdy() which
should be modified.  There isn't an official style guideline for error
handling so do whatever works for you.  But I've written a guide to how
people often do it:
https://staticthinking.wordpress.com/2022/04/28/free-the-last-thing-style/

    734 
    735         kvfree(sqc_data);
    736 
    737         return 0;
    738 err_free_sq:
--> 739         hws_send_ring_free_sq(sq);

It results in a double free.

    740 err_free_sqc:
    741         kvfree(sqc_data);
    742         return err;
    743 }

regards,
dan carpenter
[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux