Hello Avihai Horon,
The patch 9f85cbe50aa0: "RDMA/uverbs: Expose the new GID query API to
user space" from Sep 23, 2020, leads to the following static checker
warning:
drivers/infiniband/core/uverbs_std_types_device.c:338 ib_uverbs_handler_UVERBS_METHOD_QUERY_GID_TABLE()
warn: 'max_entries' unsigned <= 0
drivers/infiniband/core/uverbs_std_types_device.c
312 static int UVERBS_HANDLER(UVERBS_METHOD_QUERY_GID_TABLE)(
313 struct uverbs_attr_bundle *attrs)
314 {
315 struct ib_uverbs_gid_entry *entries;
316 struct ib_ucontext *ucontext;
317 struct ib_device *ib_dev;
318 size_t user_entry_size;
319 ssize_t num_entries;
320 size_t max_entries;
321 size_t num_bytes;
322 u32 flags;
323 int ret;
324
325 ret = uverbs_get_flags32(&flags, attrs,
326 UVERBS_ATTR_QUERY_GID_TABLE_FLAGS, 0);
327 if (ret)
328 return ret;
329
330 ret = uverbs_get_const(&user_entry_size, attrs,
331 UVERBS_ATTR_QUERY_GID_TABLE_ENTRY_SIZE);
332 if (ret)
333 return ret;
334
335 max_entries = uverbs_attr_ptr_get_array_size(
336 attrs, UVERBS_ATTR_QUERY_GID_TABLE_RESP_ENTRIES,
337 user_entry_size);
338 if (max_entries <= 0)
^^^^^^^^^^^^^^^^
size_t is unsigned so negative returns from uverbs_attr_ptr_get_array_size()
are treated as high postives.
339 return -EINVAL;
340
341 ucontext = ib_uverbs_get_ucontext(attrs);
342 if (IS_ERR(ucontext))
343 return PTR_ERR(ucontext);
344 ib_dev = ucontext->device;
345
346 if (check_mul_overflow(max_entries, sizeof(*entries), &num_bytes))
347 return -EINVAL;
348
349 entries = uverbs_zalloc(attrs, num_bytes);
350 if (!entries)
351 return -ENOMEM;
352
regards,
dan carpenter
