On 2020-01-13 9:28 a.m., kbuild test robot wrote:
Hi Douglas,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on scsi/for-next]
[also build test WARNING on linus/master v5.5-rc6]
[cannot apply to mkp-scsi/for-next next-20200110]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]
url: https://github.com/0day-ci/linux/commits/Douglas-Gilbert/sg-add-v4-interface/20200113-080059
base: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next
If you fix the issue, kindly add following tag
Reported-by: kbuild test robot <lkp@xxxxxxxxx>
New smatch warnings:
drivers/scsi/sg.c:504 sg_open() error: potential null dereference 'sfp'. (sg_add_sfp returns null)
Old smatch warnings:
drivers/scsi/sg.c:3238 sg_find_srp_by_id() warn: statement has no effect 3
__attribute__((nonnull(<n>))) only applies to function arguments, not its
return value. So there seems no way to tell the compiler: this function,
that returns a pointer, should/will never return the NULL pointer; feel
free to check that.
sg_add_sfp() is such a function, if it fails its retval is either a valid
pointer _or_ IS_ERR(retval) is true. It follows that sfp->tid on line 504
can never be a null dereference.
Doug Gilbert
vim +/sfp +504 drivers/scsi/sg.c
433
434 /*
435 * Corresponds to the open() system call on sg devices. Implements O_EXCL on
436 * a per device basis using 'open_cnt'. If O_EXCL and O_NONBLOCK and there is
437 * already a sg handle open on this device then it fails with an errno of
438 * EBUSY. Without the O_NONBLOCK flag then this thread enters an interruptible
439 * wait until the other handle(s) are closed.
440 */
441 static int
442 sg_open(struct inode *inode, struct file *filp)
443 {
444 bool o_excl, non_block;
445 int min_dev = iminor(inode);
446 int op_flags = filp->f_flags;
447 int res;
448 __maybe_unused int o_count;
449 struct sg_device *sdp;
450 struct sg_fd *sfp;
451
452 nonseekable_open(inode, filp);
453 o_excl = !!(op_flags & O_EXCL);
454 non_block = !!(op_flags & O_NONBLOCK);
455 if (o_excl && ((op_flags & O_ACCMODE) == O_RDONLY))
456 return -EPERM;/* not permitted, need write access for O_EXCL */
457 sdp = sg_get_dev(min_dev); /* increments sdp->d_ref */
458 if (IS_ERR(sdp))
459 return PTR_ERR(sdp);
460
461 /* Prevent the device driver from vanishing while we sleep */
462 res = scsi_device_get(sdp->device);
463 if (res)
464 goto sg_put;
465 res = scsi_autopm_get_device(sdp->device);
466 if (res)
467 goto sdp_put;
468 res = sg_allow_if_err_recovery(sdp, non_block);
469 if (res)
470 goto error_out;
471
472 mutex_lock(&sdp->open_rel_lock);
473 if (op_flags & O_NONBLOCK) {
474 if (o_excl) {
475 if (atomic_read(&sdp->open_cnt) > 0) {
476 res = -EBUSY;
477 goto error_mutex_locked;
478 }
479 } else {
480 if (SG_HAVE_EXCLUDE(sdp)) {
481 res = -EBUSY;
482 goto error_mutex_locked;
483 }
484 }
485 } else {
486 res = sg_wait_open_event(sdp, o_excl);
487 if (res) /* -ERESTARTSYS or -ENODEV */
488 goto error_mutex_locked;
489 }
490
491 /* N.B. at this point we are holding the open_rel_lock */
492 if (o_excl)
493 set_bit(SG_FDEV_EXCLUDE, sdp->fdev_bm);
494
495 o_count = atomic_inc_return(&sdp->open_cnt);
496 sfp = sg_add_sfp(sdp); /* increments sdp->d_ref */
497 if (IS_ERR(sfp)) {
498 atomic_dec(&sdp->open_cnt);
499 res = PTR_ERR(sfp);
500 goto out_undo;
501 }
502
503 filp->private_data = sfp;
> 504 sfp->tid = (current ? current->pid : -1);
505 mutex_unlock(&sdp->open_rel_lock);
506 SG_LOG(3, sfp, "%s: minor=%d, op_flags=0x%x; %s count after=%d%s\n",
507 __func__, min_dev, op_flags, "device open", o_count,
508 ((op_flags & O_NONBLOCK) ? " O_NONBLOCK" : ""));
509
510 res = 0;
511 sg_put:
512 kref_put(&sdp->d_ref, sg_device_destroy);
513 /* if success, sdp->d_ref is incremented twice, decremented once */
514 return res;
515
516 out_undo:
517 if (o_excl) { /* undo if error */
518 clear_bit(SG_FDEV_EXCLUDE, sdp->fdev_bm);
519 wake_up_interruptible(&sdp->open_wait);
520 }
521 error_mutex_locked:
522 mutex_unlock(&sdp->open_rel_lock);
523 error_out:
524 scsi_autopm_put_device(sdp->device);
525 sdp_put:
526 scsi_device_put(sdp->device);
527 goto sg_put;
528 }
529
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx Intel Corporation
