Hello James Smart,
This is a semi-automatic email about new static checker warnings.
The patch 3a8070c567aa: "lpfc: Refactor NVME LS receive handling"
from Mar 31, 2020, leads to the following Smatch complaint:
drivers/scsi/lpfc/lpfc_sli.c:2905 lpfc_nvme_unsol_ls_handler()
error: we previously assumed 'phba->targetport' could be null (see line 2837)
drivers/scsi/lpfc/lpfc_sli.c
2836 failwhy = "No Localport";
2837 } else if (phba->nvmet_support && !phba->targetport) {
^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
Assume both pointers are NULL.
2838 failwhy = "No Targetport";
2839 } else if (unlikely(fc_hdr->fh_r_ctl != FC_RCTL_ELS4_REQ)) {
2840 failwhy = "Bad NVME LS R_CTL";
2841 } else if (unlikely((fctl & 0x00FF0000) !=
2842 (FC_FC_FIRST_SEQ | FC_FC_END_SEQ | FC_FC_SEQ_INIT))) {
2843 failwhy = "Bad NVME LS F_CTL";
2844 } else {
2845 axchg = kzalloc(sizeof(*axchg), GFP_ATOMIC);
2846 if (!axchg)
2847 failwhy = "No CTX memory";
2848 }
2849
2850 if (unlikely(failwhy)) {
2851 lpfc_printf_log(phba, KERN_ERR, LOG_NVME_DISC | LOG_NVME_IOERR,
2852 "6154 Drop NVME LS: SID %06X OXID x%X: %s\n",
2853 sid, oxid, failwhy);
2854 goto out_fail;
2855 }
2856
2857 /* validate the source of the LS is logged in */
2858 ndlp = lpfc_findnode_did(phba->pport, sid);
2859 if (!ndlp || !NLP_CHK_NODE_ACT(ndlp) ||
2860 ((ndlp->nlp_state != NLP_STE_UNMAPPED_NODE) &&
2861 (ndlp->nlp_state != NLP_STE_MAPPED_NODE))) {
2862 lpfc_printf_log(phba, KERN_ERR, LOG_NVME_DISC,
2863 "6216 NVME Unsol rcv: No ndlp: "
2864 "NPort_ID x%x oxid x%x\n",
2865 sid, oxid);
2866 goto out_fail;
2867 }
2868
2869 axchg->phba = phba;
2870 axchg->ndlp = ndlp;
2871 axchg->size = size;
2872 axchg->oxid = oxid;
2873 axchg->sid = sid;
2874 axchg->wqeq = NULL;
2875 axchg->state = LPFC_NVME_STE_LS_RCV;
2876 axchg->entry_cnt = 1;
2877 axchg->rqb_buffer = (void *)nvmebuf;
2878 axchg->hdwq = &phba->sli4_hba.hdwq[0];
2879 axchg->payload = nvmebuf->dbuf.virt;
2880 INIT_LIST_HEAD(&axchg->list);
2881
2882 if (phba->nvmet_support)
2883 ret = lpfc_nvmet_handle_lsreq(phba, axchg);
2884 else
2885 ret = lpfc_nvme_handle_lsreq(phba, axchg);
2886
2887 /* if zero, LS was successfully handled. If non-zero, LS not handled */
2888 if (!ret)
2889 return;
2890
2891 lpfc_printf_log(phba, KERN_ERR, LOG_NVME_DISC | LOG_NVME_IOERR,
2892 "6155 Drop NVME LS from DID %06X: SID %06X OXID x%X "
2893 "NVMe%s handler failed %d\n",
2894 did, sid, oxid,
2895 (phba->nvmet_support) ? "T" : "I", ret);
2896
2897 out_fail:
2898 kfree(axchg);
2899
2900 /* recycle receive buffer */
2901 lpfc_in_buf_free(phba, &nvmebuf->dbuf);
2902
2903 /* If start of new exchange, abort it */
2904 if (fctl & FC_FC_FIRST_SEQ && !(fctl & FC_FC_EX_CTX))
2905 lpfc_nvme_unsol_ls_issue_abort(phba, axchg, sid, oxid);
^^^^
phba->targetport is dereferenced without checking.
2906 }
2907
regards,
dan carpenter
