Hi Mike, url: https://github.com/0day-ci/linux/commits/Mike-Christie/iscsi-fixes-and-cleanups/20210203-122757 base: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next config: i386-randconfig-m021-20210202 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@xxxxxxxxx> Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> smatch warnings: drivers/scsi/libiscsi_tcp.c:586 iscsi_tcp_r2t_rsp() warn: variable dereferenced before check 'task->sc' (see line 547) vim +586 drivers/scsi/libiscsi_tcp.c f7dbf0662a0167 Mike Christie 2021-02-02 529 static int iscsi_tcp_r2t_rsp(struct iscsi_conn *conn, struct iscsi_hdr *hdr) a081c13e39b5c1 Mike Christie 2008-12-02 530 { a081c13e39b5c1 Mike Christie 2008-12-02 531 struct iscsi_session *session = conn->session; f7dbf0662a0167 Mike Christie 2021-02-02 532 struct iscsi_tcp_task *tcp_task; f7dbf0662a0167 Mike Christie 2021-02-02 533 struct iscsi_tcp_conn *tcp_conn; f7dbf0662a0167 Mike Christie 2021-02-02 534 struct iscsi_r2t_rsp *rhdr; a081c13e39b5c1 Mike Christie 2008-12-02 535 struct iscsi_r2t_info *r2t; f7dbf0662a0167 Mike Christie 2021-02-02 536 struct iscsi_task *task; 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 537 u32 data_length; 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 538 u32 data_offset; f7dbf0662a0167 Mike Christie 2021-02-02 539 int r2tsn; a081c13e39b5c1 Mike Christie 2008-12-02 540 int rc; a081c13e39b5c1 Mike Christie 2008-12-02 541 f7dbf0662a0167 Mike Christie 2021-02-02 542 spin_lock(&session->back_lock); f7dbf0662a0167 Mike Christie 2021-02-02 543 task = iscsi_itt_to_ctask(conn, hdr->itt); f7dbf0662a0167 Mike Christie 2021-02-02 544 if (!task) { f7dbf0662a0167 Mike Christie 2021-02-02 545 spin_unlock(&session->back_lock); f7dbf0662a0167 Mike Christie 2021-02-02 546 return ISCSI_ERR_BAD_ITT; f7dbf0662a0167 Mike Christie 2021-02-02 @547 } else if (task->sc->sc_data_direction != DMA_TO_DEVICE) { ^^^^^^^^ New unchecked dereference. f7dbf0662a0167 Mike Christie 2021-02-02 548 spin_unlock(&session->back_lock); f7dbf0662a0167 Mike Christie 2021-02-02 549 return ISCSI_ERR_PROTO; f7dbf0662a0167 Mike Christie 2021-02-02 550 } f7dbf0662a0167 Mike Christie 2021-02-02 551 /* f7dbf0662a0167 Mike Christie 2021-02-02 552 * A bad target might complete the cmd before we have handled R2Ts f7dbf0662a0167 Mike Christie 2021-02-02 553 * so get a ref to the task that will be dropped in the xmit path. f7dbf0662a0167 Mike Christie 2021-02-02 554 */ f7dbf0662a0167 Mike Christie 2021-02-02 555 if (task->state != ISCSI_TASK_RUNNING) { f7dbf0662a0167 Mike Christie 2021-02-02 556 spin_unlock(&session->back_lock); f7dbf0662a0167 Mike Christie 2021-02-02 557 /* Let the path that got the early rsp complete it */ f7dbf0662a0167 Mike Christie 2021-02-02 558 return 0; f7dbf0662a0167 Mike Christie 2021-02-02 559 } f7dbf0662a0167 Mike Christie 2021-02-02 560 task->last_xfer = jiffies; f7dbf0662a0167 Mike Christie 2021-02-02 561 __iscsi_get_task(task); f7dbf0662a0167 Mike Christie 2021-02-02 562 f7dbf0662a0167 Mike Christie 2021-02-02 563 tcp_conn = conn->dd_data; f7dbf0662a0167 Mike Christie 2021-02-02 564 rhdr = (struct iscsi_r2t_rsp *)tcp_conn->in.hdr; f7dbf0662a0167 Mike Christie 2021-02-02 565 /* fill-in new R2T associated with the task */ f7dbf0662a0167 Mike Christie 2021-02-02 566 iscsi_update_cmdsn(session, (struct iscsi_nopin *)rhdr); f7dbf0662a0167 Mike Christie 2021-02-02 567 spin_unlock(&session->back_lock); f7dbf0662a0167 Mike Christie 2021-02-02 568 a081c13e39b5c1 Mike Christie 2008-12-02 569 if (tcp_conn->in.datalen) { a081c13e39b5c1 Mike Christie 2008-12-02 570 iscsi_conn_printk(KERN_ERR, conn, a081c13e39b5c1 Mike Christie 2008-12-02 571 "invalid R2t with datalen %d\n", a081c13e39b5c1 Mike Christie 2008-12-02 572 tcp_conn->in.datalen); f7dbf0662a0167 Mike Christie 2021-02-02 573 rc = ISCSI_ERR_DATALEN; f7dbf0662a0167 Mike Christie 2021-02-02 574 goto put_task; a081c13e39b5c1 Mike Christie 2008-12-02 575 } a081c13e39b5c1 Mike Christie 2008-12-02 576 f7dbf0662a0167 Mike Christie 2021-02-02 577 tcp_task = task->dd_data; f7dbf0662a0167 Mike Christie 2021-02-02 578 r2tsn = be32_to_cpu(rhdr->r2tsn); a081c13e39b5c1 Mike Christie 2008-12-02 579 if (tcp_task->exp_datasn != r2tsn){ 0ab1c2529e6a70 Mike Christie 2009-03-05 580 ISCSI_DBG_TCP(conn, "task->exp_datasn(%d) != rhdr->r2tsn(%d)\n", 0ab1c2529e6a70 Mike Christie 2009-03-05 581 tcp_task->exp_datasn, r2tsn); f7dbf0662a0167 Mike Christie 2021-02-02 582 rc = ISCSI_ERR_R2TSN; f7dbf0662a0167 Mike Christie 2021-02-02 583 goto put_task; a081c13e39b5c1 Mike Christie 2008-12-02 584 } a081c13e39b5c1 Mike Christie 2008-12-02 585 a081c13e39b5c1 Mike Christie 2008-12-02 @586 if (!task->sc || session->state != ISCSI_STATE_LOGGED_IN) { ^^^^^^^^ Checked too late. a081c13e39b5c1 Mike Christie 2008-12-02 587 iscsi_conn_printk(KERN_INFO, conn, a081c13e39b5c1 Mike Christie 2008-12-02 588 "dropping R2T itt %d in recovery.\n", a081c13e39b5c1 Mike Christie 2008-12-02 589 task->itt); f7dbf0662a0167 Mike Christie 2021-02-02 590 rc = 0; f7dbf0662a0167 Mike Christie 2021-02-02 591 goto put_task; a081c13e39b5c1 Mike Christie 2008-12-02 592 } a081c13e39b5c1 Mike Christie 2008-12-02 593 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 594 data_length = be32_to_cpu(rhdr->data_length); 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 595 if (data_length == 0) { a081c13e39b5c1 Mike Christie 2008-12-02 596 iscsi_conn_printk(KERN_ERR, conn, a081c13e39b5c1 Mike Christie 2008-12-02 597 "invalid R2T with zero data len\n"); f7dbf0662a0167 Mike Christie 2021-02-02 598 rc = ISCSI_ERR_DATALEN; f7dbf0662a0167 Mike Christie 2021-02-02 599 goto put_task; a081c13e39b5c1 Mike Christie 2008-12-02 600 } a081c13e39b5c1 Mike Christie 2008-12-02 601 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 602 if (data_length > session->max_burst) 0ab1c2529e6a70 Mike Christie 2009-03-05 603 ISCSI_DBG_TCP(conn, "invalid R2T with data len %u and max " 0ab1c2529e6a70 Mike Christie 2009-03-05 604 "burst %u. Attempting to execute request.\n", 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 605 data_length, session->max_burst); a081c13e39b5c1 Mike Christie 2008-12-02 606 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 607 data_offset = be32_to_cpu(rhdr->data_offset); ae3d56d81507c3 Christoph Hellwig 2019-01-29 608 if (data_offset + data_length > task->sc->sdb.length) { a081c13e39b5c1 Mike Christie 2008-12-02 609 iscsi_conn_printk(KERN_ERR, conn, a081c13e39b5c1 Mike Christie 2008-12-02 610 "invalid R2T with data len %u at offset %u " 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 611 "and total length %d\n", data_length, ae3d56d81507c3 Christoph Hellwig 2019-01-29 612 data_offset, task->sc->sdb.length); f7dbf0662a0167 Mike Christie 2021-02-02 613 rc = ISCSI_ERR_DATALEN; f7dbf0662a0167 Mike Christie 2021-02-02 614 goto put_task; a081c13e39b5c1 Mike Christie 2008-12-02 615 } a081c13e39b5c1 Mike Christie 2008-12-02 616 659743b02c4110 Shlomo Pongratz 2014-02-07 617 spin_lock(&tcp_task->pool2queue); 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 618 rc = kfifo_out(&tcp_task->r2tpool.queue, (void *)&r2t, sizeof(void *)); 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 619 if (!rc) { 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 620 iscsi_conn_printk(KERN_ERR, conn, "Could not allocate R2T. " 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 621 "Target has sent more R2Ts than it " 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 622 "negotiated for or driver has leaked.\n"); 659743b02c4110 Shlomo Pongratz 2014-02-07 623 spin_unlock(&tcp_task->pool2queue); f7dbf0662a0167 Mike Christie 2021-02-02 624 rc = ISCSI_ERR_PROTO; f7dbf0662a0167 Mike Christie 2021-02-02 625 goto put_task; 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 626 } 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 627 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 628 r2t->exp_statsn = rhdr->statsn; 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 629 r2t->data_length = data_length; 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 630 r2t->data_offset = data_offset; 5d0fddd0a72d30 Shlomo Pongratz 2014-02-07 631 a081c13e39b5c1 Mike Christie 2008-12-02 632 r2t->ttt = rhdr->ttt; /* no flip */ a081c13e39b5c1 Mike Christie 2008-12-02 633 r2t->datasn = 0; a081c13e39b5c1 Mike Christie 2008-12-02 634 r2t->sent = 0; a081c13e39b5c1 Mike Christie 2008-12-02 635 a081c13e39b5c1 Mike Christie 2008-12-02 636 tcp_task->exp_datasn = r2tsn + 1; 7acd72eb85f1c7 Stefani Seibold 2009-12-21 637 kfifo_in(&tcp_task->r2tqueue, (void*)&r2t, sizeof(void*)); a081c13e39b5c1 Mike Christie 2008-12-02 638 conn->r2t_pdus_cnt++; 659743b02c4110 Shlomo Pongratz 2014-02-07 639 spin_unlock(&tcp_task->pool2queue); a081c13e39b5c1 Mike Christie 2008-12-02 640 a081c13e39b5c1 Mike Christie 2008-12-02 641 iscsi_requeue_task(task); a081c13e39b5c1 Mike Christie 2008-12-02 642 return 0; f7dbf0662a0167 Mike Christie 2021-02-02 643 f7dbf0662a0167 Mike Christie 2021-02-02 644 put_task: f7dbf0662a0167 Mike Christie 2021-02-02 645 iscsi_put_task(task); f7dbf0662a0167 Mike Christie 2021-02-02 646 return rc; a081c13e39b5c1 Mike Christie 2008-12-02 647 } --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
Attachment:
.config.gz
Description: application/gzip