Re: [PATCH 2/9] libiscsi: drop taskqueuelock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Mike,

url:    https://github.com/0day-ci/linux/commits/Mike-Christie/iscsi-fixes-and-cleanups/20210203-122757
base:   https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next
config: i386-randconfig-m021-20210202 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

smatch warnings:
drivers/scsi/libiscsi_tcp.c:586 iscsi_tcp_r2t_rsp() warn: variable dereferenced before check 'task->sc' (see line 547)

vim +586 drivers/scsi/libiscsi_tcp.c

f7dbf0662a0167 Mike Christie     2021-02-02  529  static int iscsi_tcp_r2t_rsp(struct iscsi_conn *conn, struct iscsi_hdr *hdr)
a081c13e39b5c1 Mike Christie     2008-12-02  530  {
a081c13e39b5c1 Mike Christie     2008-12-02  531  	struct iscsi_session *session = conn->session;
f7dbf0662a0167 Mike Christie     2021-02-02  532  	struct iscsi_tcp_task *tcp_task;
f7dbf0662a0167 Mike Christie     2021-02-02  533  	struct iscsi_tcp_conn *tcp_conn;
f7dbf0662a0167 Mike Christie     2021-02-02  534  	struct iscsi_r2t_rsp *rhdr;
a081c13e39b5c1 Mike Christie     2008-12-02  535  	struct iscsi_r2t_info *r2t;
f7dbf0662a0167 Mike Christie     2021-02-02  536  	struct iscsi_task *task;
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  537  	u32 data_length;
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  538  	u32 data_offset;
f7dbf0662a0167 Mike Christie     2021-02-02  539  	int r2tsn;
a081c13e39b5c1 Mike Christie     2008-12-02  540  	int rc;
a081c13e39b5c1 Mike Christie     2008-12-02  541  
f7dbf0662a0167 Mike Christie     2021-02-02  542  	spin_lock(&session->back_lock);
f7dbf0662a0167 Mike Christie     2021-02-02  543  	task = iscsi_itt_to_ctask(conn, hdr->itt);
f7dbf0662a0167 Mike Christie     2021-02-02  544  	if (!task) {
f7dbf0662a0167 Mike Christie     2021-02-02  545  		spin_unlock(&session->back_lock);
f7dbf0662a0167 Mike Christie     2021-02-02  546  		return ISCSI_ERR_BAD_ITT;
f7dbf0662a0167 Mike Christie     2021-02-02 @547  	} else if (task->sc->sc_data_direction != DMA_TO_DEVICE) {
                                                                   ^^^^^^^^
New unchecked dereference.

f7dbf0662a0167 Mike Christie     2021-02-02  548  		spin_unlock(&session->back_lock);
f7dbf0662a0167 Mike Christie     2021-02-02  549  		return ISCSI_ERR_PROTO;
f7dbf0662a0167 Mike Christie     2021-02-02  550  	}
f7dbf0662a0167 Mike Christie     2021-02-02  551  	/*
f7dbf0662a0167 Mike Christie     2021-02-02  552  	 * A bad target might complete the cmd before we have handled R2Ts
f7dbf0662a0167 Mike Christie     2021-02-02  553  	 * so get a ref to the task that will be dropped in the xmit path.
f7dbf0662a0167 Mike Christie     2021-02-02  554  	 */
f7dbf0662a0167 Mike Christie     2021-02-02  555  	if (task->state != ISCSI_TASK_RUNNING) {
f7dbf0662a0167 Mike Christie     2021-02-02  556  		spin_unlock(&session->back_lock);
f7dbf0662a0167 Mike Christie     2021-02-02  557  		/* Let the path that got the early rsp complete it */
f7dbf0662a0167 Mike Christie     2021-02-02  558  		return 0;
f7dbf0662a0167 Mike Christie     2021-02-02  559  	}
f7dbf0662a0167 Mike Christie     2021-02-02  560  	task->last_xfer = jiffies;
f7dbf0662a0167 Mike Christie     2021-02-02  561  	__iscsi_get_task(task);
f7dbf0662a0167 Mike Christie     2021-02-02  562  
f7dbf0662a0167 Mike Christie     2021-02-02  563  	tcp_conn = conn->dd_data;
f7dbf0662a0167 Mike Christie     2021-02-02  564  	rhdr = (struct iscsi_r2t_rsp *)tcp_conn->in.hdr;
f7dbf0662a0167 Mike Christie     2021-02-02  565  	/* fill-in new R2T associated with the task */
f7dbf0662a0167 Mike Christie     2021-02-02  566  	iscsi_update_cmdsn(session, (struct iscsi_nopin *)rhdr);
f7dbf0662a0167 Mike Christie     2021-02-02  567  	spin_unlock(&session->back_lock);
f7dbf0662a0167 Mike Christie     2021-02-02  568  
a081c13e39b5c1 Mike Christie     2008-12-02  569  	if (tcp_conn->in.datalen) {
a081c13e39b5c1 Mike Christie     2008-12-02  570  		iscsi_conn_printk(KERN_ERR, conn,
a081c13e39b5c1 Mike Christie     2008-12-02  571  				  "invalid R2t with datalen %d\n",
a081c13e39b5c1 Mike Christie     2008-12-02  572  				  tcp_conn->in.datalen);
f7dbf0662a0167 Mike Christie     2021-02-02  573  		rc = ISCSI_ERR_DATALEN;
f7dbf0662a0167 Mike Christie     2021-02-02  574  		goto put_task;
a081c13e39b5c1 Mike Christie     2008-12-02  575  	}
a081c13e39b5c1 Mike Christie     2008-12-02  576  
f7dbf0662a0167 Mike Christie     2021-02-02  577  	tcp_task = task->dd_data;
f7dbf0662a0167 Mike Christie     2021-02-02  578  	r2tsn = be32_to_cpu(rhdr->r2tsn);
a081c13e39b5c1 Mike Christie     2008-12-02  579  	if (tcp_task->exp_datasn != r2tsn){
0ab1c2529e6a70 Mike Christie     2009-03-05  580  		ISCSI_DBG_TCP(conn, "task->exp_datasn(%d) != rhdr->r2tsn(%d)\n",
0ab1c2529e6a70 Mike Christie     2009-03-05  581  			      tcp_task->exp_datasn, r2tsn);
f7dbf0662a0167 Mike Christie     2021-02-02  582  		rc = ISCSI_ERR_R2TSN;
f7dbf0662a0167 Mike Christie     2021-02-02  583  		goto put_task;
a081c13e39b5c1 Mike Christie     2008-12-02  584  	}
a081c13e39b5c1 Mike Christie     2008-12-02  585  
a081c13e39b5c1 Mike Christie     2008-12-02 @586  	if (!task->sc || session->state != ISCSI_STATE_LOGGED_IN) {
                                                             ^^^^^^^^
Checked too late.

a081c13e39b5c1 Mike Christie     2008-12-02  587  		iscsi_conn_printk(KERN_INFO, conn,
a081c13e39b5c1 Mike Christie     2008-12-02  588  				  "dropping R2T itt %d in recovery.\n",
a081c13e39b5c1 Mike Christie     2008-12-02  589  				  task->itt);
f7dbf0662a0167 Mike Christie     2021-02-02  590  		rc = 0;
f7dbf0662a0167 Mike Christie     2021-02-02  591  		goto put_task;
a081c13e39b5c1 Mike Christie     2008-12-02  592  	}
a081c13e39b5c1 Mike Christie     2008-12-02  593  
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  594  	data_length = be32_to_cpu(rhdr->data_length);
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  595  	if (data_length == 0) {
a081c13e39b5c1 Mike Christie     2008-12-02  596  		iscsi_conn_printk(KERN_ERR, conn,
a081c13e39b5c1 Mike Christie     2008-12-02  597  				  "invalid R2T with zero data len\n");
f7dbf0662a0167 Mike Christie     2021-02-02  598  		rc = ISCSI_ERR_DATALEN;
f7dbf0662a0167 Mike Christie     2021-02-02  599  		goto put_task;
a081c13e39b5c1 Mike Christie     2008-12-02  600  	}
a081c13e39b5c1 Mike Christie     2008-12-02  601  
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  602  	if (data_length > session->max_burst)
0ab1c2529e6a70 Mike Christie     2009-03-05  603  		ISCSI_DBG_TCP(conn, "invalid R2T with data len %u and max "
0ab1c2529e6a70 Mike Christie     2009-03-05  604  			      "burst %u. Attempting to execute request.\n",
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  605  			      data_length, session->max_burst);
a081c13e39b5c1 Mike Christie     2008-12-02  606  
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  607  	data_offset = be32_to_cpu(rhdr->data_offset);
ae3d56d81507c3 Christoph Hellwig 2019-01-29  608  	if (data_offset + data_length > task->sc->sdb.length) {
a081c13e39b5c1 Mike Christie     2008-12-02  609  		iscsi_conn_printk(KERN_ERR, conn,
a081c13e39b5c1 Mike Christie     2008-12-02  610  				  "invalid R2T with data len %u at offset %u "
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  611  				  "and total length %d\n", data_length,
ae3d56d81507c3 Christoph Hellwig 2019-01-29  612  				  data_offset, task->sc->sdb.length);
f7dbf0662a0167 Mike Christie     2021-02-02  613  		rc = ISCSI_ERR_DATALEN;
f7dbf0662a0167 Mike Christie     2021-02-02  614  		goto put_task;
a081c13e39b5c1 Mike Christie     2008-12-02  615  	}
a081c13e39b5c1 Mike Christie     2008-12-02  616  
659743b02c4110 Shlomo Pongratz   2014-02-07  617  	spin_lock(&tcp_task->pool2queue);
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  618  	rc = kfifo_out(&tcp_task->r2tpool.queue, (void *)&r2t, sizeof(void *));
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  619  	if (!rc) {
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  620  		iscsi_conn_printk(KERN_ERR, conn, "Could not allocate R2T. "
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  621  				  "Target has sent more R2Ts than it "
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  622  				  "negotiated for or driver has leaked.\n");
659743b02c4110 Shlomo Pongratz   2014-02-07  623  		spin_unlock(&tcp_task->pool2queue);
f7dbf0662a0167 Mike Christie     2021-02-02  624  		rc = ISCSI_ERR_PROTO;
f7dbf0662a0167 Mike Christie     2021-02-02  625  		goto put_task;
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  626  	}
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  627  
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  628  	r2t->exp_statsn = rhdr->statsn;
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  629  	r2t->data_length = data_length;
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  630  	r2t->data_offset = data_offset;
5d0fddd0a72d30 Shlomo Pongratz   2014-02-07  631  
a081c13e39b5c1 Mike Christie     2008-12-02  632  	r2t->ttt = rhdr->ttt; /* no flip */
a081c13e39b5c1 Mike Christie     2008-12-02  633  	r2t->datasn = 0;
a081c13e39b5c1 Mike Christie     2008-12-02  634  	r2t->sent = 0;
a081c13e39b5c1 Mike Christie     2008-12-02  635  
a081c13e39b5c1 Mike Christie     2008-12-02  636  	tcp_task->exp_datasn = r2tsn + 1;
7acd72eb85f1c7 Stefani Seibold   2009-12-21  637  	kfifo_in(&tcp_task->r2tqueue, (void*)&r2t, sizeof(void*));
a081c13e39b5c1 Mike Christie     2008-12-02  638  	conn->r2t_pdus_cnt++;
659743b02c4110 Shlomo Pongratz   2014-02-07  639  	spin_unlock(&tcp_task->pool2queue);
a081c13e39b5c1 Mike Christie     2008-12-02  640  
a081c13e39b5c1 Mike Christie     2008-12-02  641  	iscsi_requeue_task(task);
a081c13e39b5c1 Mike Christie     2008-12-02  642  	return 0;
f7dbf0662a0167 Mike Christie     2021-02-02  643  
f7dbf0662a0167 Mike Christie     2021-02-02  644  put_task:
f7dbf0662a0167 Mike Christie     2021-02-02  645  	iscsi_put_task(task);
f7dbf0662a0167 Mike Christie     2021-02-02  646  	return rc;
a081c13e39b5c1 Mike Christie     2008-12-02  647  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux