Re: [PATCH 20/26] lpfc: Fix field overload in lpfc_iocbq data structure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi James,

url:    https://github.com/intel-lab-lkp/linux/commits/James-Smart/lpfc-Update-lpfc-to-revision-14-2-0-2/20220413-073746
base:   https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next
config: x86_64-randconfig-m001-20220418 (https://download.01.org/0day-ci/archive/20220419/202204190252.8068PeSp-lkp@xxxxxxxxx/config)
compiler: gcc-11 (Debian 11.2.0-19) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

smatch warnings:
drivers/scsi/lpfc/lpfc_sli.c:22305 lpfc_sli_prep_wqe() error: we previously assumed 'ndlp' could be null (see line 22298)

vim +/ndlp +22305 drivers/scsi/lpfc/lpfc_sli.c

561341425bcc70 James Smart 2022-02-24  22239  void
561341425bcc70 James Smart 2022-02-24  22240  lpfc_sli_prep_wqe(struct lpfc_hba *phba, struct lpfc_iocbq *job)
561341425bcc70 James Smart 2022-02-24  22241  {
561341425bcc70 James Smart 2022-02-24  22242  	u8 cmnd;
561341425bcc70 James Smart 2022-02-24  22243  	u32 *pcmd;
561341425bcc70 James Smart 2022-02-24  22244  	u32 if_type = 0;
561341425bcc70 James Smart 2022-02-24  22245  	u32 fip, abort_tag;
561341425bcc70 James Smart 2022-02-24  22246  	struct lpfc_nodelist *ndlp = NULL;
561341425bcc70 James Smart 2022-02-24  22247  	union lpfc_wqe128 *wqe = &job->wqe;
561341425bcc70 James Smart 2022-02-24  22248  	u32 els_id = LPFC_ELS_ID_DEFAULT;
561341425bcc70 James Smart 2022-02-24  22249  	u8 command_type = ELS_COMMAND_NON_FIP;
561341425bcc70 James Smart 2022-02-24  22250  
561341425bcc70 James Smart 2022-02-24  22251  	fip = phba->hba_flag & HBA_FIP_SUPPORT;
561341425bcc70 James Smart 2022-02-24  22252  	/* The fcp commands will set command type */
561341425bcc70 James Smart 2022-02-24  22253  	if (job->cmd_flag &  LPFC_IO_FCP)
561341425bcc70 James Smart 2022-02-24  22254  		command_type = FCP_COMMAND;
561341425bcc70 James Smart 2022-02-24  22255  	else if (fip && (job->cmd_flag & LPFC_FIP_ELS_ID_MASK))
561341425bcc70 James Smart 2022-02-24  22256  		command_type = ELS_COMMAND_FIP;
561341425bcc70 James Smart 2022-02-24  22257  	else
561341425bcc70 James Smart 2022-02-24  22258  		command_type = ELS_COMMAND_NON_FIP;
561341425bcc70 James Smart 2022-02-24  22259  
561341425bcc70 James Smart 2022-02-24  22260  	abort_tag = job->iotag;
561341425bcc70 James Smart 2022-02-24  22261  	cmnd = bf_get(wqe_cmnd, &wqe->els_req.wqe_com);
561341425bcc70 James Smart 2022-02-24  22262  
561341425bcc70 James Smart 2022-02-24  22263  	switch (cmnd) {
561341425bcc70 James Smart 2022-02-24  22264  	case CMD_ELS_REQUEST64_WQE:
536304e3919a95 James Smart 2022-04-12  22265  		ndlp = job->ndlp;
561341425bcc70 James Smart 2022-02-24  22266  
561341425bcc70 James Smart 2022-02-24  22267  		/* CCP CCPE PV PRI in word10 were set in the memcpy */
561341425bcc70 James Smart 2022-02-24  22268  		if (command_type == ELS_COMMAND_FIP)
561341425bcc70 James Smart 2022-02-24  22269  			els_id = ((job->cmd_flag & LPFC_FIP_ELS_ID_MASK)
561341425bcc70 James Smart 2022-02-24  22270  				  >> LPFC_FIP_ELS_ID_SHIFT);
561341425bcc70 James Smart 2022-02-24  22271  
561341425bcc70 James Smart 2022-02-24  22272  		if_type = bf_get(lpfc_sli_intf_if_type,
561341425bcc70 James Smart 2022-02-24  22273  				 &phba->sli4_hba.sli_intf);
561341425bcc70 James Smart 2022-02-24  22274  		if (if_type >= LPFC_SLI_INTF_IF_TYPE_2) {
536304e3919a95 James Smart 2022-04-12  22275  			pcmd = (u32 *)job->cmd_dmabuf->virt;
561341425bcc70 James Smart 2022-02-24  22276  			if (pcmd && (*pcmd == ELS_CMD_FLOGI ||
561341425bcc70 James Smart 2022-02-24  22277  				     *pcmd == ELS_CMD_SCR ||
561341425bcc70 James Smart 2022-02-24  22278  				     *pcmd == ELS_CMD_RDF ||
561341425bcc70 James Smart 2022-02-24  22279  				     *pcmd == ELS_CMD_EDC ||
561341425bcc70 James Smart 2022-02-24  22280  				     *pcmd == ELS_CMD_RSCN_XMT ||
561341425bcc70 James Smart 2022-02-24  22281  				     *pcmd == ELS_CMD_FDISC ||
561341425bcc70 James Smart 2022-02-24  22282  				     *pcmd == ELS_CMD_LOGO ||
561341425bcc70 James Smart 2022-02-24  22283  				     *pcmd == ELS_CMD_QFPA ||
561341425bcc70 James Smart 2022-02-24  22284  				     *pcmd == ELS_CMD_UVEM ||
561341425bcc70 James Smart 2022-02-24  22285  				     *pcmd == ELS_CMD_PLOGI)) {
561341425bcc70 James Smart 2022-02-24  22286  				bf_set(els_req64_sp, &wqe->els_req, 1);
561341425bcc70 James Smart 2022-02-24  22287  				bf_set(els_req64_sid, &wqe->els_req,
561341425bcc70 James Smart 2022-02-24  22288  				       job->vport->fc_myDID);
561341425bcc70 James Smart 2022-02-24  22289  
561341425bcc70 James Smart 2022-02-24  22290  				if ((*pcmd == ELS_CMD_FLOGI) &&
561341425bcc70 James Smart 2022-02-24  22291  				    !(phba->fc_topology ==
561341425bcc70 James Smart 2022-02-24  22292  				      LPFC_TOPOLOGY_LOOP))
561341425bcc70 James Smart 2022-02-24  22293  					bf_set(els_req64_sid, &wqe->els_req, 0);
561341425bcc70 James Smart 2022-02-24  22294  
561341425bcc70 James Smart 2022-02-24  22295  				bf_set(wqe_ct, &wqe->els_req.wqe_com, 1);
561341425bcc70 James Smart 2022-02-24  22296  				bf_set(wqe_ctxt_tag, &wqe->els_req.wqe_com,
561341425bcc70 James Smart 2022-02-24  22297  				       phba->vpi_ids[job->vport->vpi]);
536304e3919a95 James Smart 2022-04-12 @22298  			} else if (pcmd && ndlp) {
                                                                                   ^^^^
Check for NULL

561341425bcc70 James Smart 2022-02-24  22299  				bf_set(wqe_ct, &wqe->els_req.wqe_com, 0);
561341425bcc70 James Smart 2022-02-24  22300  				bf_set(wqe_ctxt_tag, &wqe->els_req.wqe_com,
561341425bcc70 James Smart 2022-02-24  22301  				       phba->sli4_hba.rpi_ids[ndlp->nlp_rpi]);
561341425bcc70 James Smart 2022-02-24  22302  			}
561341425bcc70 James Smart 2022-02-24  22303  		}
561341425bcc70 James Smart 2022-02-24  22304  
561341425bcc70 James Smart 2022-02-24 @22305  		bf_set(wqe_temp_rpi, &wqe->els_req.wqe_com,

The kbuild email generator chopped off the important line but it looks
like this:

		phba->sli4_hba.rpi_ids[ndlp->nlp_rpi]);
        	                       ^^^^^^
Unchecked dereference.

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux