[ I'm not sure what triggered this warning 2 years after the commit.
I checked on lore but I've never reported it previously. -dan ]
Hello James Smart,
The patch 02243836ad6f: "scsi: lpfc: Add support for the CM
framework" from Aug 16, 2021 (linux-next), leads to the following
Smatch static checker warning:
drivers/scsi/lpfc/lpfc_sli.c:8343 lpfc_cmf_setup()
error: we previously assumed 'phba->cgn_i' could be null (see line 8289)
drivers/scsi/lpfc/lpfc_sli.c
8203 static int
8204 lpfc_cmf_setup(struct lpfc_hba *phba)
8205 {
8206 LPFC_MBOXQ_t *mboxq;
8207 struct lpfc_dmabuf *mp;
8208 struct lpfc_pc_sli4_params *sli4_params;
8209 int rc, cmf, mi_ver;
8210
8211 rc = lpfc_sli4_refresh_params(phba);
8212 if (unlikely(rc))
8213 return rc;
8214
8215 mboxq = (LPFC_MBOXQ_t *)mempool_alloc(phba->mbox_mem_pool, GFP_KERNEL);
8216 if (!mboxq)
8217 return -ENOMEM;
8218
8219 sli4_params = &phba->sli4_hba.pc_sli4_params;
8220
8221 /* Always try to enable MI feature if we can */
8222 if (sli4_params->mi_ver) {
8223 lpfc_set_features(phba, mboxq, LPFC_SET_ENABLE_MI);
8224 rc = lpfc_sli_issue_mbox(phba, mboxq, MBX_POLL);
8225 mi_ver = bf_get(lpfc_mbx_set_feature_mi,
8226 &mboxq->u.mqe.un.set_feature);
8227
8228 if (rc == MBX_SUCCESS) {
8229 if (mi_ver) {
8230 lpfc_printf_log(phba,
8231 KERN_WARNING, LOG_CGN_MGMT,
8232 "6215 MI is enabled\n");
8233 sli4_params->mi_ver = mi_ver;
8234 } else {
8235 lpfc_printf_log(phba,
8236 KERN_WARNING, LOG_CGN_MGMT,
8237 "6338 MI is disabled\n");
8238 sli4_params->mi_ver = 0;
8239 }
8240 } else {
8241 /* mi_ver is already set from GET_SLI4_PARAMETERS */
8242 lpfc_printf_log(phba, KERN_INFO,
8243 LOG_CGN_MGMT | LOG_INIT,
8244 "6245 Enable MI Mailbox x%x (x%x/x%x) "
8245 "failed, rc:x%x mi:x%x\n",
8246 bf_get(lpfc_mqe_command, &mboxq->u.mqe),
8247 lpfc_sli_config_mbox_subsys_get
8248 (phba, mboxq),
8249 lpfc_sli_config_mbox_opcode_get
8250 (phba, mboxq),
8251 rc, sli4_params->mi_ver);
8252 }
8253 } else {
8254 lpfc_printf_log(phba, KERN_WARNING, LOG_CGN_MGMT,
8255 "6217 MI is disabled\n");
8256 }
8257
8258 /* Ensure FDMI is enabled for MI if enable_mi is set */
8259 if (sli4_params->mi_ver)
8260 phba->cfg_fdmi_on = LPFC_FDMI_SUPPORT;
8261
8262 /* Always try to enable CMF feature if we can */
8263 if (sli4_params->cmf) {
8264 lpfc_set_features(phba, mboxq, LPFC_SET_ENABLE_CMF);
8265 rc = lpfc_sli_issue_mbox(phba, mboxq, MBX_POLL);
8266 cmf = bf_get(lpfc_mbx_set_feature_cmf,
8267 &mboxq->u.mqe.un.set_feature);
8268 if (rc == MBX_SUCCESS && cmf) {
8269 lpfc_printf_log(phba, KERN_WARNING, LOG_CGN_MGMT,
8270 "6218 CMF is enabled: mode %d\n",
8271 phba->cmf_active_mode);
8272 } else {
8273 lpfc_printf_log(phba, KERN_WARNING,
8274 LOG_CGN_MGMT | LOG_INIT,
8275 "6219 Enable CMF Mailbox x%x (x%x/x%x) "
8276 "failed, rc:x%x dd:x%x\n",
8277 bf_get(lpfc_mqe_command, &mboxq->u.mqe),
8278 lpfc_sli_config_mbox_subsys_get
8279 (phba, mboxq),
8280 lpfc_sli_config_mbox_opcode_get
8281 (phba, mboxq),
8282 rc, cmf);
8283 sli4_params->cmf = 0;
8284 phba->cmf_active_mode = LPFC_CFG_OFF;
8285 goto no_cmf;
8286 }
8287
8288 /* Allocate Congestion Information Buffer */
8289 if (!phba->cgn_i) {
8290 mp = kmalloc(sizeof(*mp), GFP_KERNEL);
8291 if (mp)
8292 mp->virt = dma_alloc_coherent
8293 (&phba->pcidev->dev,
8294 sizeof(struct lpfc_cgn_info),
8295 &mp->phys, GFP_KERNEL);
8296 if (!mp || !mp->virt) {
8297 lpfc_printf_log(phba, KERN_ERR, LOG_INIT,
8298 "2640 Failed to alloc memory "
8299 "for Congestion Info\n");
8300 kfree(mp);
8301 sli4_params->cmf = 0;
8302 phba->cmf_active_mode = LPFC_CFG_OFF;
8303 goto no_cmf;
phba->cgn_i is NULL here.
8304 }
8305 phba->cgn_i = mp;
8306
8307 /* initialize congestion buffer info */
8308 lpfc_init_congestion_buf(phba);
8309 lpfc_init_congestion_stat(phba);
8310
8311 /* Zero out Congestion Signal counters */
8312 atomic64_set(&phba->cgn_acqe_stat.alarm, 0);
8313 atomic64_set(&phba->cgn_acqe_stat.warn, 0);
8314 }
8315
8316 rc = lpfc_sli4_cgn_params_read(phba);
8317 if (rc < 0) {
8318 lpfc_printf_log(phba, KERN_ERR, LOG_CGN_MGMT | LOG_INIT,
8319 "6242 Error reading Cgn Params (%d)\n",
8320 rc);
8321 /* Ensure CGN Mode is off */
8322 sli4_params->cmf = 0;
8323 } else if (!rc) {
8324 lpfc_printf_log(phba, KERN_ERR, LOG_CGN_MGMT | LOG_INIT,
8325 "6243 CGN Event empty object.\n");
8326 /* Ensure CGN Mode is off */
8327 sli4_params->cmf = 0;
8328 }
8329 } else {
8330 no_cmf:
8331 lpfc_printf_log(phba, KERN_WARNING, LOG_CGN_MGMT,
8332 "6220 CMF is disabled\n");
8333 }
8334
8335 /* Only register congestion buffer with firmware if BOTH
8336 * CMF and E2E are enabled.
8337 */
8338 if (sli4_params->cmf && sli4_params->mi_ver) {
8339 rc = lpfc_reg_congestion_buf(phba);
8340 if (rc) {
8341 dma_free_coherent(&phba->pcidev->dev,
8342 sizeof(struct lpfc_cgn_info),
--> 8343 phba->cgn_i->virt, phba->cgn_i->phys);
^^^^^^^^^^^^^^^^^
Unchecked dereference.
8344 kfree(phba->cgn_i);
8345 phba->cgn_i = NULL;
8346 /* Ensure CGN Mode is off */
8347 phba->cmf_active_mode = LPFC_CFG_OFF;
8348 sli4_params->cmf = 0;
8349 return 0;
8350 }
8351 }
8352 lpfc_printf_log(phba, KERN_INFO, LOG_INIT,
8353 "6470 Setup MI version %d CMF %d mode %d\n",
8354 sli4_params->mi_ver, sli4_params->cmf,
8355 phba->cmf_active_mode);
8356
8357 mempool_free(mboxq, phba->mbox_mem_pool);
8358
8359 /* Initialize atomic counters */
8360 atomic_set(&phba->cgn_fabric_warn_cnt, 0);
8361 atomic_set(&phba->cgn_fabric_alarm_cnt, 0);
8362 atomic_set(&phba->cgn_sync_alarm_cnt, 0);
8363 atomic_set(&phba->cgn_sync_warn_cnt, 0);
8364 atomic_set(&phba->cgn_driver_evt_cnt, 0);
8365 atomic_set(&phba->cgn_latency_evt_cnt, 0);
8366 atomic64_set(&phba->cgn_latency_evt, 0);
8367
8368 phba->cmf_interval_rate = LPFC_CMF_INTERVAL;
8369
8370 /* Allocate RX Monitor Buffer */
8371 if (!phba->rx_monitor) {
8372 phba->rx_monitor = kzalloc(sizeof(*phba->rx_monitor),
8373 GFP_KERNEL);
8374
8375 if (!phba->rx_monitor) {
8376 lpfc_printf_log(phba, KERN_ERR, LOG_INIT,
8377 "2644 Failed to alloc memory "
8378 "for RX Monitor Buffer\n");
8379 return -ENOMEM;
8380 }
8381
8382 /* Instruct the rx_monitor object to instantiate its ring */
8383 if (lpfc_rx_monitor_create_ring(phba->rx_monitor,
8384 LPFC_MAX_RXMONITOR_ENTRY)) {
8385 kfree(phba->rx_monitor);
8386 phba->rx_monitor = NULL;
8387 lpfc_printf_log(phba, KERN_ERR, LOG_INIT,
8388 "2645 Failed to alloc memory "
8389 "for RX Monitor's Ring\n");
8390 return -ENOMEM;
8391 }
8392 }
8393
8394 return 0;
8395 }
regards,
dan carpenter
