[bug report] staging: vc04: Convert(and rename) vchiq_log_info() to use dynamic debug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Umang Jain,

The patch f67af5940d6d: "staging: vc04: Convert(and rename)
vchiq_log_info() to use dynamic debug" from Oct 24, 2023
(linux-next), leads to the following Smatch static checker warning:

drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c:248
	find_service_by_handle() error: we previously assumed 'service'
	could be null (see line 240)

drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c:290
	find_service_for_instance() error: we previously assumed 'service'
	could be null (see line 281)

drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c:313
	find_closed_service_for_instance() error: we previously assumed 'service'
	could be null (see line 302)

drivers/staging/vc04_services/interface/vchiq_arm/vchiq_dev.c:1176
	vchiq_open() error: we previously assumed 'state' could be null
	(see line 1175)

Also I see in vchiq_release() we dereference "state" before the NULL
check.  This warning only triggers when the variable has definitely
been dereferenced before but if debugging is turned off then maybe the
variable wasn't dereferenced.  I'm going to change that rule to complain
when a variable is possibly dereferenced and see how the output looks
like tonight.

drivers/staging/vc04_services/interface/vchiq_arm/vchiq_core.c
    233 struct vchiq_service *
    234 find_service_by_handle(struct vchiq_instance *instance, unsigned int handle)
    235 {
    236         struct vchiq_service *service;
    237 
    238         rcu_read_lock();
    239         service = handle_to_service(instance, handle);
    240         if (service && service->srvstate != VCHIQ_SRVSTATE_FREE &&
                    ^^^^^^^
Check for NULL

    241             service->handle == handle &&
    242             kref_get_unless_zero(&service->ref_count)) {
    243                 service = rcu_pointer_handoff(service);
    244                 rcu_read_unlock();
    245                 return service;
    246         }
    247         rcu_read_unlock();
--> 248         vchiq_log_debug(service->state->dev, VCHIQ_CORE,
                                ^^^^^^^
Unchecked dereference

    249                         "Invalid service handle 0x%x", handle);
    250         return NULL;
    251 }

regards,
dan carpenter
[Index of Archives]     [Linux Driver Development]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux