Hello Oded Gabbay,
Commit ac0ae6a96aa5 ("habanalabs: add gaudi asic-dependent code")
from May 11, 2020 (linux-next), leads to the following Smatch static
checker warning:
drivers/accel/habanalabs/gaudi/gaudi.c:1036 _gaudi_init_tpc_mem()
error: dereferencing freed memory 'cb->buf' (line 1035)
drivers/accel/habanalabs/gaudi/gaudi.c
1022 for (tpc_id = 0 ; tpc_id < TPC_NUMBER_OF_ENGINES ; tpc_id++) {
1023 rc = gaudi_run_tpc_kernel(hdev, dst_addr, tpc_id);
1024 if (rc)
1025 break;
1026 }
1027
1028 free_job:
1029 hl_userptr_delete_list(hdev, &job->userptr_list);
1030 hl_debugfs_remove_job(hdev, job);
1031 kfree(job);
1032 atomic_dec(&cb->cs_cnt);
1033
1034 release_cb:
1035 hl_cb_put(cb);
^^
cb is freed here.
--> 1036 hl_cb_destroy(&hdev->kernel_mem_mgr, cb->buf->handle);
^^^^^^^
So this is a use after free. Free the handle first?
1037
1038 return rc;
1039 }
This email is a free service from the Smatch-CI project [smatch.sf.net].
regards,
dan carpenter
