:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check warning: drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference]" ::::::
CC: [email protected] BCC: [email protected] CC: [email protected] TO: Bart Van Assche <[email protected]> CC: "Martin K. Petersen" <[email protected]> CC: Bean Huo <[email protected]> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 4b35035bcf80ddb47c0112c4fbd84a63a2836a18 commit: dd11376b9f1b73aca3f8c6eb541486bbb6996f05 scsi: ufs: Split the drivers/scsi/ufs directory date: 4 weeks ago :::::: branch date: 2 days ago :::::: commit date: 4 weeks ago config: arm-randconfig-c002-20220619 (https://download.01.org/0day-ci/archive/20220620/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 11.3.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dd11376b9f1b73aca3f8c6eb541486bbb6996f05 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout dd11376b9f1b73aca3f8c6eb541486bbb6996f05 # save the config file ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> gcc-analyzer warnings: (new ones prefixed by >>) |drivers/ufs/core/ufs_bsg.c:90:31: | 40 | if (min_req_len > request_len || min_rsp_len > reply_len) { | | ~ | | | | | (7) following 'false' branch... |...... | 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent)); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) returning to 'ufs_bsg_request' from 'dev_to_shost' |...... | 101 | if (ret) | | ~~ | | | | | (8) ...to here | 'ufs_bsg_request': event 9 | |drivers/ufs/core/ufshcd-priv.h:256:40: | 256 | return pm_runtime_get_sync(&hba->ufs_device_wlun->sdev_gendev); | | ~~~^~~~~~~~~~~~~~~~~ | | | | | (9) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)' | drivers/ufs/core/ufshcd-priv.h:261:40: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference] 261 | return pm_runtime_put_sync(&hba->ufs_device_wlun->sdev_gendev); | ~~~^~~~~~~~~~~~~~~~~ 'ufs_bsg_request': events 1-2 | |drivers/ufs/core/ufs_bsg.c:86:12: | 86 | static int ufs_bsg_request(struct bsg_job *job) | | ^~~~~~~~~~~~~~~ | | | | | (1) entry to 'ufs_bsg_request' |...... | 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) calling 'dev_to_shost' from 'ufs_bsg_request' | +--> 'dev_to_shost': events 3-5 | |include/scsi/scsi_host.h:726:33: | 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev) | | ^~~~~~~~~~~~ | | | | | (3) entry to 'dev_to_shost' | 727 | { | 728 | while (!scsi_is_host_device(dev)) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) following 'true' branch... | 729 | if (!dev->parent) | | ~~ | | | | | (5) ...to here | <------+ | 'ufs_bsg_request': events 6-10 | |drivers/ufs/core/ufs_bsg.c:90:31: | 40 | if (min_req_len > request_len || min_rsp_len > reply_len) { | | ~ | | | | | (7) following 'false' branch... |...... | 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent)); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) returning to 'ufs_bsg_request' from 'dev_to_shost' |...... | 101 | if (ret) | | ~~ | | | | | (8) ...to here |...... | 125 | if (ret) | | ~ | | | | | (9) following 'false' branch (when 'ret == 0')... |...... | 147 | ufshcd_rpm_put_sync(hba); | | ~~~~~~~~~~~~~~~~~~~ | | | | | (10) ...to here | 'ufs_bsg_request': event 11 | |drivers/ufs/core/ufshcd-priv.h:261:40: | 261 | return pm_runtime_put_sync(&hba->ufs_device_wlun->sdev_gendev); | | ~~~^~~~~~~~~~~~~~~~~ | | | | | (11) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)' | In file included from include/linux/device.h:15, from include/linux/blk_types.h:11, from include/linux/blkdev.h:9, from include/linux/bsg-lib.h:12, from drivers/ufs/core/ufs_bsg.c:8: >> drivers/ufs/core/ufs_bsg.c:41:28: warning: dereference of NULL '0' [CWE-476] >> [-Wanalyzer-null-dereference] 41 | dev_err(hba->dev, "not enough space assigned\n"); | ~~~^~~~~ include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap' 110 | _p_func(dev, fmt, ##__VA_ARGS__); \ | ^~~ drivers/ufs/core/ufs_bsg.c:41:17: note: in expansion of macro 'dev_err' 41 | dev_err(hba->dev, "not enough space assigned\n"); | ^~~~~~~ 'ufs_bsg_request': events 1-2 | | 86 | static int ufs_bsg_request(struct bsg_job *job) | | ^~~~~~~~~~~~~~~ | | | | | (1) entry to 'ufs_bsg_request' |...... | 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) calling 'dev_to_shost' from 'ufs_bsg_request' | +--> 'dev_to_shost': events 3-5 | |include/scsi/scsi_host.h:726:33: | 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev) | | ^~~~~~~~~~~~ | | | | | (3) entry to 'dev_to_shost' | 727 | { | 728 | while (!scsi_is_host_device(dev)) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) following 'true' branch... | 729 | if (!dev->parent) | | ~~ | | | | | (5) ...to here | <------+ | 'ufs_bsg_request': event 6 | |drivers/ufs/core/ufs_bsg.c:90:31: | 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent)); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) returning to 'ufs_bsg_request' from 'dev_to_shost' | 'ufs_bsg_request': event 7 | | 41 | dev_err(hba->dev, "not enough space assigned\n"); | | ~~~^~~~~ | | | | | (7) dereference of NULL 'dev_to_shost(*job_35(D)->dev.parent)' include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap' | 110 | _p_func(dev, fmt, ##__VA_ARGS__); \ | | ^~~ drivers/ufs/core/ufs_bsg.c:41:17: note: in expansion of macro 'dev_err' | 41 | dev_err(hba->dev, "not enough space assigned\n"); | | ^~~~~~~ | drivers/ufs/core/ufs_bsg.c:126:36: warning: dereference of NULL '0' [CWE-476] [-Wanalyzer-null-dereference] 126 | dev_err(hba->dev, | ~~~^~~~~ include/linux/dev_printk.h:110:25: note: in definition of macro 'dev_printk_index_wrap' 110 | _p_func(dev, fmt, ##__VA_ARGS__); \ | ^~~ drivers/ufs/core/ufs_bsg.c:126:25: note: in expansion of macro 'dev_err' 126 | dev_err(hba->dev, | ^~~~~~~ 'ufs_bsg_request': events 1-2 | | 86 | static int ufs_bsg_request(struct bsg_job *job) | | ^~~~~~~~~~~~~~~ | | | | | (1) entry to 'ufs_bsg_request' |...... | 90 | struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent)); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (2) calling 'dev_to_shost' from 'ufs_bsg_request' | +--> 'dev_to_shost': events 3-5 | |include/scsi/scsi_host.h:726:33: | 726 | static inline struct Scsi_Host *dev_to_shost(struct device *dev) | | ^~~~~~~~~~~~ | | | | | (3) entry to 'dev_to_shost' | 727 | { | 728 | while (!scsi_is_host_device(dev)) { | | ~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) following 'true' branch... | 729 | if (!dev->parent) | | ~~ | | | | | (5) ...to here | <------+ | vim +/0 +41 drivers/ufs/core/ufs_bsg.c 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 32 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 33 static int ufs_bsg_verify_query_size(struct ufs_hba *hba, 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 34 unsigned int request_len, 4eaa329e331343 drivers/scsi/ufs/ufs_bsg.c Avri Altman 2019-02-20 35 unsigned int reply_len) 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 36 { 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 37 int min_req_len = sizeof(struct ufs_bsg_request); 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 38 int min_rsp_len = sizeof(struct ufs_bsg_reply); 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 39 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 40 if (min_req_len > request_len || min_rsp_len > reply_len) { 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 @41 dev_err(hba->dev, "not enough space assigned\n"); 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 42 return -EINVAL; 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 43 } 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 44 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 45 return 0; 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 46 } 95e34bf930eaee drivers/scsi/ufs/ufs_bsg.c Avri Altman 2018-10-07 47 :::::: The code at line 41 was first introduced by commit :::::: 95e34bf930eaee51dab23495342b148cd0ee2ba1 scsi: ufs-bsg: Add support for raw upiu in ufs_bsg_request() :::::: TO: Avri Altman <[email protected]> :::::: CC: Martin K. Petersen <[email protected]> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
