On Mon, Sep 14, 2020 at 06:47:27PM +0300, Dan Carpenter wrote: > On Mon, Sep 14, 2020 at 06:24:55PM +0300, Andy Shevchenko wrote: > > On Mon, Sep 14, 2020 at 05:48:07PM +0300, Dan Carpenter wrote: > > > Hi Jie, > > > > > > url: > > > https://github.com/0day-ci/linux/commits/Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013 > > > > > > base: https://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux.git > > > i2c/for-next > > > config: parisc-randconfig-m031-20200913 (attached as .config) > > > compiler: hppa-linux-gcc (GCC) 9.3.0 > > > > > > If you fix the issue, kindly add following tag as appropriate > > > Reported-by: kernel test robot <[email protected]> > > > Reported-by: Dan Carpenter <[email protected]> > > > > > > smatch warnings: > > > drivers/i2c/busses/i2c-virtio.c:160 virtio_i2c_xfer() error: we > > > previously assumed 'vmsg' could be null (see line 137) > > > > > > > It's quite possible a false positive. Look at 122. But I agree that > > for-loop is > > not the best for such things to understand. Perhaps switching to do {} > > while () > > will make it better. > > > > Smatch is assuming that virtqueue_get_buf() can return NULL on the last > iteration through the loop.
I see now. Thanks. > > > # > > > https://github.com/0day-ci/linux/commit/0a54ec771966748fcbc86256b830b5f786168b7d > > > > > > git remote add linux-review https://github.com/0day-ci/linux > > > git fetch --no-tags linux-review > > > Jie-Deng/i2c-virtio-add-a-virtio-i2c-frontend-driver/20200911-115013 > > > git checkout 0a54ec771966748fcbc86256b830b5f786168b7d > > > vim +/vmsg +160 drivers/i2c/busses/i2c-virtio.c > > > > > > 0a54ec77196674 Jie Deng 2020-09-11 109 static int > > > virtio_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, int num) > > > 0a54ec77196674 Jie Deng 2020-09-11 110 { > > > 0a54ec77196674 Jie Deng 2020-09-11 111 struct virtio_i2c *vi = > > > i2c_get_adapdata(adap); > > > 0a54ec77196674 Jie Deng 2020-09-11 112 struct virtqueue *vq = vi->vq; > > > 0a54ec77196674 Jie Deng 2020-09-11 113 struct virtio_i2c_msg *vmsg; > > > 0a54ec77196674 Jie Deng 2020-09-11 114 unsigned long time_left; > > > 0a54ec77196674 Jie Deng 2020-09-11 115 int len, i, ret = 0; > > > 0a54ec77196674 Jie Deng 2020-09-11 116 > > > 0a54ec77196674 Jie Deng 2020-09-11 117 mutex_lock(&vi->i2c_lock); > > > 0a54ec77196674 Jie Deng 2020-09-11 118 vmsg = &vi->vmsg; > > > 0a54ec77196674 Jie Deng 2020-09-11 119 vmsg->buf = NULL; > > > 0a54ec77196674 Jie Deng 2020-09-11 120 > > > 0a54ec77196674 Jie Deng 2020-09-11 121 for (i = 0; i < num; i++) { > > > 0a54ec77196674 Jie Deng 2020-09-11 122 ret = > > > virtio_i2c_add_msg(vq, vmsg, &msgs[i]); > > > 0a54ec77196674 Jie Deng 2020-09-11 123 if (ret) { > > > 0a54ec77196674 Jie Deng 2020-09-11 124 > > > dev_err(&adap->dev, "failed to add msg[%d] to virtqueue.\n", i); > > > 0a54ec77196674 Jie Deng 2020-09-11 125 break; > > > 0a54ec77196674 Jie Deng 2020-09-11 126 } > > > 0a54ec77196674 Jie Deng 2020-09-11 127 > > > 0a54ec77196674 Jie Deng 2020-09-11 128 virtqueue_kick(vq); > > > 0a54ec77196674 Jie Deng 2020-09-11 129 > > > 0a54ec77196674 Jie Deng 2020-09-11 130 time_left = > > > wait_for_completion_timeout(&vi->completion, adap->timeout); > > > 0a54ec77196674 Jie Deng 2020-09-11 131 if (!time_left) { > > > 0a54ec77196674 Jie Deng 2020-09-11 132 > > > dev_err(&adap->dev, "msg[%d]: addr=0x%x timeout.\n", i, msgs[i].addr); > > > 0a54ec77196674 Jie Deng 2020-09-11 133 break; > > > 0a54ec77196674 Jie Deng 2020-09-11 134 } > > > 0a54ec77196674 Jie Deng 2020-09-11 135 > > > 0a54ec77196674 Jie Deng 2020-09-11 136 vmsg = (struct > > > virtio_i2c_msg *)virtqueue_get_buf(vq, &len); > > > 0a54ec77196674 Jie Deng 2020-09-11 @137 if (vmsg) { > > > ^^^^ > > > Check for NULL. > > > > > > 0a54ec77196674 Jie Deng 2020-09-11 138 /* vmsg should > > > point to the same address with &vi->vmsg */ > > > 0a54ec77196674 Jie Deng 2020-09-11 139 if (vmsg != > > > &vi->vmsg) { > > > 0a54ec77196674 Jie Deng 2020-09-11 140 > > > dev_err(&adap->dev, "msg[%d]: addr=0x%x virtqueue error.\n", > > > 0a54ec77196674 Jie Deng 2020-09-11 141 > > > i, le16_to_cpu(vmsg->hdr.addr)); > > > 0a54ec77196674 Jie Deng 2020-09-11 142 break; > > > 0a54ec77196674 Jie Deng 2020-09-11 143 } > > > 0a54ec77196674 Jie Deng 2020-09-11 144 if > > > (vmsg->status != VIRTIO_I2C_MSG_OK) { > > > 0a54ec77196674 Jie Deng 2020-09-11 145 > > > dev_err(&adap->dev, "msg[%d]: addr=0x%x error=%d.\n", > > > 0a54ec77196674 Jie Deng 2020-09-11 146 > > > i, le16_to_cpu(vmsg->hdr.addr), vmsg->status); > > > 0a54ec77196674 Jie Deng 2020-09-11 147 break; > > > 0a54ec77196674 Jie Deng 2020-09-11 148 } > > > 0a54ec77196674 Jie Deng 2020-09-11 149 if > > > ((msgs[i].flags & I2C_M_RD) && msgs[i].len) > > > 0a54ec77196674 Jie Deng 2020-09-11 150 > > > memcpy(msgs[i].buf, vmsg->buf, msgs[i].len); > > > 0a54ec77196674 Jie Deng 2020-09-11 151 > > > 0a54ec77196674 Jie Deng 2020-09-11 152 > > > kfree(vmsg->buf); > > > 0a54ec77196674 Jie Deng 2020-09-11 153 vmsg->buf = > > > NULL; > > > 0a54ec77196674 Jie Deng 2020-09-11 154 } > > > 0a54ec77196674 Jie Deng 2020-09-11 155 > > > 0a54ec77196674 Jie Deng 2020-09-11 156 > > > reinit_completion(&vi->completion); > > > 0a54ec77196674 Jie Deng 2020-09-11 157 } > > > 0a54ec77196674 Jie Deng 2020-09-11 158 > > > 0a54ec77196674 Jie Deng 2020-09-11 159 mutex_unlock(&vi->i2c_lock); > > > 0a54ec77196674 Jie Deng 2020-09-11 @160 kfree(vmsg->buf); > > > ^^^^^^^^^ > > > Unchecked dereference. > > > > > > 0a54ec77196674 Jie Deng 2020-09-11 161 return ((ret < 0) ? ret : i); > > > 0a54ec77196674 Jie Deng 2020-09-11 162 } > > > > > > --- > > > 0-DAY CI Kernel Test Service, Intel Corporation > > > https://lists.01.org/hyperkitty/list/[email protected] > > > > > > > > -- > > With Best Regards, > > Andy Shevchenko > > -- With Best Regards, Andy Shevchenko
