nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.

Dan Carpenter Fri, 09 Oct 2020 04:02:34 -0700

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/seves
head:   0ddfb1cf3b6b07c97cff16ea69931d986f9622ee
commit: 6ccbd29ade0d159ee1be398dc9defaae567c253d [3/75] KVM: SVM: nested: Don't 
allocate VMCB structures on stack
config: x86_64-randconfig-m001-20201008 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0


If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <l...@intel.com>
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>

smatch warnings:
arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized 
symbol 'save'.
arch/x86/kvm/svm/nested.c:1154 svm_set_nested_state() error: uninitialized 
symbol 'ctl'.

vim +/save +1153 arch/x86/kvm/svm/nested.c

cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1055  static int 
svm_set_nested_state(struct kvm_vcpu *vcpu,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1056                                  
struct kvm_nested_state __user *user_kvm_nested_state,
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1057                                  
struct kvm_nested_state *kvm_state)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1058  {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1059          struct vcpu_svm *svm = 
to_svm(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1060          struct vmcb *hsave = 
svm->nested.hsave;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1061          struct vmcb __user 
*user_vmcb = (struct vmcb __user *)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1062                  
&user_kvm_nested_state->data.svm[0];
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1063          struct 
vmcb_control_area *ctl;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1064          struct vmcb_save_area 
*save;

These aren't initialized.

6ccbd29ade0d159 Joerg Roedel  2020-09-07  1065          int ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1066          u32 cr0;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1067  
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1068          
BUILD_BUG_ON(sizeof(struct vmcb_control_area) + sizeof(struct vmcb_save_area) >
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1069                       
KVM_STATE_NESTED_SVM_VMCB_SIZE);
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1070  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1071          if (kvm_state->format 
!= KVM_STATE_NESTED_FORMAT_SVM)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1072                  return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1073  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1074          if (kvm_state->flags & 
~(KVM_STATE_NESTED_GUEST_MODE |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1075                                  
 KVM_STATE_NESTED_RUN_PENDING |
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1076                                  
 KVM_STATE_NESTED_GIF_SET))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1077                  return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1078  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1079          /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1080           * If in guest mode, 
vcpu->arch.efer actually refers to the L2 guest's
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1081           * EFER.SVME, but 
EFER.SVME still has to be 1 for VMRUN to succeed.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1082           */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1083          if (!(vcpu->arch.efer & 
EFER_SVME)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1084                  /* GIF=1 and no 
guest mode are required if SVME=0.  */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1085                  if 
(kvm_state->flags != KVM_STATE_NESTED_GIF_SET)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1086                          return 
-EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1087          }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1088  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1089          /* SMM temporarily 
disables SVM, so we cannot be in guest mode.  */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1090          if (is_smm(vcpu) && 
(kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1091                  return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1092  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1093          if (!(kvm_state->flags 
& KVM_STATE_NESTED_GUEST_MODE)) {
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1094                  
svm_leave_nested(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1095                  goto 
out_set_gif;
                                                                ^^^^^^^^^^^^^^^^

cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1096          }
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1097  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1098          if 
(!page_address_valid(vcpu, kvm_state->hdr.svm.vmcb_pa))
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1099                  return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1100          if (kvm_state->size < 
sizeof(*kvm_state) + KVM_STATE_NESTED_SVM_VMCB_SIZE)
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1101                  return -EINVAL;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1102  
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1103          ret  = -ENOMEM;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1104          ctl  = 
kzalloc(sizeof(*ctl),  GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1105          save = 
kzalloc(sizeof(*save), GFP_KERNEL);
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1106          if (!ctl || !save)
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1107                  goto out_free;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1108  
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1109          ret = -EFAULT;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1110          if (copy_from_user(ctl, 
&user_vmcb->control, sizeof(*ctl)))
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1111                  goto out_free;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1112          if 
(copy_from_user(save, &user_vmcb->save, sizeof(*save)))
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1113                  goto out_free;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1114  
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1115          ret = -EINVAL;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1116          if 
(!nested_vmcb_check_controls(ctl))
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1117                  goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1118  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1119          /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1120           * Processor state 
contains L2 state.  Check that it is
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1121           * valid for guest mode 
(see nested_vmcb_checks).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1122           */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1123          cr0 = 
kvm_read_cr0(vcpu);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1124          if (((cr0 & X86_CR0_CD) 
== 0) && (cr0 & X86_CR0_NW))
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1125                  goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1126  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1127          /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1128           * Validate host state 
saved from before VMRUN (see
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1129           * 
nested_svm_check_permissions).
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1130           * TODO: validate 
reserved bits for all saved state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1131           */
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1132          if (!(save->cr0 & 
X86_CR0_PG))
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1133                  goto out_free;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1134  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1135          /*
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1136           * All checks done, we 
can enter guest mode.  L1 control fields
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1137           * come from the nested 
save state.  Guest state is already
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1138           * in the registers, 
the save area of the nested state instead
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1139           * contains saved L1 
state.
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1140           */
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1141          
copy_vmcb_control_area(&hsave->control, &svm->vmcb->control);
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1142          hsave->save = *save;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1143  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1144          svm->nested.vmcb = 
kvm_state->hdr.svm.vmcb_pa;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1145          
load_nested_vmcb_control(svm, ctl);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1146          
nested_prepare_vmcb_control(svm);
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1147  
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1148  out_set_gif:
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1149          svm_set_gif(svm, 
!!(kvm_state->flags & KVM_STATE_NESTED_GIF_SET));
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1150  
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1151          ret = 0;
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1152  out_free:
6ccbd29ade0d159 Joerg Roedel  2020-09-07 @1153          kfree(save);
                                                              ^^^^
6ccbd29ade0d159 Joerg Roedel  2020-09-07 @1154          kfree(ctl);
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1155  
6ccbd29ade0d159 Joerg Roedel  2020-09-07  1156          return ret;
cc440cdad5b7a4c Paolo Bonzini 2020-05-13  1157  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-...@lists.01.org

.config.gz
Description: application/gzip

[tip:x86/seves 3/75] arch/x86/kvm/svm/nested.c:1153 svm_set_nested_state() error: uninitialized symbol 'save'.

Reply via email to