Signed-off-by: Heloise <[email protected]>
mtip_async_complete() uses the variable port 'port->dd'at the begining, then
validates null-pointer dereference of port 'unlikely(!port)'. Change the order
of validation.
---
drivers/block/mtip32xx/mtip32xx.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
index 1d1dc11..feed61a 100644
--- a/drivers/block/mtip32xx/mtip32xx.c
+++ b/drivers/block/mtip32xx/mtip32xx.c
@@ -228,10 +228,13 @@ static struct mtip_cmd *mtip_cmd_from_tag(struct driver_data *dd,
static void mtip_async_complete(struct mtip_port *port,
int tag, struct mtip_cmd *cmd, int status)
{
+ if (unlikely(!port))
+ return;
+
struct driver_data *dd = port->dd;
struct request *rq;
- if (unlikely(!dd) || unlikely(!port))
+ if (unlikely(!dd))
return;
if (unlikely(status == PORT_IRQ_TF_ERR)) {
--
2.1.0
On 04/25/2017 06:30 PM, Heloise wrote:
> Signed-off-by: Heloise <[email protected]>
>
> mtip_async_complete() uses the variable port 'port->dd'at the begining, then
> validates null-pointer dereference of port 'unlikely(!port)'. Change the order
> of validation.
> ---
> drivers/block/mtip32xx/mtip32xx.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
> index 1d1dc11..feed61a 100644
> --- a/drivers/block/mtip32xx/mtip32xx.c
> +++ b/drivers/block/mtip32xx/mtip32xx.c
> @@ -228,10 +228,13 @@ static struct mtip_cmd *mtip_cmd_from_tag(struct driver_data *dd,
> static void mtip_async_complete(struct mtip_port *port,
> int tag, struct mtip_cmd *cmd, int status)
> {
> + if (unlikely(!port))
> + return;
> +
> struct driver_data *dd = port->dd;
> struct request *rq;
>
> - if (unlikely(!dd) || unlikely(!port))
> + if (unlikely(!dd))
> return;
Doesn't matter, since 'dd' isn't dereferenced before checking if
'port' is NULL.
--
Jens Axboe
Hi Heloise,
[auto build test WARNING on linus/master]
[also build test WARNING on v4.11-rc8 next-20170426]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Heloise/drivers-block-mtip32xx-mtip32xx-change-the-order-of-null-pointer-dereference-validation/20170426-235410
config: x86_64-acpi-redef (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All warnings (new ones prefixed by >>):
drivers/block/mtip32xx/mtip32xx.c: In function 'mtip_async_complete':
>> drivers/block/mtip32xx/mtip32xx.c:234:2: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
struct driver_data *dd = port->dd;
^~~~~~
vim +234 drivers/block/mtip32xx/mtip32xx.c
8f8b8995 Asai Thambi S P 2013-09-11 218 * clears the allocated bit associated with the completed command.
8f8b8995 Asai Thambi S P 2013-09-11 219 *
8f8b8995 Asai Thambi S P 2013-09-11 220 * @port Pointer to the port data structure.
8f8b8995 Asai Thambi S P 2013-09-11 221 * @tag Tag of the command.
8f8b8995 Asai Thambi S P 2013-09-11 222 * @data Pointer to driver_data.
8f8b8995 Asai Thambi S P 2013-09-11 223 * @status Completion status.
8f8b8995 Asai Thambi S P 2013-09-11 224 *
8f8b8995 Asai Thambi S P 2013-09-11 225 * return value
8f8b8995 Asai Thambi S P 2013-09-11 226 * None
8f8b8995 Asai Thambi S P 2013-09-11 227 */
8f8b8995 Asai Thambi S P 2013-09-11 228 static void mtip_async_complete(struct mtip_port *port,
ffc771b3 Jens Axboe 2014-05-09 229 int tag, struct mtip_cmd *cmd, int status)
8f8b8995 Asai Thambi S P 2013-09-11 230 {
6a63892e Heloise 2017-04-25 231 if (unlikely(!port))
6a63892e Heloise 2017-04-25 232 return;
6a63892e Heloise 2017-04-25 233
ffc771b3 Jens Axboe 2014-05-09 @234 struct driver_data *dd = port->dd;
ffc771b3 Jens Axboe 2014-05-09 235 struct request *rq;
8f8b8995 Asai Thambi S P 2013-09-11 236
6a63892e Heloise 2017-04-25 237 if (unlikely(!dd))
8f8b8995 Asai Thambi S P 2013-09-11 238 return;
8f8b8995 Asai Thambi S P 2013-09-11 239
8f8b8995 Asai Thambi S P 2013-09-11 240 if (unlikely(status == PORT_IRQ_TF_ERR)) {
8f8b8995 Asai Thambi S P 2013-09-11 241 dev_warn(&port->dd->pdev->dev,
8f8b8995 Asai Thambi S P 2013-09-11 242 "Command tag %d failed due to TFE\n", tag);
:::::: The code at line 234 was first introduced by commit
:::::: ffc771b3ca8b2c03e5e9faa6335b4862108f111f mtip32xx: convert to use blk-mq
:::::: TO: Jens Axboe <[email protected]>
:::::: CC: Jens Axboe <[email protected]>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation