Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp4185214ybx; Mon, 4 Nov 2019 09:08:43 -0800 (PST) X-Google-Smtp-Source: APXvYqxT2Zx1yZcSvHdMPeO2my6TRKO8MSTsrFld2DPM9N52d+2dsswM1IOpx5KAwdDFRABIHxxP X-Received: by 2002:a05:6402:168b:: with SMTP id a11mr2146176edv.107.1572887322987; Mon, 04 Nov 2019 09:08:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572887322; cv=none; d=google.com; s=arc-20160816; b=v3/cCk9J+S/Ky1dou7CvE8VS0Aksr5AzNu3eEMDQ1QMhLO5oPP0SiaQKFarxd9xzGN 4tz2mBL8UwNT2kOLzTjdumlVNahMo6weEked7DEQY8s5/0TnUp8KPfYf0PAUIvrionEA MdqQcpgxEuI0Gdsw+/wtbVXSDuj6YUAi7E6m/0dwhu5OdTeKlHifnsdr1MGz6T7a0RaK DCrExG9+C8A0utUyNjGkxP1B1LS0uW2o7QRjze52dqt6L4tcgU+/5s66BOVurv9h5mmg vUW2/yXL1gPr20U3rdyib0Y4aBA+/6oIoUMDzw6zGdAzbC8Z6rxs2SKixemLQNKOfsJx yTRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=BHzpPUZhP6EFiZFRMFnMy0D2VoQJvF3kRf5kqVuT5CU=; b=IW9sAP8haYu+0LYns9ooQOty9Z9PrxeT+n5lm4O9SCVHeCbT0BhU7EuANOMM7NyF2m EH+Z9a1cUYPQN3iGo8bLG+XtmbiQToCNruioYABkEvvSCs1qzAEcxQJyRYbq8CBq4SXm zNGBVjL/HkZpyxkU2ktcN9R3WNhfpEN+bUTCnZpcoOihrZ0T9eKY4JQnJGBnbX15kkVF TjglL6fSmE6A3KfzXbcVBob2u+1LEzbrOXKS7HDj1tjFoWe23p+tG5Ds9nWwTOJvP8eB gv7itHfZ2d4x3pS5KXpED92uFnTc9HwLIdCsvbbs72vFKSYPs/E9u6XExy+NW/CsnthS 8++w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Azf6yqEd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id um11si11469635ejb.263.2019.11.04.09.08.19; Mon, 04 Nov 2019 09:08:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Azf6yqEd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728489AbfKDRHu (ORCPT + 99 others); Mon, 4 Nov 2019 12:07:50 -0500 Received: from mail.kernel.org ([198.145.29.99]:45782 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727998AbfKDRHu (ORCPT ); Mon, 4 Nov 2019 12:07:50 -0500 Received: from [192.168.1.112] (c-24-9-64-241.hsd1.co.comcast.net [24.9.64.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6E5FA2080F; Mon, 4 Nov 2019 17:07:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572887269; bh=Fgriju3JgvjjAT2rtP3Dx+qGRMZaCtKOPLxgWUqBGtk=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Azf6yqEdQRwQzpxYWQWGCy2JKWzDrFqCBd7mYKo0ND65qaS+hFYvMC3HRgvBjD9hP FiaV789GVnMQ1f+N71DvTe96533kIoOBnScyps0ntfVIcxiLrTFa9itWgD3jeeXLYt tgx4qmj/4MLn4W8gLj/wfUO5smXGIOl6v0NX5p/I= Subject: Re: drivers/usb/usbip/stub_rx.c:505 stub_recv_cmd_submit() error: uninitialized symbol 'nents'. To: Suwan Kim Cc: Dan Carpenter , kbuild@lists.01.org, kbuild-all@lists.01.org, linux-kernel@vger.kernel.org, Greg Kroah-Hartman , linux-usb@vger.kernel.org, shuah References: <20191022092839.GD10833@kadam> <20191023071120.GA3061@localhost.localdomain> <20191024194500.GD23523@kadam> <20191026034010.GA6411@localhost.localdomain> <20191101143439.GA18757@localhost.localdomain> From: shuah Message-ID: <82478914-2bed-d8d8-0ee2-0460081434db@kernel.org> Date: Mon, 4 Nov 2019 10:07:28 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191101143439.GA18757@localhost.localdomain> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/1/19 8:34 AM, Suwan Kim wrote: > On Tue, Oct 29, 2019 at 05:07:58AM -0600, shuah wrote: >> On 10/25/19 9:40 PM, Suwan Kim wrote: >> under this check? > > I understood. Moving this check after sgl_alloc() does not seem to > require any additional checks on nents. > > But I think we need to check for the case that Smatch reported that > use_sg is true and buf_len is zero. > > If there is no error check and an error condition occurs, the URB > will be passed to the next step without a buffer. Yes buf_len needs checking. > > I attached the code. If you are okay, I will send a patch. > This code looks good. Couple of comments. > --- > diff --git a/drivers/usb/usbip/stub_rx.c b/drivers/usb/usbip/stub_rx.c > index 66edfeea68fe..0b6c4736ffd6 100644 > --- a/drivers/usb/usbip/stub_rx.c > +++ b/drivers/usb/usbip/stub_rx.c > @@ -476,12 +476,39 @@ static void stub_recv_cmd_submit(struct stub_device *sdev, > > buf_len = (unsigned long long)pdu->u.cmd_submit.transfer_buffer_length; > > + if (use_sg && !buf_len) { > + dev_err(&udev->dev, "sg buffer with zero length\n"); > + goto err_malloc; This is fine, what happens to the priv allocated by stub_priv_alloc()? Shouldn't that be released? Can you add a comment above stub_priv_alloc() indicating that it adds SDEV_EVENT_ERROR_MALLOC? > + } > + > /* allocate urb transfer buffer, if needed */ > if (buf_len) { > if (use_sg) { > sgl = sgl_alloc(buf_len, GFP_KERNEL, &nents); > if (!sgl) > goto err_malloc; > + > + /* Check if the server's HCD supports SG */ > + if (!udev->bus->sg_tablesize) { > + /* > + * If the server's HCD doesn't support SG, break > + * a single SG request into several URBs and map > + * each SG list entry to corresponding URB > + * buffer. The previously allocated SG list is > + * stored in priv->sgl (If the server's HCD > + * support SG, SG list is stored only in > + * urb->sg) and it is used as an indicator that > + * the server split single SG request into > + * several URBs. Later, priv->sgl is used by > + * stub_complete() and stub_send_ret_submit() to > + * reassemble the divied URBs. > + */ > + support_sg = 0; > + num_urbs = nents; > + priv->completed_urbs = 0; > + pdu->u.cmd_submit.transfer_flags &= > + ~URB_DMA_MAP_SG; > + } > } else { > buffer = kzalloc(buf_len, GFP_KERNEL); > if (!buffer) > @@ -489,24 +516,6 @@ static void stub_recv_cmd_submit(struct stub_device *sdev, > } > } > > - /* Check if the server's HCD supports SG */ > - if (use_sg && !udev->bus->sg_tablesize) { > - /* > - * If the server's HCD doesn't support SG, break a single SG > - * request into several URBs and map each SG list entry to > - * corresponding URB buffer. The previously allocated SG > - * list is stored in priv->sgl (If the server's HCD support SG, > - * SG list is stored only in urb->sg) and it is used as an > - * indicator that the server split single SG request into > - * several URBs. Later, priv->sgl is used by stub_complete() and > - * stub_send_ret_submit() to reassemble the divied URBs. > - */ > - support_sg = 0; > - num_urbs = nents; > - priv->completed_urbs = 0; > - pdu->u.cmd_submit.transfer_flags &= ~URB_DMA_MAP_SG; > - } > - > /* allocate urb array */ > priv->num_urbs = num_urbs; > priv->urbs = kmalloc_array(num_urbs, sizeof(*priv->urbs), GFP_KERNEL); > thanks, -- Shuah