RE: [net-qed] question about potential null pointer dereference

From: Mintz, Yuval
Date: Wed May 31 2017 - 13:51:22 EST

Next message: Rob Herring: "Re: [PATCH v3 3/9] ASoC: sun8i-codec-analog: add support for V3s SoC"
Previous message: Rob Herring: "Re: [PATCH v4 1/5] mtd: mchp23k256: Add OF device ID table"
In reply to: Gustavo A. R. Silva: "[net-qed] question about potential null pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> While looking into Coverity ID 1362293 I ran into the following piece of code
> at drivers/net/ethernet/qlogic/qed/qed_sriov.c:3863:
>
> 3863static int
> 3864qed_iov_configure_min_tx_rate(struct qed_dev *cdev, int vfid, u32 rate)
> 3865{
> 3866 struct qed_vf_info *vf;
> 3867 u8 vport_id;
> 3868 int i;
> 3869
> 3870 for_each_hwfn(cdev, i) {
> 3871 struct qed_hwfn *p_hwfn = &cdev->hwfns[i];
> 3872
> 3873 if (!qed_iov_pf_sanity_check(p_hwfn, vfid)) {
> 3874 DP_NOTICE(p_hwfn,
> 3875 "SR-IOV sanity check failed,
> can't set min rate\n");
> 3876 return -EINVAL;
> 3877 }
> 3878 }
> 3879
> 3880 vf = qed_iov_get_vf_info(QED_LEADING_HWFN(cdev), (u16)vfid,
> true);

Unless I'm missing something, this sounds like a false-positive from coverity.
The validation of qed_iov_pf_sanity_check() should be sufficient for qed_iov_get_vf_info()
to always return a valid value, and there's no scenario where we'd reach this
part of the code if the hw-functions aren't initialized; so we're bound to enter the loop.

Next message: Rob Herring: "Re: [PATCH v3 3/9] ASoC: sun8i-codec-analog: add support for V3s SoC"
Previous message: Rob Herring: "Re: [PATCH v4 1/5] mtd: mchp23k256: Add OF device ID table"
In reply to: Gustavo A. R. Silva: "[net-qed] question about potential null pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]