Re: [PATCH] IB/mlx5: Fix potential NULL dereference in query_device

Next message: Marco Crivellari: "Re: [PATCH v2 0/2] Add WQ_PERCPU to alloc_workqueue users"
Previous message: Thomas Huth: "[PATCH v5 7/8] include: Replace __ASSEMBLY__ with __ASSEMBLER__ in non-uapi headers"
Next in thread: Prathamesh Deshpande: "Re: [PATCH] IB/mlx5: Fix potential NULL dereference in query_device"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Leon Romanovsky

Date: Thu Apr 09 2026 - 05:52:12 EST

On Tue, Mar 31, 2026 at 10:57:36PM +0100, Prathamesh Deshpande wrote:
> On Tue, Mar 31, 2026 at 10:04:00PM +0300, Leon Romanovsky wrote:
> > Kernel-space callers don't use uverbs path. It is solely for the
> > user-space access.
>
> Hi Leon,
>
> Understood. Smatch flags this as an "inconsistent NULL check" because
> 'uhw' is explicitly checked at line 967 (if (uhw && ...)).
>
> If 'uhw' is guaranteed to be non-NULL in this path, would you prefer
> a patch removing the redundant check at line 967 instead? This would
> align the logic and silence the static analysis warning.

uhw is not guaranteed to be non-NULL in mlx5_ib_query_device(). This
function is used in both kernel and user-space paths. The only condition
that cannot occur is a caller providing a non-zero 'uhw_outlen' while
passing a NULL 'uhw' pointer.

If the caller provides 'uhw_outlen', then 'uhw' will always be present.
The reverse, however, is not always true. See:

944 static int mlx5_ib_query_device(struct ib_device *ibdev,
945 struct ib_device_attr *props,
946 struct ib_udata *uhw)
947 {
948 size_t uhw_outlen = (uhw) ? uhw->outlen : 0;

Thanks

>
> Thanks,
> Prathamesh
>