Re: drivers/staging/greybus/bootrom.c:298:35-39: ERROR: fw is NULL but dereferenced.
From: Fengguang Wu
Date: Mon Nov 28 2016 - 03:25:11 EST
On Sun, Nov 27, 2016 at 12:06:33PM +0100, Greg KH wrote:
On Sun, Nov 27, 2016 at 07:11:46AM +0800, kbuild test robot wrote:
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: a0d60e62ea5c88a9823410e9d0929a513e29dea2
commit: f44dd184634d401f5cf88a6d8b4a60d5ff4f417f Merge greybus driver tree into 4.8-rc6
date: 10 weeks ago
This is a false-positive, sorry.
Yes it's a false warning: ret != 0, so fw->size in the if test won't be dereferenced.
Relevant code:
if (!fw) {
dev_err(dev, "%s: firmware not available\n", __func__);
ret = -EINVAL;
goto unlock;
}
...
unlock:
mutex_unlock(&bootrom->mutex);
queue_work:
/* Refresh timeout */
if (!ret && (offset + size == fw->size))
next_request = NEXT_REQ_READY_TO_BOOT;
else
next_request = NEXT_REQ_GET_FIRMWARE;
CC Julia for possible improvements to the coccinelle script. If it's
not convenient to fix there I'll teach the robot to ignore this
particular false warning.
Thanks,
Fengguang
coccinelle warnings: (new ones prefixed by >>)
>> drivers/staging/greybus/bootrom.c:298:35-39: ERROR: fw is NULL but dereferenced.
vim +298 drivers/staging/greybus/bootrom.c
90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 282 dev_err(dev, "%s: error allocating response\n", __func__);
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 283 ret = -ENOMEM;
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 284 goto unlock;
90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 285 }
90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 286
90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 287 firmware_response = op->response->payload;
98645a9c drivers/staging/greybus/firmware.c Johan Hovold 2015-11-19 288 memcpy(firmware_response->data, fw->data + offset, size);
90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 289
fc41c2da drivers/staging/greybus/firmware.c Eli Sennesh 2016-01-08 290 dev_dbg(dev, "responding with firmware (offs = %u, size = %u)\n", offset,
fc41c2da drivers/staging/greybus/firmware.c Eli Sennesh 2016-01-08 291 size);
fc41c2da drivers/staging/greybus/firmware.c Eli Sennesh 2016-01-08 292
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 293 unlock:
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 294 mutex_unlock(&bootrom->mutex);
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 295
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 296 queue_work:
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 297 /* Refresh timeout */
a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 @298 if (!ret && (offset + size == fw->size))
a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 299 next_request = NEXT_REQ_READY_TO_BOOT;
a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 300 else
a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 301 next_request = NEXT_REQ_GET_FIRMWARE;
a4293e1d drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 302
dbb8cfeb drivers/staging/greybus/bootrom.c Viresh Kumar 2016-06-22 303 gb_bootrom_set_timeout(bootrom, next_request, NEXT_REQ_TIMEOUT_MS);
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 304
a956d939 drivers/staging/greybus/bootrom.c Viresh Kumar 2016-05-09 305 return ret;
90f1b617 drivers/staging/greybus/firmware.c Viresh Kumar 2015-08-12 306 }
:::::: The code at line 298 was first introduced by commit
:::::: a4293e1d4e6416477976ee3bd248589d3fc4bb19 greybus: bootrom: Enhance timeout error message
:::::: TO: Viresh Kumar <viresh.kumar@xxxxxxxxxx>
:::::: CC: Greg Kroah-Hartman <gregkh@xxxxxxxxxx>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation