[chenxing:msc313_mainlining 55/62] drivers/gpio/gpiolib.c:1130 gpiochip_hierarchy_irq_domain_alloc() warn: variable dereferenced before check 'd->parent' (see line 1119)

From: Dan Carpenter
Date: Mon Oct 04 2021 - 04:07:25 EST

Next message: Hans Verkuil: "Re: [PATCH] media: cedrus: Don't kernel map most buffers"
Previous message: Mel Gorman: "Re: [PATCH 2/2] sched/fair: Scale wakeup granularity relative to nr_running"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

tree: git://github.com/linux-chenxing/linux.git msc313_mainlining
head: 1b2db4b2c68fdb4acc386166e82a28dfbc808705
commit: fd6b9913190ecb45cee3195dc919b7ba841e625f [55/62] gpiolib: Move setting the flow handler and don't set it at all if there is a parent domain
config: i386-randconfig-m021-20211002 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

smatch warnings:
drivers/gpio/gpiolib.c:1130 gpiochip_hierarchy_irq_domain_alloc() warn: variable dereferenced before check 'd->parent' (see line 1119)

vim +1130 drivers/gpio/gpiolib.c

fdd61a013a24f26 Linus Walleij 2019-08-08 1071 static int gpiochip_hierarchy_irq_domain_alloc(struct irq_domain *d,
fdd61a013a24f26 Linus Walleij 2019-08-08 1072 unsigned int irq,
fdd61a013a24f26 Linus Walleij 2019-08-08 1073 unsigned int nr_irqs,
fdd61a013a24f26 Linus Walleij 2019-08-08 1074 void *data)
fdd61a013a24f26 Linus Walleij 2019-08-08 1075 {
fdd61a013a24f26 Linus Walleij 2019-08-08 1076 struct gpio_chip *gc = d->host_data;
fdd61a013a24f26 Linus Walleij 2019-08-08 1077 irq_hw_number_t hwirq;
fdd61a013a24f26 Linus Walleij 2019-08-08 1078 unsigned int type = IRQ_TYPE_NONE;
fdd61a013a24f26 Linus Walleij 2019-08-08 1079 struct irq_fwspec *fwspec = data;
242587616710576 Kevin Hao 2020-01-14 1080 void *parent_arg;
fdd61a013a24f26 Linus Walleij 2019-08-08 1081 unsigned int parent_hwirq;
fdd61a013a24f26 Linus Walleij 2019-08-08 1082 unsigned int parent_type;
fdd61a013a24f26 Linus Walleij 2019-08-08 1083 struct gpio_irq_chip *girq = &gc->irq;
fdd61a013a24f26 Linus Walleij 2019-08-08 1084 int ret;
fdd61a013a24f26 Linus Walleij 2019-08-08 1085
fdd61a013a24f26 Linus Walleij 2019-08-08 1086 /*
fdd61a013a24f26 Linus Walleij 2019-08-08 1087 * The nr_irqs parameter is always one except for PCI multi-MSI
fdd61a013a24f26 Linus Walleij 2019-08-08 1088 * so this should not happen.
fdd61a013a24f26 Linus Walleij 2019-08-08 1089 */
fdd61a013a24f26 Linus Walleij 2019-08-08 1090 WARN_ON(nr_irqs != 1);
fdd61a013a24f26 Linus Walleij 2019-08-08 1091
fdd61a013a24f26 Linus Walleij 2019-08-08 1092 ret = gc->irq.child_irq_domain_ops.translate(d, fwspec, &hwirq, &type);
fdd61a013a24f26 Linus Walleij 2019-08-08 1093 if (ret)
fdd61a013a24f26 Linus Walleij 2019-08-08 1094 return ret;
fdd61a013a24f26 Linus Walleij 2019-08-08 1095
366950eeb6ee7ba Kevin Hao 2020-01-20 1096 chip_dbg(gc, "allocate IRQ %d, hwirq %lu\n", irq, hwirq);
fdd61a013a24f26 Linus Walleij 2019-08-08 1097
fdd61a013a24f26 Linus Walleij 2019-08-08 1098 ret = girq->child_to_parent_hwirq(gc, hwirq, type,
fdd61a013a24f26 Linus Walleij 2019-08-08 1099 &parent_hwirq, &parent_type);
fdd61a013a24f26 Linus Walleij 2019-08-08 1100 if (ret) {
fdd61a013a24f26 Linus Walleij 2019-08-08 1101 chip_err(gc, "can't look up hwirq %lu\n", hwirq);
fdd61a013a24f26 Linus Walleij 2019-08-08 1102 return ret;
fdd61a013a24f26 Linus Walleij 2019-08-08 1103 }
366950eeb6ee7ba Kevin Hao 2020-01-20 1104 chip_dbg(gc, "found parent hwirq %u\n", parent_hwirq);
fdd61a013a24f26 Linus Walleij 2019-08-08 1105
fdd61a013a24f26 Linus Walleij 2019-08-08 1106 /* This parent only handles asserted level IRQs */
242587616710576 Kevin Hao 2020-01-14 1107 parent_arg = girq->populate_parent_alloc_arg(gc, parent_hwirq, parent_type);
242587616710576 Kevin Hao 2020-01-14 1108 if (!parent_arg)
242587616710576 Kevin Hao 2020-01-14 1109 return -ENOMEM;
242587616710576 Kevin Hao 2020-01-14 1110
366950eeb6ee7ba Kevin Hao 2020-01-20 1111 chip_dbg(gc, "alloc_irqs_parent for %d parent hwirq %d\n",
fdd61a013a24f26 Linus Walleij 2019-08-08 1112 irq, parent_hwirq);
c34f6dc8c9e6bbe Stephen Boyd 2020-01-14 1113 irq_set_lockdep_class(irq, gc->irq.lock_key, gc->irq.request_key);
242587616710576 Kevin Hao 2020-01-14 1114 ret = irq_domain_alloc_irqs_parent(d, irq, 1, parent_arg);
880b7cf22e8ca08 Kevin Hao 2020-01-14 1115 /*
880b7cf22e8ca08 Kevin Hao 2020-01-14 1116 * If the parent irqdomain is msi, the interrupts have already
880b7cf22e8ca08 Kevin Hao 2020-01-14 1117 * been allocated, so the EEXIST is good.
880b7cf22e8ca08 Kevin Hao 2020-01-14 1118 */
880b7cf22e8ca08 Kevin Hao 2020-01-14 @1119 if (irq_domain_is_msi(d->parent) && (ret == -EEXIST))
^^^^^^^^^
Unchecked dereference.

880b7cf22e8ca08 Kevin Hao 2020-01-14 1120 ret = 0;
fdd61a013a24f26 Linus Walleij 2019-08-08 1121 if (ret)
fdd61a013a24f26 Linus Walleij 2019-08-08 1122 chip_err(gc,
fdd61a013a24f26 Linus Walleij 2019-08-08 1123 "failed to allocate parent hwirq %d for hwirq %lu\n",
fdd61a013a24f26 Linus Walleij 2019-08-08 1124 parent_hwirq, hwirq);
fdd61a013a24f26 Linus Walleij 2019-08-08 1125
242587616710576 Kevin Hao 2020-01-14 1126 kfree(parent_arg);
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1127
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1128 if (!ret) {
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1129 /* If there is a parent domain leave the flow handler alone */
fd6b9913190ecb4 Daniel Palmer 2021-09-30 @1130 if(d->parent)
^^^^^^^^^
Checked too late. (Already Oopsed?)

fd6b9913190ecb4 Daniel Palmer 2021-09-30 1131 irq_domain_set_hwirq_and_chip(d,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1132 irq,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1133 hwirq,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1134 gc->irq.chip,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1135 gc);
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1136 /* Otherwise set the flow handler supplied by the gpio driver */
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1137 else
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1138 irq_domain_set_info(d,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1139 irq,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1140 hwirq,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1141 gc->irq.chip,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1142 gc,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1143 girq->handler,
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1144 NULL, NULL);
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1145 irq_set_probe(irq);
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1146 }
fd6b9913190ecb4 Daniel Palmer 2021-09-30 1147
fdd61a013a24f26 Linus Walleij 2019-08-08 1148 return ret;
fdd61a013a24f26 Linus Walleij 2019-08-08 1149 }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Next message: Hans Verkuil: "Re: [PATCH] media: cedrus: Don't kernel map most buffers"
Previous message: Mel Gorman: "Re: [PATCH 2/2] sched/fair: Scale wakeup granularity relative to nr_running"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]