arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before check 'curfps' (see line 1559)
9:16 p.m.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: dd81e1c7d5fb126e5fbc5c9e334d7b3ec29a16a0
commit: c270ce393dfd700e7510a4579568deeefba954fd x86/fpu: Add guest support to
xfd_enable_feature()
config: x86_64-randconfig-m001-20220124
(https://download.01.org/0day-ci/archive/20220125/202201250223.SYDiQopU-lk...)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp(a)intel.com>
Reported-by: Dan Carpenter <dan.carpenter(a)oracle.com>
New smatch warnings:
arch/x86/kernel/fpu/xstate.c:1580 fpstate_realloc() warn: variable dereferenced before
check 'curfps' (see line 1559)
vim +/curfps +1580 arch/x86/kernel/fpu/xstate.c
500afbf645a040 Chang S. Bae 2021-10-21 1517 static int fpstate_realloc(u64 xfeatures,
unsigned int ksize,
c270ce393dfd70 Thomas Gleixner 2022-01-05 1518 unsigned int usize, struct
fpu_guest *guest_fpu)
500afbf645a040 Chang S. Bae 2021-10-21 1519 {
500afbf645a040 Chang S. Bae 2021-10-21 1520 struct fpu *fpu =
¤t->thread.fpu;
500afbf645a040 Chang S. Bae 2021-10-21 1521 struct fpstate *curfps, *newfps = NULL;
500afbf645a040 Chang S. Bae 2021-10-21 1522 unsigned int fpsize;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1523 bool in_use;
500afbf645a040 Chang S. Bae 2021-10-21 1524
500afbf645a040 Chang S. Bae 2021-10-21 1525 fpsize = ksize + ALIGN(offsetof(struct
fpstate, regs), 64);
500afbf645a040 Chang S. Bae 2021-10-21 1526
500afbf645a040 Chang S. Bae 2021-10-21 1527 newfps = vzalloc(fpsize);
500afbf645a040 Chang S. Bae 2021-10-21 1528 if (!newfps)
500afbf645a040 Chang S. Bae 2021-10-21 1529 return -ENOMEM;
500afbf645a040 Chang S. Bae 2021-10-21 1530 newfps->size = ksize;
500afbf645a040 Chang S. Bae 2021-10-21 1531 newfps->user_size = usize;
500afbf645a040 Chang S. Bae 2021-10-21 1532 newfps->is_valloc = true;
500afbf645a040 Chang S. Bae 2021-10-21 1533
c270ce393dfd70 Thomas Gleixner 2022-01-05 1534 /*
c270ce393dfd70 Thomas Gleixner 2022-01-05 1535 * When a guest FPU is supplied, use
@guest_fpu->fpstate
c270ce393dfd70 Thomas Gleixner 2022-01-05 1536 * as reference independent whether it
is in use or not.
c270ce393dfd70 Thomas Gleixner 2022-01-05 1537 */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1538 curfps = guest_fpu ?
guest_fpu->fpstate : fpu->fpstate;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1539
c270ce393dfd70 Thomas Gleixner 2022-01-05 1540 /* Determine whether @curfps is the
active fpstate */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1541 in_use = fpu->fpstate == curfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1542
c270ce393dfd70 Thomas Gleixner 2022-01-05 1543 if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1544 newfps->is_guest = true;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1545 newfps->is_confidential =
curfps->is_confidential;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1546 newfps->in_use = curfps->in_use;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1547 guest_fpu->xfeatures |= xfeatures;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1548 }
c270ce393dfd70 Thomas Gleixner 2022-01-05 1549
500afbf645a040 Chang S. Bae 2021-10-21 1550 fpregs_lock();
500afbf645a040 Chang S. Bae 2021-10-21 1551 /*
c270ce393dfd70 Thomas Gleixner 2022-01-05 1552 * If @curfps is in use, ensure that the
current state is in the
c270ce393dfd70 Thomas Gleixner 2022-01-05 1553 * registers before swapping fpstate as
that might invalidate it
c270ce393dfd70 Thomas Gleixner 2022-01-05 1554 * due to layout changes.
500afbf645a040 Chang S. Bae 2021-10-21 1555 */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1556 if (in_use &&
test_thread_flag(TIF_NEED_FPU_LOAD))
500afbf645a040 Chang S. Bae 2021-10-21 1557 fpregs_restore_userregs();
500afbf645a040 Chang S. Bae 2021-10-21 1558
500afbf645a040 Chang S. Bae 2021-10-21 @1559 newfps->xfeatures =
curfps->xfeatures | xfeatures;
^^^^^^^^^^^^^^^^^
Unchecked dereference
500afbf645a040 Chang S. Bae 2021-10-21 1560 newfps->user_xfeatures =
curfps->user_xfeatures | xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1561 newfps->xfd = curfps->xfd &
~xfeatures;
500afbf645a040 Chang S. Bae 2021-10-21 1562
500afbf645a040 Chang S. Bae 2021-10-21 1563 /* Do the final updates within the
locked region */
500afbf645a040 Chang S. Bae 2021-10-21 1564
xstate_init_xcomp_bv(&newfps->regs.xsave, newfps->xfeatures);
500afbf645a040 Chang S. Bae 2021-10-21 1565
c270ce393dfd70 Thomas Gleixner 2022-01-05 1566 if (guest_fpu) {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1567 guest_fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1568 /* If curfps is active, update the FPU
fpstate pointer */
c270ce393dfd70 Thomas Gleixner 2022-01-05 1569 if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05 1570 fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1571 } else {
c270ce393dfd70 Thomas Gleixner 2022-01-05 1572 fpu->fpstate = newfps;
c270ce393dfd70 Thomas Gleixner 2022-01-05 1573 }
c270ce393dfd70 Thomas Gleixner 2022-01-05 1574
c270ce393dfd70 Thomas Gleixner 2022-01-05 1575 if (in_use)
c270ce393dfd70 Thomas Gleixner 2022-01-05 1576 xfd_update_state(fpu->fpstate);
500afbf645a040 Chang S. Bae 2021-10-21 1577 fpregs_unlock();
500afbf645a040 Chang S. Bae 2021-10-21 1578
c270ce393dfd70 Thomas Gleixner 2022-01-05 1579 /* Only free valloc'ed state */
c270ce393dfd70 Thomas Gleixner 2022-01-05 @1580 if (curfps &&
curfps->is_valloc)
^^^^^^
Checked too late
500afbf645a040 Chang S. Bae 2021-10-21 1581 vfree(curfps);
c270ce393dfd70 Thomas Gleixner 2022-01-05 1582
500afbf645a040 Chang S. Bae 2021-10-21 1583 return 0;
500afbf645a040 Chang S. Bae 2021-10-21 1584 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
237
days inactive
237
days old
0 comments
1 participants
participants (1)
-
Dan Carpenter