Static analysis of return code propagation

A journey of using sparse to statically analyze and detect cases where return codes are returned, and overruled within a driver before they are able to reach a generic subsystem API or user-space.

In 2024, while working on some flower patches for the Linux kernel, I stumbled upon a few bugs[1][2][3] in the qede driver.

As an example: A static int helper function could return a number of return codes, but the only caller just used it for a non-zero check, and if so always returns -EINVAL, regardless of the error code returned by the callee.

This class of errors seemed like a good candidate for static analysis. As these bugs had been around and undetected for a long time, I decided to take a stab at it.