From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: multipart/mixed; boundary="===============7606997241171081891=="
MIME-Version: 1.0
From: Pavel Begunkov <asml.silence@gmail.com>
To: kbuild-all@lists.01.org
Subject: Re: [block:for-5.13/io_uring 143/149] fs/io_uring.c:8234 io_sqe_buffer_register() warn: this array is probably non-NULL. 'imu->bvec'
Date: Wed, 28 Apr 2021 13:57:44 +0100
Message-ID: <4eebe519-4fc5-9b2d-4698-374eadb7badf@gmail.com>
In-Reply-To: <20210428105200.GV1981@kadam>
List-Id: <oe-kbuild-all.lists.linux.dev>

--===============7606997241171081891==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 4/28/21 11:52 AM, Dan Carpenter wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block=
.git for-5.13/io_uring
> head:   a2a7cc32a5e8cd983912f25a242820107e5613dc
> commit: 41edf1a5ec967bf4bddedb83c48e02dfea8315b4 [143/149] io_uring: keep=
 table of pointers to ubufs
> config: x86_64-randconfig-m031-20210425 (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> =

> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> =

> New smatch warnings:
> fs/io_uring.c:8234 io_sqe_buffer_register() warn: this array is probably =
non-NULL. 'imu->bvec'

already fixed, thanks

> =

> Old smatch warnings:
> fs/io_uring.c:4639 io_recv() error: uninitialized symbol 'flags'.
> fs/io_uring.c:4934 io_poll_double_wake() warn: variable dereferenced befo=
re check 'poll' (see line 4929)
> =

> vim +8234 fs/io_uring.c
> =

> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8205  static int io_sqe_buff=
er_register(struct io_ring_ctx *ctx, struct iovec *iov,
> 41edf1a5ec967b Pavel Begunkov    2021-04-25  8206  				  struct io_mapped=
_ubuf **pimu,
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8207  				  struct page **la=
st_hpage)
> edafccee56ff31 Jens Axboe        2019-01-09  8208  {
> 41edf1a5ec967b Pavel Begunkov    2021-04-25  8209  	struct io_mapped_ubuf=
 *imu =3D NULL;
> edafccee56ff31 Jens Axboe        2019-01-09  8210  	struct vm_area_struct=
 **vmas =3D NULL;
> edafccee56ff31 Jens Axboe        2019-01-09  8211  	struct page **pages =
=3D NULL;
> edafccee56ff31 Jens Axboe        2019-01-09  8212  	unsigned long off, st=
art, end, ubuf;
> edafccee56ff31 Jens Axboe        2019-01-09  8213  	size_t size;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8214  	int ret, pret, nr_pag=
es, i;
> edafccee56ff31 Jens Axboe        2019-01-09  8215  =

> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8216  	ubuf =3D (unsigned lo=
ng) iov->iov_base;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8217  	end =3D (ubuf + iov->=
iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT;
> edafccee56ff31 Jens Axboe        2019-01-09  8218  	start =3D ubuf >> PAG=
E_SHIFT;
> edafccee56ff31 Jens Axboe        2019-01-09  8219  	nr_pages =3D end - st=
art;
> edafccee56ff31 Jens Axboe        2019-01-09  8220  =

> 41edf1a5ec967b Pavel Begunkov    2021-04-25  8221  	*pimu =3D NULL;
> edafccee56ff31 Jens Axboe        2019-01-09  8222  	ret =3D -ENOMEM;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8223  =

> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8224  	pages =3D kvmalloc_ar=
ray(nr_pages, sizeof(struct page *), GFP_KERNEL);
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8225  	if (!pages)
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8226  		goto done;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8227  =

> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8228  	vmas =3D kvmalloc_arr=
ay(nr_pages, sizeof(struct vm_area_struct *),
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8229  			      GFP_KERNEL);
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8230  	if (!vmas)
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8231  		goto done;
> edafccee56ff31 Jens Axboe        2019-01-09  8232  =

> 41edf1a5ec967b Pavel Begunkov    2021-04-25  8233  	imu =3D kvmalloc(stru=
ct_size(imu, bvec, nr_pages), GFP_KERNEL);
> de2939388be564 Jens Axboe        2020-09-17 @8234  	if (!imu->bvec)
> =

> This should be "if (!imu)"
> =

> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8235  		goto done;
> edafccee56ff31 Jens Axboe        2019-01-09  8236  =

> edafccee56ff31 Jens Axboe        2019-01-09  8237  	ret =3D 0;
> d8ed45c5dcd455 Michel Lespinasse 2020-06-08  8238  	mmap_read_lock(curren=
t->mm);
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8239  	pret =3D pin_user_pag=
es(ubuf, nr_pages, FOLL_WRITE | FOLL_LONGTERM,
> edafccee56ff31 Jens Axboe        2019-01-09  8240  			      pages, vmas);
> edafccee56ff31 Jens Axboe        2019-01-09  8241  	if (pret =3D=3D nr_pa=
ges) {
> edafccee56ff31 Jens Axboe        2019-01-09  8242  		/* don't support fil=
e backed memory */
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8243  		for (i =3D 0; i < nr=
_pages; i++) {
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8244  			struct vm_area_stru=
ct *vma =3D vmas[i];
> edafccee56ff31 Jens Axboe        2019-01-09  8245  =

> edafccee56ff31 Jens Axboe        2019-01-09  8246  			if (vma->vm_file &&
> edafccee56ff31 Jens Axboe        2019-01-09  8247  			    !is_file_hugepa=
ges(vma->vm_file)) {
> edafccee56ff31 Jens Axboe        2019-01-09  8248  				ret =3D -EOPNOTSUP=
P;
> edafccee56ff31 Jens Axboe        2019-01-09  8249  				break;
> edafccee56ff31 Jens Axboe        2019-01-09  8250  			}
> edafccee56ff31 Jens Axboe        2019-01-09  8251  		}
> edafccee56ff31 Jens Axboe        2019-01-09  8252  	} else {
> edafccee56ff31 Jens Axboe        2019-01-09  8253  		ret =3D pret < 0 ? p=
ret : -EFAULT;
> edafccee56ff31 Jens Axboe        2019-01-09  8254  	}
> d8ed45c5dcd455 Michel Lespinasse 2020-06-08  8255  	mmap_read_unlock(curr=
ent->mm);
> edafccee56ff31 Jens Axboe        2019-01-09  8256  	if (ret) {
> edafccee56ff31 Jens Axboe        2019-01-09  8257  		/*
> edafccee56ff31 Jens Axboe        2019-01-09  8258  		 * if we did partial=
 map, or found file backed vmas,
> edafccee56ff31 Jens Axboe        2019-01-09  8259  		 * release any pages=
 we did get
> edafccee56ff31 Jens Axboe        2019-01-09  8260  		 */
> 27c4d3a3252fa6 John Hubbard      2019-08-04  8261  		if (pret > 0)
> f1f6a7dd9b53aa John Hubbard      2020-01-30  8262  			unpin_user_pages(pa=
ges, pret);
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8263  		goto done;
> de2939388be564 Jens Axboe        2020-09-17  8264  	}
> de2939388be564 Jens Axboe        2020-09-17  8265  =

> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8266  	ret =3D io_buffer_acc=
ount_pin(ctx, pages, pret, imu, last_hpage);
> de2939388be564 Jens Axboe        2020-09-17  8267  	if (ret) {
> de2939388be564 Jens Axboe        2020-09-17  8268  		unpin_user_pages(pag=
es, pret);
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8269  		goto done;
> edafccee56ff31 Jens Axboe        2019-01-09  8270  	}
> edafccee56ff31 Jens Axboe        2019-01-09  8271  =

> edafccee56ff31 Jens Axboe        2019-01-09  8272  	off =3D ubuf & ~PAGE_=
MASK;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8273  	size =3D iov->iov_len;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8274  	for (i =3D 0; i < nr_=
pages; i++) {
> edafccee56ff31 Jens Axboe        2019-01-09  8275  		size_t vec_len;
> edafccee56ff31 Jens Axboe        2019-01-09  8276  =

> edafccee56ff31 Jens Axboe        2019-01-09  8277  		vec_len =3D min_t(si=
ze_t, size, PAGE_SIZE - off);
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8278  		imu->bvec[i].bv_page=
 =3D pages[i];
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8279  		imu->bvec[i].bv_len =
=3D vec_len;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8280  		imu->bvec[i].bv_offs=
et =3D off;
> edafccee56ff31 Jens Axboe        2019-01-09  8281  		off =3D 0;
> edafccee56ff31 Jens Axboe        2019-01-09  8282  		size -=3D vec_len;
> edafccee56ff31 Jens Axboe        2019-01-09  8283  	}
> edafccee56ff31 Jens Axboe        2019-01-09  8284  	/* store original add=
ress for later verification */
> edafccee56ff31 Jens Axboe        2019-01-09  8285  	imu->ubuf =3D ubuf;
> 4751f53d74a688 Pavel Begunkov    2021-04-01  8286  	imu->ubuf_end =3D ubu=
f + iov->iov_len;
> edafccee56ff31 Jens Axboe        2019-01-09  8287  	imu->nr_bvecs =3D nr_=
pages;
> 41edf1a5ec967b Pavel Begunkov    2021-04-25  8288  	*pimu =3D imu;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8289  	ret =3D 0;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8290  done:
> 41edf1a5ec967b Pavel Begunkov    2021-04-25  8291  	if (ret)
> 41edf1a5ec967b Pavel Begunkov    2021-04-25  8292  		kvfree(imu);
> d4ef647510b120 Mark Rutland      2019-05-01  8293  	kvfree(pages);
> d4ef647510b120 Mark Rutland      2019-05-01  8294  	kvfree(vmas);
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8295  	return ret;
> 0a96bbe49994a4 Bijan Mottahedeh  2021-01-06  8296  }
> =

> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
> =


-- =

Pavel Begunkov
--===============7606997241171081891==--