Hello Dan,

On Fri, Mar 25, 2022 at 5:41 AM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> Hi Hao,
>
> url:    https://github.com/0day-ci/linux/commits/Hao-Luo/Mmapable-task-local-storage/20220325-074313
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git  master
> config: i386-randconfig-m021 (https://download.01.org/0day-ci/archive/20220325/202203251506.EuMlgJWs-lkp(a)intel.com/config )
> compiler: gcc-9 (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> smatch warnings:
> kernel/bpf/bpf_task_storage.c:342 task_storage_map_mmap() error: we previously assumed 'sdata' could be null (see line 327)
>
> vim +/sdata +342 kernel/bpf/bpf_task_storage.c
>
> e8fe1745ccea53 Hao Luo  2022-03-24  310  static int task_storage_map_mmap(struct bpf_map *map, struct vm_area_struct *vma)
> e8fe1745ccea53 Hao Luo  2022-03-24  311  {
> e8fe1745ccea53 Hao Luo  2022-03-24  312         struct bpf_local_storage_map *smap;
> e8fe1745ccea53 Hao Luo  2022-03-24  313         struct bpf_local_storage_data *sdata;
> e8fe1745ccea53 Hao Luo  2022-03-24  314         int err;
> e8fe1745ccea53 Hao Luo  2022-03-24  315
> e8fe1745ccea53 Hao Luo  2022-03-24  316         if (!(map->map_flags & BPF_F_MMAPABLE))
> e8fe1745ccea53 Hao Luo  2022-03-24  317                 return -EINVAL;
> e8fe1745ccea53 Hao Luo  2022-03-24  318
> e8fe1745ccea53 Hao Luo  2022-03-24  319         rcu_read_lock();
> e8fe1745ccea53 Hao Luo  2022-03-24  320         if (!bpf_task_storage_trylock()) {
> e8fe1745ccea53 Hao Luo  2022-03-24  321                 rcu_read_unlock();
> e8fe1745ccea53 Hao Luo  2022-03-24  322                 return -EBUSY;
> e8fe1745ccea53 Hao Luo  2022-03-24  323         }
> e8fe1745ccea53 Hao Luo  2022-03-24  324
> e8fe1745ccea53 Hao Luo  2022-03-24  325         smap = (struct bpf_local_storage_map *)map;
> e8fe1745ccea53 Hao Luo  2022-03-24  326         sdata = task_storage_lookup(current, map, true);
> e8fe1745ccea53 Hao Luo  2022-03-24 @327         if (sdata) {
>                                                     ^^^^^
>
> e8fe1745ccea53 Hao Luo  2022-03-24  328                 err = bpf_local_storage_mmap(smap, sdata->data, vma);
> e8fe1745ccea53 Hao Luo  2022-03-24  329                 goto unlock;
> e8fe1745ccea53 Hao Luo  2022-03-24  330         }
> e8fe1745ccea53 Hao Luo  2022-03-24  331
> e8fe1745ccea53 Hao Luo  2022-03-24  332         /* only allocate new storage, when the task is refcounted */
> e8fe1745ccea53 Hao Luo  2022-03-24  333         if (refcount_read(&current->usage)) {
> e8fe1745ccea53 Hao Luo  2022-03-24  334                 sdata = bpf_local_storage_update(current, smap, NULL,
> e8fe1745ccea53 Hao Luo  2022-03-24  335                                                  BPF_NOEXIST, GFP_ATOMIC);
> e8fe1745ccea53 Hao Luo  2022-03-24  336                 if (IS_ERR(sdata)) {
> e8fe1745ccea53 Hao Luo  2022-03-24  337                         err = PTR_ERR(sdata);
> e8fe1745ccea53 Hao Luo  2022-03-24  338                         goto unlock;
> e8fe1745ccea53 Hao Luo  2022-03-24  339                 }
> e8fe1745ccea53 Hao Luo  2022-03-24  340         }
>
> "sdata" is NULL if refcount_read() returns zero
>

Good catch! I will fix it in my next iteration.

Thanks,
Hao