All of lore.kernel.org
 help / color / mirror / Atom feed
* [bug report] xen-blkback: don't "handle" error by BUG()
@ 2021-02-19  8:59 Dan Carpenter
  2021-02-19 11:07 ` Jan Beulich
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2021-02-19  8:59 UTC (permalink / raw)
  To: jbeulich; +Cc: xen-devel

Hello Jan Beulich,

The patch 5a264285ed1c: "xen-blkback: don't "handle" error by BUG()"
from Feb 15, 2021, leads to the following static checker warning:

	drivers/block/xen-blkback/blkback.c:836 xen_blkbk_map()
	warn: should this be a bitwise negate mask?

drivers/block/xen-blkback/blkback.c
   823           * Now swizzle the MFN in our domain with the MFN from the other domain
   824           * so that when we access vaddr(pending_req,i) it has the contents of
   825           * the page from the other domain.
   826           */
   827          for (seg_idx = last_map, new_map_idx = 0; seg_idx < map_until; seg_idx++) {
   828                  if (!pages[seg_idx]->persistent_gnt) {
   829                          /* This is a newly mapped grant */
   830                          BUG_ON(new_map_idx >= segs_to_map);
   831                          if (unlikely(map[new_map_idx].status != 0)) {
   832                                  pr_debug("invalid buffer -- could not remap it\n");
   833                                  gnttab_page_cache_put(&ring->free_pages,
   834                                                        &pages[seg_idx]->page, 1);
   835                                  pages[seg_idx]->handle = BLKBACK_INVALID_HANDLE;
   836                                  ret |= !ret;

Originally this code was:

	ret |= 1;

Now it's equivalent to:

	if (!ret)
		ret = 1;

This is the second user of this idiom in the kernel.  Both were
introduced in the last month so maybe it's a new trend or something...
Anyway.  False positive warning.

But my main question isn't really related to this patch.  What does
the 1 mean in this context?  I always feel like there should be
documentation when functions return a mix of error codes, zero and one
but there isn't any here.

I have reviewed this and so far as I can see setting "ret = 1;" is
always treated exactly the same as an error code by everything.  Every
single place where this is checked just checks for ret is zero.  The
value is propagated two functions back and then it becomes -EIO.

???

   837                                  goto next;
   838                          }
   839                          pages[seg_idx]->handle = map[new_map_idx].handle;
   840                  } else {
   841                          continue;
   842                  }
   843                  if (use_persistent_gnts &&

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [bug report] xen-blkback: don't "handle" error by BUG()
  2021-02-19  8:59 [bug report] xen-blkback: don't "handle" error by BUG() Dan Carpenter
@ 2021-02-19 11:07 ` Jan Beulich
  0 siblings, 0 replies; 2+ messages in thread
From: Jan Beulich @ 2021-02-19 11:07 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: xen-devel

On 19.02.2021 09:59, Dan Carpenter wrote:
> Hello Jan Beulich,
> 
> The patch 5a264285ed1c: "xen-blkback: don't "handle" error by BUG()"
> from Feb 15, 2021, leads to the following static checker warning:
> 
> 	drivers/block/xen-blkback/blkback.c:836 xen_blkbk_map()
> 	warn: should this be a bitwise negate mask?
> 
> drivers/block/xen-blkback/blkback.c
>    823           * Now swizzle the MFN in our domain with the MFN from the other domain
>    824           * so that when we access vaddr(pending_req,i) it has the contents of
>    825           * the page from the other domain.
>    826           */
>    827          for (seg_idx = last_map, new_map_idx = 0; seg_idx < map_until; seg_idx++) {
>    828                  if (!pages[seg_idx]->persistent_gnt) {
>    829                          /* This is a newly mapped grant */
>    830                          BUG_ON(new_map_idx >= segs_to_map);
>    831                          if (unlikely(map[new_map_idx].status != 0)) {
>    832                                  pr_debug("invalid buffer -- could not remap it\n");
>    833                                  gnttab_page_cache_put(&ring->free_pages,
>    834                                                        &pages[seg_idx]->page, 1);
>    835                                  pages[seg_idx]->handle = BLKBACK_INVALID_HANDLE;
>    836                                  ret |= !ret;
> 
> Originally this code was:
> 
> 	ret |= 1;
> 
> Now it's equivalent to:
> 
> 	if (!ret)
> 		ret = 1;
> 
> This is the second user of this idiom in the kernel.  Both were
> introduced in the last month so maybe it's a new trend or something...
> Anyway.  False positive warning.
> 
> But my main question isn't really related to this patch.  What does
> the 1 mean in this context?  I always feel like there should be
> documentation when functions return a mix of error codes, zero and one
> but there isn't any here.

I agree. The literal 1 was there before, and the security fix
was not a good place to change this. I suppose you really
should ask whoever introduced that use of literal 1. I find
this as odd as you do, and ...

> I have reviewed this and so far as I can see setting "ret = 1;" is
> always treated exactly the same as an error code by everything.  Every
> single place where this is checked just checks for ret is zero.  The
> value is propagated two functions back and then it becomes -EIO.

... I've come to the same conclusions.

Jan


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-02-19 11:07 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-19  8:59 [bug report] xen-blkback: don't "handle" error by BUG() Dan Carpenter
2021-02-19 11:07 ` Jan Beulich

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.