* [bug report] io_uring: return iovec from __io_import_iovec
@ 2021-11-08 13:49 Dan Carpenter
2021-11-08 15:19 ` Pavel Begunkov
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2021-11-08 13:49 UTC (permalink / raw)
To: asml.silence; +Cc: io-uring
Hello Pavel Begunkov,
The patch caa8fe6e86fd: "io_uring: return iovec from
__io_import_iovec" from Oct 15, 2021, leads to the following Smatch
static checker warning:
fs/io_uring.c:3218 __io_import_iovec()
warn: passing zero to 'ERR_PTR'
fs/io_uring.c
3178 static struct iovec *__io_import_iovec(int rw, struct io_kiocb *req,
3179 struct io_rw_state *s,
3180 unsigned int issue_flags)
3181 {
3182 struct iov_iter *iter = &s->iter;
3183 u8 opcode = req->opcode;
3184 struct iovec *iovec;
3185 void __user *buf;
3186 size_t sqe_len;
3187 ssize_t ret;
3188
3189 BUILD_BUG_ON(ERR_PTR(0) != NULL);
This is super paranoid. :P
3190
3191 if (opcode == IORING_OP_READ_FIXED || opcode == IORING_OP_WRITE_FIXED)
3192 return ERR_PTR(io_import_fixed(req, rw, iter));
3193
3194 /* buffer index only valid with fixed read/write, or buffer select */
3195 if (unlikely(req->buf_index && !(req->flags & REQ_F_BUFFER_SELECT)))
3196 return ERR_PTR(-EINVAL);
3197
3198 buf = u64_to_user_ptr(req->rw.addr);
3199 sqe_len = req->rw.len;
3200
3201 if (opcode == IORING_OP_READ || opcode == IORING_OP_WRITE) {
3202 if (req->flags & REQ_F_BUFFER_SELECT) {
3203 buf = io_rw_buffer_select(req, &sqe_len, issue_flags);
3204 if (IS_ERR(buf))
3205 return ERR_CAST(buf);
3206 req->rw.len = sqe_len;
3207 }
3208
3209 ret = import_single_range(rw, buf, sqe_len, s->fast_iov, iter);
3210 return ERR_PTR(ret);
This return and
3211 }
3212
3213 iovec = s->fast_iov;
3214 if (req->flags & REQ_F_BUFFER_SELECT) {
3215 ret = io_iov_buffer_select(req, iovec, issue_flags);
3216 if (!ret)
3217 iov_iter_init(iter, rw, iovec, 1, iovec->iov_len);
--> 3218 return ERR_PTR(ret);
this return return NULL on success and it's intentional, but there is
no documentation so you have to fall back to `git log -p` to understand
what's going on... :/
3219 }
3220
3221 ret = __import_iovec(rw, buf, sqe_len, UIO_FASTIOV, &iovec, iter,
3222 req->ctx->compat);
3223 if (unlikely(ret < 0))
3224 return ERR_PTR(ret);
3225 return iovec;
3226 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bug report] io_uring: return iovec from __io_import_iovec
2021-11-08 13:49 [bug report] io_uring: return iovec from __io_import_iovec Dan Carpenter
@ 2021-11-08 15:19 ` Pavel Begunkov
2021-11-08 15:30 ` Dan Carpenter
0 siblings, 1 reply; 3+ messages in thread
From: Pavel Begunkov @ 2021-11-08 15:19 UTC (permalink / raw)
To: Dan Carpenter; +Cc: io-uring
On 11/8/21 13:49, Dan Carpenter wrote:
> Hello Pavel Begunkov,
>
> The patch caa8fe6e86fd: "io_uring: return iovec from
> __io_import_iovec" from Oct 15, 2021, leads to the following Smatch
> static checker warning:
>
> fs/io_uring.c:3218 __io_import_iovec()
> warn: passing zero to 'ERR_PTR'
>
[...]
> 3188
> 3189 BUILD_BUG_ON(ERR_PTR(0) != NULL);
>
> This is super paranoid. :P
A bit, but gives an idea about assumptions
> 3209 ret = import_single_range(rw, buf, sqe_len, s->fast_iov, iter);
> 3210 return ERR_PTR(ret);
if (ret)
return ERR_PTR(ret);
return NULL;
How about this? I have some hope in compilers, should be
optimised out
--
Pavel Begunkov
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [bug report] io_uring: return iovec from __io_import_iovec
2021-11-08 15:19 ` Pavel Begunkov
@ 2021-11-08 15:30 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2021-11-08 15:30 UTC (permalink / raw)
To: Pavel Begunkov; +Cc: io-uring
On Mon, Nov 08, 2021 at 03:19:21PM +0000, Pavel Begunkov wrote:
> On 11/8/21 13:49, Dan Carpenter wrote:
> > Hello Pavel Begunkov,
> >
> > The patch caa8fe6e86fd: "io_uring: return iovec from
> > __io_import_iovec" from Oct 15, 2021, leads to the following Smatch
> > static checker warning:
> >
> > fs/io_uring.c:3218 __io_import_iovec()
> > warn: passing zero to 'ERR_PTR'
> >
> [...]
> > 3188
> > 3189 BUILD_BUG_ON(ERR_PTR(0) != NULL);
> >
> > This is super paranoid. :P
>
> A bit, but gives an idea about assumptions
>
> > 3209 ret = import_single_range(rw, buf, sqe_len, s->fast_iov, iter);
> > 3210 return ERR_PTR(ret);
>
> if (ret)
> return ERR_PTR(ret);
> return NULL;
>
> How about this? I have some hope in compilers, should be
> optimised out
The code is fine, but it's hard to know when it's going to return NULL
vs a valid pointer. It just needs a comment.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-11-08 15:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-08 13:49 [bug report] io_uring: return iovec from __io_import_iovec Dan Carpenter
2021-11-08 15:19 ` Pavel Begunkov
2021-11-08 15:30 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox