public inbox for [email protected]
 help / color / mirror / Atom feed
* [bug report] io_uring: return iovec from __io_import_iovec
@ 2021-11-08 13:49 Dan Carpenter
  2021-11-08 15:19 ` Pavel Begunkov
  0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2021-11-08 13:49 UTC (permalink / raw)
  To: asml.silence; +Cc: io-uring

Hello Pavel Begunkov,

The patch caa8fe6e86fd: "io_uring: return iovec from
__io_import_iovec" from Oct 15, 2021, leads to the following Smatch
static checker warning:

	fs/io_uring.c:3218 __io_import_iovec()
	warn: passing zero to 'ERR_PTR'

fs/io_uring.c
    3178 static struct iovec *__io_import_iovec(int rw, struct io_kiocb *req,
    3179                                        struct io_rw_state *s,
    3180                                        unsigned int issue_flags)
    3181 {
    3182         struct iov_iter *iter = &s->iter;
    3183         u8 opcode = req->opcode;
    3184         struct iovec *iovec;
    3185         void __user *buf;
    3186         size_t sqe_len;
    3187         ssize_t ret;
    3188 
    3189         BUILD_BUG_ON(ERR_PTR(0) != NULL);

This is super paranoid.  :P

    3190 
    3191         if (opcode == IORING_OP_READ_FIXED || opcode == IORING_OP_WRITE_FIXED)
    3192                 return ERR_PTR(io_import_fixed(req, rw, iter));
    3193 
    3194         /* buffer index only valid with fixed read/write, or buffer select  */
    3195         if (unlikely(req->buf_index && !(req->flags & REQ_F_BUFFER_SELECT)))
    3196                 return ERR_PTR(-EINVAL);
    3197 
    3198         buf = u64_to_user_ptr(req->rw.addr);
    3199         sqe_len = req->rw.len;
    3200 
    3201         if (opcode == IORING_OP_READ || opcode == IORING_OP_WRITE) {
    3202                 if (req->flags & REQ_F_BUFFER_SELECT) {
    3203                         buf = io_rw_buffer_select(req, &sqe_len, issue_flags);
    3204                         if (IS_ERR(buf))
    3205                                 return ERR_CAST(buf);
    3206                         req->rw.len = sqe_len;
    3207                 }
    3208 
    3209                 ret = import_single_range(rw, buf, sqe_len, s->fast_iov, iter);
    3210                 return ERR_PTR(ret);

This return and

    3211         }
    3212 
    3213         iovec = s->fast_iov;
    3214         if (req->flags & REQ_F_BUFFER_SELECT) {
    3215                 ret = io_iov_buffer_select(req, iovec, issue_flags);
    3216                 if (!ret)
    3217                         iov_iter_init(iter, rw, iovec, 1, iovec->iov_len);
--> 3218                 return ERR_PTR(ret);

this return return NULL on success and it's intentional, but there is
no documentation so you have to fall back to `git log -p` to understand
what's going on...  :/

    3219         }
    3220 
    3221         ret = __import_iovec(rw, buf, sqe_len, UIO_FASTIOV, &iovec, iter,
    3222                               req->ctx->compat);
    3223         if (unlikely(ret < 0))
    3224                 return ERR_PTR(ret);
    3225         return iovec;
    3226 }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [bug report] io_uring: return iovec from __io_import_iovec
  2021-11-08 13:49 [bug report] io_uring: return iovec from __io_import_iovec Dan Carpenter
@ 2021-11-08 15:19 ` Pavel Begunkov
  2021-11-08 15:30   ` Dan Carpenter
  0 siblings, 1 reply; 3+ messages in thread
From: Pavel Begunkov @ 2021-11-08 15:19 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: io-uring

On 11/8/21 13:49, Dan Carpenter wrote:
> Hello Pavel Begunkov,
> 
> The patch caa8fe6e86fd: "io_uring: return iovec from
> __io_import_iovec" from Oct 15, 2021, leads to the following Smatch
> static checker warning:
> 
> 	fs/io_uring.c:3218 __io_import_iovec()
> 	warn: passing zero to 'ERR_PTR'
> 
[...]
>      3188
>      3189         BUILD_BUG_ON(ERR_PTR(0) != NULL);
> 
> This is super paranoid.  :P

A bit, but gives an idea about assumptions

>      3209                 ret = import_single_range(rw, buf, sqe_len, s->fast_iov, iter);
>      3210                 return ERR_PTR(ret);

if (ret)
	return ERR_PTR(ret);
return NULL;

How about this? I have some hope in compilers, should be
optimised out

-- 
Pavel Begunkov

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [bug report] io_uring: return iovec from __io_import_iovec
  2021-11-08 15:19 ` Pavel Begunkov
@ 2021-11-08 15:30   ` Dan Carpenter
  0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2021-11-08 15:30 UTC (permalink / raw)
  To: Pavel Begunkov; +Cc: io-uring

On Mon, Nov 08, 2021 at 03:19:21PM +0000, Pavel Begunkov wrote:
> On 11/8/21 13:49, Dan Carpenter wrote:
> > Hello Pavel Begunkov,
> > 
> > The patch caa8fe6e86fd: "io_uring: return iovec from
> > __io_import_iovec" from Oct 15, 2021, leads to the following Smatch
> > static checker warning:
> > 
> > 	fs/io_uring.c:3218 __io_import_iovec()
> > 	warn: passing zero to 'ERR_PTR'
> > 
> [...]
> >      3188
> >      3189         BUILD_BUG_ON(ERR_PTR(0) != NULL);
> > 
> > This is super paranoid.  :P
> 
> A bit, but gives an idea about assumptions
> 
> >      3209                 ret = import_single_range(rw, buf, sqe_len, s->fast_iov, iter);
> >      3210                 return ERR_PTR(ret);
> 
> if (ret)
> 	return ERR_PTR(ret);
> return NULL;
> 
> How about this? I have some hope in compilers, should be
> optimised out

The code is fine, but it's hard to know when it's going to return NULL
vs a valid pointer.  It just needs a comment.

regards,
dan carpenter


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-11-08 15:45 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-11-08 13:49 [bug report] io_uring: return iovec from __io_import_iovec Dan Carpenter
2021-11-08 15:19 ` Pavel Begunkov
2021-11-08 15:30   ` Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox