[bug report] io_uring: return iovec from __io_import_iovec

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Pavel Begunkov,

The patch caa8fe6e86fd: "io_uring: return iovec from
__io_import_iovec" from Oct 15, 2021, leads to the following Smatch
static checker warning:

	fs/io_uring.c:3218 __io_import_iovec()
	warn: passing zero to 'ERR_PTR'

fs/io_uring.c
    3178 static struct iovec *__io_import_iovec(int rw, struct io_kiocb *req,
    3179                                        struct io_rw_state *s,
    3180                                        unsigned int issue_flags)
    3181 {
    3182         struct iov_iter *iter = &s->iter;
    3183         u8 opcode = req->opcode;
    3184         struct iovec *iovec;
    3185         void __user *buf;
    3186         size_t sqe_len;
    3187         ssize_t ret;
    3188 
    3189         BUILD_BUG_ON(ERR_PTR(0) != NULL);

This is super paranoid.  :P

    3190 
    3191         if (opcode == IORING_OP_READ_FIXED || opcode == IORING_OP_WRITE_FIXED)
    3192                 return ERR_PTR(io_import_fixed(req, rw, iter));
    3193 
    3194         /* buffer index only valid with fixed read/write, or buffer select  */
    3195         if (unlikely(req->buf_index && !(req->flags & REQ_F_BUFFER_SELECT)))
    3196                 return ERR_PTR(-EINVAL);
    3197 
    3198         buf = u64_to_user_ptr(req->rw.addr);
    3199         sqe_len = req->rw.len;
    3200 
    3201         if (opcode == IORING_OP_READ || opcode == IORING_OP_WRITE) {
    3202                 if (req->flags & REQ_F_BUFFER_SELECT) {
    3203                         buf = io_rw_buffer_select(req, &sqe_len, issue_flags);
    3204                         if (IS_ERR(buf))
    3205                                 return ERR_CAST(buf);
    3206                         req->rw.len = sqe_len;
    3207                 }
    3208 
    3209                 ret = import_single_range(rw, buf, sqe_len, s->fast_iov, iter);
    3210                 return ERR_PTR(ret);

This return and

    3211         }
    3212 
    3213         iovec = s->fast_iov;
    3214         if (req->flags & REQ_F_BUFFER_SELECT) {
    3215                 ret = io_iov_buffer_select(req, iovec, issue_flags);
    3216                 if (!ret)
    3217                         iov_iter_init(iter, rw, iovec, 1, iovec->iov_len);
--> 3218                 return ERR_PTR(ret);

this return return NULL on success and it's intentional, but there is
no documentation so you have to fall back to `git log -p` to understand
what's going on...  :/

    3219         }
    3220 
    3221         ret = __import_iovec(rw, buf, sqe_len, UIO_FASTIOV, &iovec, iter,
    3222                               req->ctx->compat);
    3223         if (unlikely(ret < 0))
    3224                 return ERR_PTR(ret);
    3225         return iovec;
    3226 }

regards,
dan carpenter
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux