On 12/5/23 5:36 AM, Dan Carpenter wrote:
> Hello Jens Axboe,
>
> This is a semi-automatic email about new static checker warnings.
>
> The patch 5cf4f52e6d8a: "io_uring: free io_buffer_list entries via
> RCU" from Nov 27, 2023, leads to the following Smatch complaint:
>
> io_uring/kbuf.c:766 io_pbuf_get_address()
> warn: variable dereferenced before check 'bl' (see line 764)
>
> io_uring/kbuf.c
> 753 void *io_pbuf_get_address(struct io_ring_ctx *ctx, unsigned long bgid)
> 754 {
> 755 struct io_buffer_list *bl;
> 756
> 757 bl = __io_buffer_get_list(ctx, smp_load_acquire(&ctx->io_bl), bgid);
> 758
> 759 /*
> 760 * Ensure the list is fully setup. Only strictly needed for RCU lookup
> 761 * via mmap, and in that case only for the array indexed groups. For
> 762 * the xarray lookups, it's either visible and ready, or not at all.
> 763 */
> 764 if (!smp_load_acquire(&bl->is_ready))
> ^^^^^
> bl dereferenced here
>
> 765 return NULL;
> 766 if (!bl || !bl->is_mmap)
> ^^^
> Checked for NULL too late.
>
> 767 return NULL;
> 768
> 769 return bl->buf_ring;
> 770 }
Thanks, yeah we should just move the check below the NULL check. I'll
queue up a fixlet.
--
Jens Axboe
