tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master head: 4e7a74a6856f8613dab9794da4b5cfb8fd54fb8c commit: 8061ecdca6112c8b5c0e6f0e2268fc64acacebb9 [10012/11713] io_uring: add support for registering ring file descriptors config: i386-randconfig-m031-20220307 (https://download.01.org/0day-ci/archive/20220310/202203100127.ch6HRrXo-lkp@xxxxxxxxx/config) compiler: gcc-9 (Debian 9.3.0-22) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@xxxxxxxxx> New smatch warnings: fs/io_uring.c:10332 __do_sys_io_uring_enter() warn: unsigned 'fd' is never less than zero. fs/io_uring.c:10337 __do_sys_io_uring_enter() warn: potential spectre issue 'tctx->registered_rings' [r] (local cap) fs/io_uring.c:10338 __do_sys_io_uring_enter() warn: possible spectre second half. 'f.file' fs/io_uring.c:10332 __do_sys_io_uring_enter() warn: unsigned 'fd' is never less than zero. fs/io_uring.c:10337 __do_sys_io_uring_enter() warn: potential spectre issue 'tctx->registered_rings' [r] (local cap) fs/io_uring.c:10338 __do_sys_io_uring_enter() warn: possible spectre second half. 'f.file' Old smatch warnings: fs/io_uring.c:5284 io_recv() error: uninitialized symbol 'flags'. fs/io_uring.c:6140 io_timeout_cancel() warn: passing a valid pointer to 'PTR_ERR' fs/io_uring.c:6197 io_timeout_update() warn: passing a valid pointer to 'PTR_ERR' fs/io_uring.c:8468 io_sqe_files_register() error: we previously assumed 'ctx->file_data' could be null (see line 8440) fs/io_uring.c:10347 __do_sys_io_uring_enter() warn: possible spectre second half. 'f.file' fs/io_uring.c:10347 __do_sys_io_uring_enter() warn: possible spectre second half. 'f.file' vim +/fd +10332 fs/io_uring.c 10305 10306 SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit, 10307 u32, min_complete, u32, flags, const void __user *, argp, 10308 size_t, argsz) 10309 { 10310 struct io_ring_ctx *ctx; 10311 int submitted = 0; 10312 struct fd f; 10313 long ret; 10314 10315 io_run_task_work(); 10316 10317 if (unlikely(flags & ~(IORING_ENTER_GETEVENTS | IORING_ENTER_SQ_WAKEUP | 10318 IORING_ENTER_SQ_WAIT | IORING_ENTER_EXT_ARG | 10319 IORING_ENTER_REGISTERED_RING))) 10320 return -EINVAL; 10321 10322 /* 10323 * Ring fd has been registered via IORING_REGISTER_RING_FDS, we 10324 * need only dereference our task private array to find it. 10325 */ 10326 if (flags & IORING_ENTER_REGISTERED_RING) { 10327 struct io_uring_task *tctx = current->io_uring; 10328 10329 if (!tctx) 10330 return -EINVAL; 10331 if (fd != tctx->last_reg_fd) { 10332 if (fd < 0 || fd >= IO_RINGFD_REG_MAX || !tctx) 10333 return -EINVAL; 10334 tctx->last_reg_fd = array_index_nospec(fd, 10335 IO_RINGFD_REG_MAX); 10336 } 10337 f.file = tctx->registered_rings[tctx->last_reg_fd]; 10338 if (unlikely(!f.file)) 10339 return -EBADF; 10340 } else { 10341 f = fdget(fd); 10342 if (unlikely(!f.file)) 10343 return -EBADF; 10344 } 10345 10346 ret = -EOPNOTSUPP; 10347 if (unlikely(f.file->f_op != &io_uring_fops)) 10348 goto out_fput; 10349 10350 ret = -ENXIO; 10351 ctx = f.file->private_data; 10352 if (unlikely(!percpu_ref_tryget(&ctx->refs))) 10353 goto out_fput; 10354 10355 ret = -EBADFD; 10356 if (unlikely(ctx->flags & IORING_SETUP_R_DISABLED)) 10357 goto out; 10358 10359 /* 10360 * For SQ polling, the thread will do all submissions and completions. 10361 * Just return the requested submit count, and wake the thread if 10362 * we were asked to. 10363 */ 10364 ret = 0; 10365 if (ctx->flags & IORING_SETUP_SQPOLL) { 10366 io_cqring_overflow_flush(ctx); 10367 10368 if (unlikely(ctx->sq_data->thread == NULL)) { 10369 ret = -EOWNERDEAD; 10370 goto out; 10371 } 10372 if (flags & IORING_ENTER_SQ_WAKEUP) 10373 wake_up(&ctx->sq_data->wait); 10374 if (flags & IORING_ENTER_SQ_WAIT) { 10375 ret = io_sqpoll_wait_sq(ctx); 10376 if (ret) 10377 goto out; 10378 } 10379 submitted = to_submit; 10380 } else if (to_submit) { 10381 ret = io_uring_add_tctx_node(ctx); 10382 if (unlikely(ret)) 10383 goto out; 10384 mutex_lock(&ctx->uring_lock); 10385 submitted = io_submit_sqes(ctx, to_submit); 10386 mutex_unlock(&ctx->uring_lock); 10387 10388 if (submitted != to_submit) 10389 goto out; 10390 } 10391 if (flags & IORING_ENTER_GETEVENTS) { 10392 const sigset_t __user *sig; 10393 struct __kernel_timespec __user *ts; 10394 10395 ret = io_get_ext_arg(flags, argp, &argsz, &ts, &sig); 10396 if (unlikely(ret)) 10397 goto out; 10398 10399 min_complete = min(min_complete, ctx->cq_entries); 10400 10401 /* 10402 * When SETUP_IOPOLL and SETUP_SQPOLL are both enabled, user 10403 * space applications don't need to do io completion events 10404 * polling again, they can rely on io_sq_thread to do polling 10405 * work, which can reduce cpu usage and uring_lock contention. 10406 */ 10407 if (ctx->flags & IORING_SETUP_IOPOLL && 10408 !(ctx->flags & IORING_SETUP_SQPOLL)) { 10409 ret = io_iopoll_check(ctx, min_complete); 10410 } else { 10411 ret = io_cqring_wait(ctx, min_complete, sig, argsz, ts); 10412 } 10413 } 10414 10415 out: 10416 percpu_ref_put(&ctx->refs); 10417 out_fput: 10418 if (!(flags & IORING_ENTER_REGISTERED_RING)) 10419 fdput(f); 10420 return submitted ? submitted : ret; 10421 } 10422 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
