Re: [bug report] mm: add zblock - new allocator for use via zpool API

Matthew Wilcox <willy@xxxxxxxxxxxxx> · Tue, 22 Nov 2022 03:29:30 +0000

On Fri, Nov 18, 2022 at 03:20:32PM +0300, Dan Carpenter wrote:
> Hello Ananda,
> 
> The patch 9097e28c25c8: "mm: add zblock - new allocator for use via
> zpool API" from Nov 4, 2022, leads to the following Smatch static
> checker warning:
> 
> mm/zblock.c:341 zblock_alloc() error: buffer overflow 'block_desc' 29 <= 29 (assuming for loop doesn't break)
> mm/zblock.c:165 cache_insert_block() error: uninitialized symbol 'min_index'.
> mm/zblock.c:412 zblock_reclaim_block() warn: always true condition '(block_type >= 0) => (0-u64max >= 0)'
> 
> mm/zblock.c
>     297 static int zblock_alloc(struct zblock_pool *pool, size_t size, gfp_t gfp,
>     298                         unsigned long *handle)
>     299 {
>     300         unsigned int block_type, slot;
>     301         struct zblock_block *block;
>     302         struct block_list *list;
>     303 
>     304         if (!size)
>     305                 return -EINVAL;
>     306 
>     307         if (size > PAGE_SIZE)
>     308                 return -ENOSPC;
>     309 
>     310         /* find basic block type with suitable slot size */
>     311         for (block_type = 0; block_type < ARRAY_SIZE(block_desc); block_type++) {
>     312                 if (size <= block_desc[block_type].slot_size)
>     313                         break;
>     314         }
> 
> "size" is always <= PAGE_SIZE.  Is PAGE_SIZE always 4k?  If so then this
> code is fine.  Smatch is bad at handling arrays.

PAGE_SIZE is 8kB on SPARC/Alpha.  It can be 64kB on PPC and ARM.  It can
even be 256kB on one of the weirdo architectures (but, honestly, it's
OK if that breaks; it's not well-tested)..