Hello Trond Myklebust,
The patch a52a8a6adad9: "NFS: Simplify struct nfs_cache_array_entry"
from Nov 1, 2020, leads to the following Smatch static checker
warning:
fs/nfs/dir.c:226 nfs_readdir_clear_array()
warn: uncapped user loop index 'i'
fs/nfs/dir.c
219 static void nfs_readdir_clear_array(struct page *page)
220 {
221 struct nfs_cache_array *array;
222 unsigned int i;
223
224 array = kmap_atomic(page);
225 for (i = 0; i < array->size; i++)
--> 226 kfree(array->array[i].name);
I guess I don't really understand how kmap() works. I thought it was
for mapping userspace memory into kernel space. So Smatch marks "array"
as untrusted user controlled data.
How should smatch treat kmap()?
227 array->size = 0;
228 kunmap_atomic(array);
229 }
regards,
dan carpenter
