Hi Dan
If you look at vfio_ccw_mdev_ioctl() in drivers/s390/cio/vfio_ccw_ops.c,
and vfio_ap_mdev_get_device_info() in drivers/s390/crypto/vfio_ap_ops.c,
there are examples of functions that can both return -Esomething as well
as may return the return value of a copy_{to,from}_user directly (i.e.,
in case of error some positive number).
[Those "return copy_to_user();" should probably all be changed to
"return copy_to_user() ? -EFAULT : 0;" - cc'ing the s390 list in case
the maintainers want to do that.]
Can smatch detect such cases? I seem to recall it has some concept of
tagging a function as "returning -Efoo or 0", so it would also need to
know that copy_{to,from}_user does not return -Efoo. And it also needs
to follow the control flow, so
ret = copy_to_user();
if (ret)
return -EIO;
something_else;
return ret; /* this is 0 */
doesn't trigger. And there's gonna be some false positives around signal
frame setup, which do a lot of "err |= foo(); err |= bar()" where foo()
report errors as -Exxx and bar can be a copy_to_user(), but in the end
err is only checked against 0.
Rasmus
