From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org
Subject: [block:dio-mem-align 1/3] fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
Date: Mon, 15 Feb 2021 15:18:53 +0300 [thread overview]
Message-ID: <20210215121853.GG2087@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 6252 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git dio-mem-align
head: 3d6ef82805958611e8ffa0a901c014b6f066c3e6
commit: 446db6bc49cd5c4a77daffbbcbe0cf69ff7a62e0 [1/3] fs: relax memory alignment restriction for O_DIRECT
config: x86_64-randconfig-m001-20210211 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
vim +/bdev +1177 fs/direct-io.c
65dd2aa90aa17a Andi Kleen 2012-01-12 1125 static inline ssize_t
17f8c842d24ac0 Omar Sandoval 2015-03-16 1126 do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode,
17f8c842d24ac0 Omar Sandoval 2015-03-16 1127 struct block_device *bdev, struct iov_iter *iter,
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1128 get_block_t get_block, dio_iodone_t end_io,
facd07b07d2a79 Josef Bacik 2010-05-23 1129 dio_submit_t submit_io, int flags)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1130 {
6aa7de059173a9 Mark Rutland 2017-10-23 1131 unsigned i_blkbits = READ_ONCE(inode->i_blkbits);
446db6bc49cd5c Jens Axboe 2021-02-11 @1132 struct request_queue *q = bdev_get_queue(bdev);
^^^^
Dereferenced inside the function (I didn't double check. #trustTheMachine)
ab73857e354ab9 Linus Torvalds 2012-11-29 1133 unsigned blkbits = i_blkbits;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1134 unsigned blocksize_mask = (1 << blkbits) - 1;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1135 ssize_t retval = -EINVAL;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1136 const size_t count = iov_iter_count(iter);
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1137 loff_t offset = iocb->ki_pos;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1138 const loff_t end = offset + count;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1139 struct dio *dio;
eb28be2b4c0a06 Andi Kleen 2011-08-01 1140 struct dio_submit sdio = { 0, };
847cc6371ba820 Andi Kleen 2011-08-01 1141 struct buffer_head map_bh = { 0, };
647d1e4c523576 Fengguang Wu 2012-08-09 1142 struct blk_plug plug;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1143
65dd2aa90aa17a Andi Kleen 2012-01-12 1144 /*
65dd2aa90aa17a Andi Kleen 2012-01-12 1145 * Avoid references to bdev if not absolutely needed to give
65dd2aa90aa17a Andi Kleen 2012-01-12 1146 * the early prefetch in the caller enough time.
65dd2aa90aa17a Andi Kleen 2012-01-12 1147 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1148
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1149 /* watch out for a 0 len io from a tricksy fs */
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1150 if (iov_iter_rw(iter) == READ && !count)
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1151 return 0;
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1152
6e8267f532a171 Andi Kleen 2011-08-01 1153 dio = kmem_cache_alloc(dio_cache, GFP_KERNEL);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1154 if (!dio)
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1155 return -ENOMEM;
23aee091d804ef Jeff Moyer 2009-12-15 1156 /*
23aee091d804ef Jeff Moyer 2009-12-15 1157 * Believe it or not, zeroing out the page array caused a .5%
23aee091d804ef Jeff Moyer 2009-12-15 1158 * performance regression in a database benchmark. So, we take
23aee091d804ef Jeff Moyer 2009-12-15 1159 * care to only zero out what's needed.
23aee091d804ef Jeff Moyer 2009-12-15 1160 */
23aee091d804ef Jeff Moyer 2009-12-15 1161 memset(dio, 0, offsetof(struct dio, pages));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1162
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1163 dio->flags = flags;
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1164 if (dio->flags & DIO_LOCKING && iov_iter_rw(iter) == READ) {
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1165 /* will be released by direct_io_worker */
5955102c9984fa Al Viro 2016-01-22 1166 inode_lock(inode);
df2d6f26586f12 Christoph Hellwig 2011-06-24 1167 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1168
74cedf9b6c603f Jan Kara 2015-11-30 1169 /* Once we sampled i_size check for reads beyond EOF */
74cedf9b6c603f Jan Kara 2015-11-30 1170 dio->i_size = i_size_read(inode);
74cedf9b6c603f Jan Kara 2015-11-30 1171 if (iov_iter_rw(iter) == READ && offset >= dio->i_size) {
2d4594acbf6d8f Al Viro 2015-12-08 1172 retval = 0;
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1173 goto fail_dio;
74cedf9b6c603f Jan Kara 2015-11-30 1174 }
74cedf9b6c603f Jan Kara 2015-11-30 1175
446db6bc49cd5c Jens Axboe 2021-02-11 1176 if (offset & blocksize_mask) {
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 @1177 if (bdev)
^^^^
Hopefully this check can be removed? We would have crashed by this
point.
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1178 blkbits = blksize_bits(bdev_logical_block_size(bdev));
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1179 blocksize_mask = (1 << blkbits) - 1;
446db6bc49cd5c Jens Axboe 2021-02-11 1180 if (offset & blocksize_mask)
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1181 goto fail_dio;
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1182 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37898 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild-all@lists.01.org
Subject: [block:dio-mem-align 1/3] fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
Date: Mon, 15 Feb 2021 15:18:53 +0300 [thread overview]
Message-ID: <20210215121853.GG2087@kadam> (raw)
[-- Attachment #1: Type: text/plain, Size: 6252 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git dio-mem-align
head: 3d6ef82805958611e8ffa0a901c014b6f066c3e6
commit: 446db6bc49cd5c4a77daffbbcbe0cf69ff7a62e0 [1/3] fs: relax memory alignment restriction for O_DIRECT
config: x86_64-randconfig-m001-20210211 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
vim +/bdev +1177 fs/direct-io.c
65dd2aa90aa17a Andi Kleen 2012-01-12 1125 static inline ssize_t
17f8c842d24ac0 Omar Sandoval 2015-03-16 1126 do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode,
17f8c842d24ac0 Omar Sandoval 2015-03-16 1127 struct block_device *bdev, struct iov_iter *iter,
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1128 get_block_t get_block, dio_iodone_t end_io,
facd07b07d2a79 Josef Bacik 2010-05-23 1129 dio_submit_t submit_io, int flags)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1130 {
6aa7de059173a9 Mark Rutland 2017-10-23 1131 unsigned i_blkbits = READ_ONCE(inode->i_blkbits);
446db6bc49cd5c Jens Axboe 2021-02-11 @1132 struct request_queue *q = bdev_get_queue(bdev);
^^^^
Dereferenced inside the function (I didn't double check. #trustTheMachine)
ab73857e354ab9 Linus Torvalds 2012-11-29 1133 unsigned blkbits = i_blkbits;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1134 unsigned blocksize_mask = (1 << blkbits) - 1;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1135 ssize_t retval = -EINVAL;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1136 const size_t count = iov_iter_count(iter);
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1137 loff_t offset = iocb->ki_pos;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1138 const loff_t end = offset + count;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1139 struct dio *dio;
eb28be2b4c0a06 Andi Kleen 2011-08-01 1140 struct dio_submit sdio = { 0, };
847cc6371ba820 Andi Kleen 2011-08-01 1141 struct buffer_head map_bh = { 0, };
647d1e4c523576 Fengguang Wu 2012-08-09 1142 struct blk_plug plug;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1143
65dd2aa90aa17a Andi Kleen 2012-01-12 1144 /*
65dd2aa90aa17a Andi Kleen 2012-01-12 1145 * Avoid references to bdev if not absolutely needed to give
65dd2aa90aa17a Andi Kleen 2012-01-12 1146 * the early prefetch in the caller enough time.
65dd2aa90aa17a Andi Kleen 2012-01-12 1147 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1148
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1149 /* watch out for a 0 len io from a tricksy fs */
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1150 if (iov_iter_rw(iter) == READ && !count)
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1151 return 0;
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1152
6e8267f532a171 Andi Kleen 2011-08-01 1153 dio = kmem_cache_alloc(dio_cache, GFP_KERNEL);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1154 if (!dio)
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1155 return -ENOMEM;
23aee091d804ef Jeff Moyer 2009-12-15 1156 /*
23aee091d804ef Jeff Moyer 2009-12-15 1157 * Believe it or not, zeroing out the page array caused a .5%
23aee091d804ef Jeff Moyer 2009-12-15 1158 * performance regression in a database benchmark. So, we take
23aee091d804ef Jeff Moyer 2009-12-15 1159 * care to only zero out what's needed.
23aee091d804ef Jeff Moyer 2009-12-15 1160 */
23aee091d804ef Jeff Moyer 2009-12-15 1161 memset(dio, 0, offsetof(struct dio, pages));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1162
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1163 dio->flags = flags;
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1164 if (dio->flags & DIO_LOCKING && iov_iter_rw(iter) == READ) {
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1165 /* will be released by direct_io_worker */
5955102c9984fa Al Viro 2016-01-22 1166 inode_lock(inode);
df2d6f26586f12 Christoph Hellwig 2011-06-24 1167 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1168
74cedf9b6c603f Jan Kara 2015-11-30 1169 /* Once we sampled i_size check for reads beyond EOF */
74cedf9b6c603f Jan Kara 2015-11-30 1170 dio->i_size = i_size_read(inode);
74cedf9b6c603f Jan Kara 2015-11-30 1171 if (iov_iter_rw(iter) == READ && offset >= dio->i_size) {
2d4594acbf6d8f Al Viro 2015-12-08 1172 retval = 0;
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1173 goto fail_dio;
74cedf9b6c603f Jan Kara 2015-11-30 1174 }
74cedf9b6c603f Jan Kara 2015-11-30 1175
446db6bc49cd5c Jens Axboe 2021-02-11 1176 if (offset & blocksize_mask) {
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 @1177 if (bdev)
^^^^
Hopefully this check can be removed? We would have crashed by this
point.
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1178 blkbits = blksize_bits(bdev_logical_block_size(bdev));
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1179 blocksize_mask = (1 << blkbits) - 1;
446db6bc49cd5c Jens Axboe 2021-02-11 1180 if (offset & blocksize_mask)
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1181 goto fail_dio;
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1182 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37898 bytes --]
next reply other threads:[~2021-02-15 12:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-15 12:18 Dan Carpenter [this message]
2021-02-15 12:18 ` [block:dio-mem-align 1/3] fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132) Dan Carpenter
-- strict thread matches above, loose matches on Subject: below --
2021-02-12 9:40 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210215121853.GG2087@kadam \
--to=dan.carpenter@oracle.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.