* [block:dio-mem-align 1/3] fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
@ 2021-02-12 9:40 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2021-02-12 9:40 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 23124 bytes --]
CC: kbuild-all(a)lists.01.org
TO: Jens Axboe <axboe@kernel.dk>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git dio-mem-align
head: 3d6ef82805958611e8ffa0a901c014b6f066c3e6
commit: 446db6bc49cd5c4a77daffbbcbe0cf69ff7a62e0 [1/3] fs: relax memory alignment restriction for O_DIRECT
:::::: branch date: 18 hours ago
:::::: commit date: 18 hours ago
config: x86_64-randconfig-m001-20210211 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
vim +/bdev +1177 fs/direct-io.c
^1da177e4c3f41 Linus Torvalds 2005-04-16 1099
eafdc7d190a944 Christoph Hellwig 2010-06-04 1100 /*
eafdc7d190a944 Christoph Hellwig 2010-06-04 1101 * This is a library function for use by filesystem drivers.
eafdc7d190a944 Christoph Hellwig 2010-06-04 1102 *
eafdc7d190a944 Christoph Hellwig 2010-06-04 1103 * The locking rules are governed by the flags parameter:
eafdc7d190a944 Christoph Hellwig 2010-06-04 1104 * - if the flags value contains DIO_LOCKING we use a fancy locking
eafdc7d190a944 Christoph Hellwig 2010-06-04 1105 * scheme for dumb filesystems.
eafdc7d190a944 Christoph Hellwig 2010-06-04 1106 * For writes this function is called under i_mutex and returns with
eafdc7d190a944 Christoph Hellwig 2010-06-04 1107 * i_mutex held, for reads, i_mutex is not held on entry, but it is
eafdc7d190a944 Christoph Hellwig 2010-06-04 1108 * taken and dropped again before returning.
eafdc7d190a944 Christoph Hellwig 2010-06-04 1109 * - if the flags value does NOT contain DIO_LOCKING we don't use any
eafdc7d190a944 Christoph Hellwig 2010-06-04 1110 * internal locking but rather rely on the filesystem to synchronize
eafdc7d190a944 Christoph Hellwig 2010-06-04 1111 * direct I/O reads/writes versus each other and truncate.
df2d6f26586f12 Christoph Hellwig 2011-06-24 1112 *
df2d6f26586f12 Christoph Hellwig 2011-06-24 1113 * To help with locking against truncate we incremented the i_dio_count
df2d6f26586f12 Christoph Hellwig 2011-06-24 1114 * counter before starting direct I/O, and decrement it once we are done.
df2d6f26586f12 Christoph Hellwig 2011-06-24 1115 * Truncate can wait for it to reach zero to provide exclusion. It is
df2d6f26586f12 Christoph Hellwig 2011-06-24 1116 * expected that filesystem provide exclusion between new direct I/O
df2d6f26586f12 Christoph Hellwig 2011-06-24 1117 * and truncates. For DIO_LOCKING filesystems this is done by i_mutex,
df2d6f26586f12 Christoph Hellwig 2011-06-24 1118 * but other filesystems need to take care of this on their own.
ba253fbf6d3502 Andi Kleen 2011-08-01 1119 *
ba253fbf6d3502 Andi Kleen 2011-08-01 1120 * NOTE: if you pass "sdio" to anything by pointer make sure that function
ba253fbf6d3502 Andi Kleen 2011-08-01 1121 * is always inlined. Otherwise gcc is unable to split the structure into
ba253fbf6d3502 Andi Kleen 2011-08-01 1122 * individual fields and will generate much worse code. This is important
ba253fbf6d3502 Andi Kleen 2011-08-01 1123 * for the whole file.
eafdc7d190a944 Christoph Hellwig 2010-06-04 1124 */
65dd2aa90aa17a Andi Kleen 2012-01-12 1125 static inline ssize_t
17f8c842d24ac0 Omar Sandoval 2015-03-16 1126 do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode,
17f8c842d24ac0 Omar Sandoval 2015-03-16 1127 struct block_device *bdev, struct iov_iter *iter,
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1128 get_block_t get_block, dio_iodone_t end_io,
facd07b07d2a79 Josef Bacik 2010-05-23 1129 dio_submit_t submit_io, int flags)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1130 {
6aa7de059173a9 Mark Rutland 2017-10-23 1131 unsigned i_blkbits = READ_ONCE(inode->i_blkbits);
446db6bc49cd5c Jens Axboe 2021-02-11 @1132 struct request_queue *q = bdev_get_queue(bdev);
ab73857e354ab9 Linus Torvalds 2012-11-29 1133 unsigned blkbits = i_blkbits;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1134 unsigned blocksize_mask = (1 << blkbits) - 1;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1135 ssize_t retval = -EINVAL;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1136 const size_t count = iov_iter_count(iter);
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1137 loff_t offset = iocb->ki_pos;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1138 const loff_t end = offset + count;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1139 struct dio *dio;
eb28be2b4c0a06 Andi Kleen 2011-08-01 1140 struct dio_submit sdio = { 0, };
847cc6371ba820 Andi Kleen 2011-08-01 1141 struct buffer_head map_bh = { 0, };
647d1e4c523576 Fengguang Wu 2012-08-09 1142 struct blk_plug plug;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1143
65dd2aa90aa17a Andi Kleen 2012-01-12 1144 /*
65dd2aa90aa17a Andi Kleen 2012-01-12 1145 * Avoid references to bdev if not absolutely needed to give
65dd2aa90aa17a Andi Kleen 2012-01-12 1146 * the early prefetch in the caller enough time.
65dd2aa90aa17a Andi Kleen 2012-01-12 1147 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1148
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1149 /* watch out for a 0 len io from a tricksy fs */
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1150 if (iov_iter_rw(iter) == READ && !count)
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1151 return 0;
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1152
6e8267f532a171 Andi Kleen 2011-08-01 1153 dio = kmem_cache_alloc(dio_cache, GFP_KERNEL);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1154 if (!dio)
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1155 return -ENOMEM;
23aee091d804ef Jeff Moyer 2009-12-15 1156 /*
23aee091d804ef Jeff Moyer 2009-12-15 1157 * Believe it or not, zeroing out the page array caused a .5%
23aee091d804ef Jeff Moyer 2009-12-15 1158 * performance regression in a database benchmark. So, we take
23aee091d804ef Jeff Moyer 2009-12-15 1159 * care to only zero out what's needed.
23aee091d804ef Jeff Moyer 2009-12-15 1160 */
23aee091d804ef Jeff Moyer 2009-12-15 1161 memset(dio, 0, offsetof(struct dio, pages));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1162
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1163 dio->flags = flags;
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1164 if (dio->flags & DIO_LOCKING && iov_iter_rw(iter) == READ) {
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1165 /* will be released by direct_io_worker */
5955102c9984fa Al Viro 2016-01-22 1166 inode_lock(inode);
df2d6f26586f12 Christoph Hellwig 2011-06-24 1167 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1168
74cedf9b6c603f Jan Kara 2015-11-30 1169 /* Once we sampled i_size check for reads beyond EOF */
74cedf9b6c603f Jan Kara 2015-11-30 1170 dio->i_size = i_size_read(inode);
74cedf9b6c603f Jan Kara 2015-11-30 1171 if (iov_iter_rw(iter) == READ && offset >= dio->i_size) {
2d4594acbf6d8f Al Viro 2015-12-08 1172 retval = 0;
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1173 goto fail_dio;
74cedf9b6c603f Jan Kara 2015-11-30 1174 }
74cedf9b6c603f Jan Kara 2015-11-30 1175
446db6bc49cd5c Jens Axboe 2021-02-11 1176 if (offset & blocksize_mask) {
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 @1177 if (bdev)
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1178 blkbits = blksize_bits(bdev_logical_block_size(bdev));
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1179 blocksize_mask = (1 << blkbits) - 1;
446db6bc49cd5c Jens Axboe 2021-02-11 1180 if (offset & blocksize_mask)
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1181 goto fail_dio;
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1182 }
446db6bc49cd5c Jens Axboe 2021-02-11 1183 if (iov_iter_alignment(iter) & (unsigned long) q->dma_alignment)
446db6bc49cd5c Jens Axboe 2021-02-11 1184 goto fail_dio;
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1185
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1186 if (dio->flags & DIO_LOCKING && iov_iter_rw(iter) == READ) {
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1187 struct address_space *mapping = iocb->ki_filp->f_mapping;
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1188
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1189 retval = filemap_write_and_wait_range(mapping, offset, end - 1);
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1190 if (retval)
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1191 goto fail_dio;
74cedf9b6c603f Jan Kara 2015-11-30 1192 }
74cedf9b6c603f Jan Kara 2015-11-30 1193
^1da177e4c3f41 Linus Torvalds 2005-04-16 1194 /*
6039257378e4c8 Christoph Hellwig 2014-02-10 1195 * For file extending writes updating i_size before data writeouts
6039257378e4c8 Christoph Hellwig 2014-02-10 1196 * complete can expose uninitialized blocks in dumb filesystems.
6039257378e4c8 Christoph Hellwig 2014-02-10 1197 * In that case we need to wait for I/O completion even if asked
6039257378e4c8 Christoph Hellwig 2014-02-10 1198 * for an asynchronous write.
^1da177e4c3f41 Linus Torvalds 2005-04-16 1199 */
6039257378e4c8 Christoph Hellwig 2014-02-10 1200 if (is_sync_kiocb(iocb))
6039257378e4c8 Christoph Hellwig 2014-02-10 1201 dio->is_async = false;
c8f4c36f816230 Nikolay Borisov 2018-02-23 1202 else if (iov_iter_rw(iter) == WRITE && end > i_size_read(inode))
6039257378e4c8 Christoph Hellwig 2014-02-10 1203 dio->is_async = false;
6039257378e4c8 Christoph Hellwig 2014-02-10 1204 else
6039257378e4c8 Christoph Hellwig 2014-02-10 1205 dio->is_async = true;
6039257378e4c8 Christoph Hellwig 2014-02-10 1206
847cc6371ba820 Andi Kleen 2011-08-01 1207 dio->inode = inode;
8a4c1e42e0eb71 Mike Christie 2016-06-05 1208 if (iov_iter_rw(iter) == WRITE) {
8a4c1e42e0eb71 Mike Christie 2016-06-05 1209 dio->op = REQ_OP_WRITE;
70fd76140a6cb6 Christoph Hellwig 2016-11-01 1210 dio->op_flags = REQ_SYNC | REQ_IDLE;
03a07c92a9ed99 Goldwyn Rodrigues 2017-06-20 1211 if (iocb->ki_flags & IOCB_NOWAIT)
03a07c92a9ed99 Goldwyn Rodrigues 2017-06-20 1212 dio->op_flags |= REQ_NOWAIT;
8a4c1e42e0eb71 Mike Christie 2016-06-05 1213 } else {
8a4c1e42e0eb71 Mike Christie 2016-06-05 1214 dio->op = REQ_OP_READ;
8a4c1e42e0eb71 Mike Christie 2016-06-05 1215 }
d1e36282b0bbd5 Jens Axboe 2018-08-29 1216 if (iocb->ki_flags & IOCB_HIPRI)
d1e36282b0bbd5 Jens Axboe 2018-08-29 1217 dio->op_flags |= REQ_HIPRI;
02afc27faec94c Christoph Hellwig 2013-09-04 1218
02afc27faec94c Christoph Hellwig 2013-09-04 1219 /*
02afc27faec94c Christoph Hellwig 2013-09-04 1220 * For AIO O_(D)SYNC writes we need to defer completions to a workqueue
02afc27faec94c Christoph Hellwig 2013-09-04 1221 * so that we can call ->fsync.
02afc27faec94c Christoph Hellwig 2013-09-04 1222 */
332391a9935da9 Lukas Czerner 2017-09-21 1223 if (dio->is_async && iov_iter_rw(iter) == WRITE) {
332391a9935da9 Lukas Czerner 2017-09-21 1224 retval = 0;
d9c10e5b8863cf Jan Kara 2018-02-26 1225 if (iocb->ki_flags & IOCB_DSYNC)
02afc27faec94c Christoph Hellwig 2013-09-04 1226 retval = dio_set_defer_completion(dio);
332391a9935da9 Lukas Czerner 2017-09-21 1227 else if (!dio->inode->i_sb->s_dio_done_wq) {
332391a9935da9 Lukas Czerner 2017-09-21 1228 /*
332391a9935da9 Lukas Czerner 2017-09-21 1229 * In case of AIO write racing with buffered read we
332391a9935da9 Lukas Czerner 2017-09-21 1230 * need to defer completion. We can't decide this now,
332391a9935da9 Lukas Czerner 2017-09-21 1231 * however the workqueue needs to be initialized here.
332391a9935da9 Lukas Czerner 2017-09-21 1232 */
332391a9935da9 Lukas Czerner 2017-09-21 1233 retval = sb_init_dio_done_wq(dio->inode->i_sb);
332391a9935da9 Lukas Czerner 2017-09-21 1234 }
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1235 if (retval)
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1236 goto fail_dio;
02afc27faec94c Christoph Hellwig 2013-09-04 1237 }
02afc27faec94c Christoph Hellwig 2013-09-04 1238
02afc27faec94c Christoph Hellwig 2013-09-04 1239 /*
02afc27faec94c Christoph Hellwig 2013-09-04 1240 * Will be decremented at I/O completion time.
02afc27faec94c Christoph Hellwig 2013-09-04 1241 */
fe0f07d08ee35f Jens Axboe 2015-04-15 1242 inode_dio_begin(inode);
02afc27faec94c Christoph Hellwig 2013-09-04 1243
02afc27faec94c Christoph Hellwig 2013-09-04 1244 retval = 0;
847cc6371ba820 Andi Kleen 2011-08-01 1245 sdio.blkbits = blkbits;
ab73857e354ab9 Linus Torvalds 2012-11-29 1246 sdio.blkfactor = i_blkbits - blkbits;
847cc6371ba820 Andi Kleen 2011-08-01 1247 sdio.block_in_file = offset >> blkbits;
847cc6371ba820 Andi Kleen 2011-08-01 1248
847cc6371ba820 Andi Kleen 2011-08-01 1249 sdio.get_block = get_block;
847cc6371ba820 Andi Kleen 2011-08-01 1250 dio->end_io = end_io;
847cc6371ba820 Andi Kleen 2011-08-01 1251 sdio.submit_io = submit_io;
847cc6371ba820 Andi Kleen 2011-08-01 1252 sdio.final_block_in_bio = -1;
847cc6371ba820 Andi Kleen 2011-08-01 1253 sdio.next_block_for_io = -1;
847cc6371ba820 Andi Kleen 2011-08-01 1254
847cc6371ba820 Andi Kleen 2011-08-01 1255 dio->iocb = iocb;
847cc6371ba820 Andi Kleen 2011-08-01 1256
847cc6371ba820 Andi Kleen 2011-08-01 1257 spin_lock_init(&dio->bio_lock);
847cc6371ba820 Andi Kleen 2011-08-01 1258 dio->refcount = 1;
847cc6371ba820 Andi Kleen 2011-08-01 1259
00e23707442a75 David Howells 2018-10-22 1260 dio->should_dirty = iter_is_iovec(iter) && iov_iter_rw(iter) == READ;
7b2c99d15559e2 Al Viro 2014-03-15 1261 sdio.iter = iter;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1262 sdio.final_block_in_request = end >> blkbits;
7b2c99d15559e2 Al Viro 2014-03-15 1263
847cc6371ba820 Andi Kleen 2011-08-01 1264 /*
847cc6371ba820 Andi Kleen 2011-08-01 1265 * In case of non-aligned buffers, we may need 2 more
847cc6371ba820 Andi Kleen 2011-08-01 1266 * pages since we need to zero out first and last block.
847cc6371ba820 Andi Kleen 2011-08-01 1267 */
847cc6371ba820 Andi Kleen 2011-08-01 1268 if (unlikely(sdio.blkfactor))
847cc6371ba820 Andi Kleen 2011-08-01 1269 sdio.pages_in_io = 2;
847cc6371ba820 Andi Kleen 2011-08-01 1270
f67da30c1d5fc9 Al Viro 2014-03-19 1271 sdio.pages_in_io += iov_iter_npages(iter, INT_MAX);
847cc6371ba820 Andi Kleen 2011-08-01 1272
647d1e4c523576 Fengguang Wu 2012-08-09 1273 blk_start_plug(&plug);
647d1e4c523576 Fengguang Wu 2012-08-09 1274
847cc6371ba820 Andi Kleen 2011-08-01 1275 retval = do_direct_IO(dio, &sdio, &map_bh);
7b2c99d15559e2 Al Viro 2014-03-15 1276 if (retval)
847cc6371ba820 Andi Kleen 2011-08-01 1277 dio_cleanup(dio, &sdio);
847cc6371ba820 Andi Kleen 2011-08-01 1278
847cc6371ba820 Andi Kleen 2011-08-01 1279 if (retval == -ENOTBLK) {
847cc6371ba820 Andi Kleen 2011-08-01 1280 /*
847cc6371ba820 Andi Kleen 2011-08-01 1281 * The remaining part of the request will be
847cc6371ba820 Andi Kleen 2011-08-01 1282 * be handled by buffered I/O when we return
847cc6371ba820 Andi Kleen 2011-08-01 1283 */
847cc6371ba820 Andi Kleen 2011-08-01 1284 retval = 0;
847cc6371ba820 Andi Kleen 2011-08-01 1285 }
847cc6371ba820 Andi Kleen 2011-08-01 1286 /*
847cc6371ba820 Andi Kleen 2011-08-01 1287 * There may be some unwritten disk at the end of a part-written
847cc6371ba820 Andi Kleen 2011-08-01 1288 * fs-block-sized block. Go zero that now.
847cc6371ba820 Andi Kleen 2011-08-01 1289 */
847cc6371ba820 Andi Kleen 2011-08-01 1290 dio_zero_block(dio, &sdio, 1, &map_bh);
847cc6371ba820 Andi Kleen 2011-08-01 1291
847cc6371ba820 Andi Kleen 2011-08-01 1292 if (sdio.cur_page) {
847cc6371ba820 Andi Kleen 2011-08-01 1293 ssize_t ret2;
847cc6371ba820 Andi Kleen 2011-08-01 1294
847cc6371ba820 Andi Kleen 2011-08-01 1295 ret2 = dio_send_cur_page(dio, &sdio, &map_bh);
847cc6371ba820 Andi Kleen 2011-08-01 1296 if (retval == 0)
847cc6371ba820 Andi Kleen 2011-08-01 1297 retval = ret2;
09cbfeaf1a5a67 Kirill A. Shutemov 2016-04-01 1298 put_page(sdio.cur_page);
847cc6371ba820 Andi Kleen 2011-08-01 1299 sdio.cur_page = NULL;
847cc6371ba820 Andi Kleen 2011-08-01 1300 }
847cc6371ba820 Andi Kleen 2011-08-01 1301 if (sdio.bio)
847cc6371ba820 Andi Kleen 2011-08-01 1302 dio_bio_submit(dio, &sdio);
847cc6371ba820 Andi Kleen 2011-08-01 1303
647d1e4c523576 Fengguang Wu 2012-08-09 1304 blk_finish_plug(&plug);
647d1e4c523576 Fengguang Wu 2012-08-09 1305
847cc6371ba820 Andi Kleen 2011-08-01 1306 /*
847cc6371ba820 Andi Kleen 2011-08-01 1307 * It is possible that, we return short IO due to end of file.
847cc6371ba820 Andi Kleen 2011-08-01 1308 * In that case, we need to release all the pages we got hold on.
847cc6371ba820 Andi Kleen 2011-08-01 1309 */
847cc6371ba820 Andi Kleen 2011-08-01 1310 dio_cleanup(dio, &sdio);
847cc6371ba820 Andi Kleen 2011-08-01 1311
847cc6371ba820 Andi Kleen 2011-08-01 1312 /*
847cc6371ba820 Andi Kleen 2011-08-01 1313 * All block lookups have been performed. For READ requests
847cc6371ba820 Andi Kleen 2011-08-01 1314 * we can let i_mutex go now that its achieved its purpose
847cc6371ba820 Andi Kleen 2011-08-01 1315 * of protecting us from looking up uninitialized blocks.
847cc6371ba820 Andi Kleen 2011-08-01 1316 */
17f8c842d24ac0 Omar Sandoval 2015-03-16 1317 if (iov_iter_rw(iter) == READ && (dio->flags & DIO_LOCKING))
5955102c9984fa Al Viro 2016-01-22 1318 inode_unlock(dio->inode);
847cc6371ba820 Andi Kleen 2011-08-01 1319
847cc6371ba820 Andi Kleen 2011-08-01 1320 /*
847cc6371ba820 Andi Kleen 2011-08-01 1321 * The only time we want to leave bios in flight is when a successful
847cc6371ba820 Andi Kleen 2011-08-01 1322 * partial aio read or full aio write have been setup. In that case
847cc6371ba820 Andi Kleen 2011-08-01 1323 * bio completion will call aio_complete. The only time it's safe to
847cc6371ba820 Andi Kleen 2011-08-01 1324 * call aio_complete is when we return -EIOCBQUEUED, so we key on that.
847cc6371ba820 Andi Kleen 2011-08-01 1325 * This had *better* be the only place that raises -EIOCBQUEUED.
847cc6371ba820 Andi Kleen 2011-08-01 1326 */
847cc6371ba820 Andi Kleen 2011-08-01 1327 BUG_ON(retval == -EIOCBQUEUED);
847cc6371ba820 Andi Kleen 2011-08-01 1328 if (dio->is_async && retval == 0 && dio->result &&
17f8c842d24ac0 Omar Sandoval 2015-03-16 1329 (iov_iter_rw(iter) == READ || dio->result == count))
847cc6371ba820 Andi Kleen 2011-08-01 1330 retval = -EIOCBQUEUED;
af436472772d47 Christoph Hellwig 2014-07-30 1331 else
847cc6371ba820 Andi Kleen 2011-08-01 1332 dio_await_completion(dio);
847cc6371ba820 Andi Kleen 2011-08-01 1333
847cc6371ba820 Andi Kleen 2011-08-01 1334 if (drop_refcount(dio) == 0) {
ffe51f0142a291 Lukas Czerner 2017-10-17 1335 retval = dio_complete(dio, retval, DIO_COMPLETE_INVALIDATE);
847cc6371ba820 Andi Kleen 2011-08-01 1336 } else
847cc6371ba820 Andi Kleen 2011-08-01 1337 BUG_ON(retval != -EIOCBQUEUED);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1338
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1339 return retval;
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1340
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1341 fail_dio:
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1342 if (dio->flags & DIO_LOCKING && iov_iter_rw(iter) == READ)
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1343 inode_unlock(inode);
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1344
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1345 kmem_cache_free(dio_cache, dio);
7bb46a6734a7e1 npiggin(a)suse.de 2010-05-27 1346 return retval;
7bb46a6734a7e1 npiggin(a)suse.de 2010-05-27 1347 }
65dd2aa90aa17a Andi Kleen 2012-01-12 1348
:::::: The code at line 1177 was first introduced by commit
:::::: 41b21af388f94baf7433d4e7845703c7275251de direct-io: defer alignment check until after the EOF check
:::::: TO: Gabriel Krisman Bertazi <krisman@collabora.com>
:::::: CC: Jan Kara <jack@suse.cz>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37898 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* [block:dio-mem-align 1/3] fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
@ 2021-02-15 12:18 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2021-02-15 12:18 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 6252 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git dio-mem-align
head: 3d6ef82805958611e8ffa0a901c014b6f066c3e6
commit: 446db6bc49cd5c4a77daffbbcbe0cf69ff7a62e0 [1/3] fs: relax memory alignment restriction for O_DIRECT
config: x86_64-randconfig-m001-20210211 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
vim +/bdev +1177 fs/direct-io.c
65dd2aa90aa17a Andi Kleen 2012-01-12 1125 static inline ssize_t
17f8c842d24ac0 Omar Sandoval 2015-03-16 1126 do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode,
17f8c842d24ac0 Omar Sandoval 2015-03-16 1127 struct block_device *bdev, struct iov_iter *iter,
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1128 get_block_t get_block, dio_iodone_t end_io,
facd07b07d2a79 Josef Bacik 2010-05-23 1129 dio_submit_t submit_io, int flags)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1130 {
6aa7de059173a9 Mark Rutland 2017-10-23 1131 unsigned i_blkbits = READ_ONCE(inode->i_blkbits);
446db6bc49cd5c Jens Axboe 2021-02-11 @1132 struct request_queue *q = bdev_get_queue(bdev);
^^^^
Dereferenced inside the function (I didn't double check. #trustTheMachine)
ab73857e354ab9 Linus Torvalds 2012-11-29 1133 unsigned blkbits = i_blkbits;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1134 unsigned blocksize_mask = (1 << blkbits) - 1;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1135 ssize_t retval = -EINVAL;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1136 const size_t count = iov_iter_count(iter);
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1137 loff_t offset = iocb->ki_pos;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1138 const loff_t end = offset + count;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1139 struct dio *dio;
eb28be2b4c0a06 Andi Kleen 2011-08-01 1140 struct dio_submit sdio = { 0, };
847cc6371ba820 Andi Kleen 2011-08-01 1141 struct buffer_head map_bh = { 0, };
647d1e4c523576 Fengguang Wu 2012-08-09 1142 struct blk_plug plug;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1143
65dd2aa90aa17a Andi Kleen 2012-01-12 1144 /*
65dd2aa90aa17a Andi Kleen 2012-01-12 1145 * Avoid references to bdev if not absolutely needed to give
65dd2aa90aa17a Andi Kleen 2012-01-12 1146 * the early prefetch in the caller enough time.
65dd2aa90aa17a Andi Kleen 2012-01-12 1147 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1148
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1149 /* watch out for a 0 len io from a tricksy fs */
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1150 if (iov_iter_rw(iter) == READ && !count)
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1151 return 0;
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1152
6e8267f532a171 Andi Kleen 2011-08-01 1153 dio = kmem_cache_alloc(dio_cache, GFP_KERNEL);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1154 if (!dio)
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1155 return -ENOMEM;
23aee091d804ef Jeff Moyer 2009-12-15 1156 /*
23aee091d804ef Jeff Moyer 2009-12-15 1157 * Believe it or not, zeroing out the page array caused a .5%
23aee091d804ef Jeff Moyer 2009-12-15 1158 * performance regression in a database benchmark. So, we take
23aee091d804ef Jeff Moyer 2009-12-15 1159 * care to only zero out what's needed.
23aee091d804ef Jeff Moyer 2009-12-15 1160 */
23aee091d804ef Jeff Moyer 2009-12-15 1161 memset(dio, 0, offsetof(struct dio, pages));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1162
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1163 dio->flags = flags;
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1164 if (dio->flags & DIO_LOCKING && iov_iter_rw(iter) == READ) {
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1165 /* will be released by direct_io_worker */
5955102c9984fa Al Viro 2016-01-22 1166 inode_lock(inode);
df2d6f26586f12 Christoph Hellwig 2011-06-24 1167 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1168
74cedf9b6c603f Jan Kara 2015-11-30 1169 /* Once we sampled i_size check for reads beyond EOF */
74cedf9b6c603f Jan Kara 2015-11-30 1170 dio->i_size = i_size_read(inode);
74cedf9b6c603f Jan Kara 2015-11-30 1171 if (iov_iter_rw(iter) == READ && offset >= dio->i_size) {
2d4594acbf6d8f Al Viro 2015-12-08 1172 retval = 0;
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1173 goto fail_dio;
74cedf9b6c603f Jan Kara 2015-11-30 1174 }
74cedf9b6c603f Jan Kara 2015-11-30 1175
446db6bc49cd5c Jens Axboe 2021-02-11 1176 if (offset & blocksize_mask) {
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 @1177 if (bdev)
^^^^
Hopefully this check can be removed? We would have crashed by this
point.
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1178 blkbits = blksize_bits(bdev_logical_block_size(bdev));
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1179 blocksize_mask = (1 << blkbits) - 1;
446db6bc49cd5c Jens Axboe 2021-02-11 1180 if (offset & blocksize_mask)
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1181 goto fail_dio;
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1182 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37898 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* [block:dio-mem-align 1/3] fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
@ 2021-02-15 12:18 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2021-02-15 12:18 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 6252 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git dio-mem-align
head: 3d6ef82805958611e8ffa0a901c014b6f066c3e6
commit: 446db6bc49cd5c4a77daffbbcbe0cf69ff7a62e0 [1/3] fs: relax memory alignment restriction for O_DIRECT
config: x86_64-randconfig-m001-20210211 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132)
vim +/bdev +1177 fs/direct-io.c
65dd2aa90aa17a Andi Kleen 2012-01-12 1125 static inline ssize_t
17f8c842d24ac0 Omar Sandoval 2015-03-16 1126 do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode,
17f8c842d24ac0 Omar Sandoval 2015-03-16 1127 struct block_device *bdev, struct iov_iter *iter,
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1128 get_block_t get_block, dio_iodone_t end_io,
facd07b07d2a79 Josef Bacik 2010-05-23 1129 dio_submit_t submit_io, int flags)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1130 {
6aa7de059173a9 Mark Rutland 2017-10-23 1131 unsigned i_blkbits = READ_ONCE(inode->i_blkbits);
446db6bc49cd5c Jens Axboe 2021-02-11 @1132 struct request_queue *q = bdev_get_queue(bdev);
^^^^
Dereferenced inside the function (I didn't double check. #trustTheMachine)
ab73857e354ab9 Linus Torvalds 2012-11-29 1133 unsigned blkbits = i_blkbits;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1134 unsigned blocksize_mask = (1 << blkbits) - 1;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1135 ssize_t retval = -EINVAL;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1136 const size_t count = iov_iter_count(iter);
c8b8e32d700fe9 Christoph Hellwig 2016-04-07 1137 loff_t offset = iocb->ki_pos;
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1138 const loff_t end = offset + count;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1139 struct dio *dio;
eb28be2b4c0a06 Andi Kleen 2011-08-01 1140 struct dio_submit sdio = { 0, };
847cc6371ba820 Andi Kleen 2011-08-01 1141 struct buffer_head map_bh = { 0, };
647d1e4c523576 Fengguang Wu 2012-08-09 1142 struct blk_plug plug;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1143
65dd2aa90aa17a Andi Kleen 2012-01-12 1144 /*
65dd2aa90aa17a Andi Kleen 2012-01-12 1145 * Avoid references to bdev if not absolutely needed to give
65dd2aa90aa17a Andi Kleen 2012-01-12 1146 * the early prefetch in the caller enough time.
65dd2aa90aa17a Andi Kleen 2012-01-12 1147 */
^1da177e4c3f41 Linus Torvalds 2005-04-16 1148
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1149 /* watch out for a 0 len io from a tricksy fs */
1c0ff0f1bdeb18 Nikolay Borisov 2018-04-05 1150 if (iov_iter_rw(iter) == READ && !count)
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1151 return 0;
f9b5570d7fdedf Christoph Hellwig 2011-06-24 1152
6e8267f532a171 Andi Kleen 2011-08-01 1153 dio = kmem_cache_alloc(dio_cache, GFP_KERNEL);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1154 if (!dio)
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1155 return -ENOMEM;
23aee091d804ef Jeff Moyer 2009-12-15 1156 /*
23aee091d804ef Jeff Moyer 2009-12-15 1157 * Believe it or not, zeroing out the page array caused a .5%
23aee091d804ef Jeff Moyer 2009-12-15 1158 * performance regression in a database benchmark. So, we take
23aee091d804ef Jeff Moyer 2009-12-15 1159 * care to only zero out what's needed.
23aee091d804ef Jeff Moyer 2009-12-15 1160 */
23aee091d804ef Jeff Moyer 2009-12-15 1161 memset(dio, 0, offsetof(struct dio, pages));
^1da177e4c3f41 Linus Torvalds 2005-04-16 1162
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1163 dio->flags = flags;
0a9164cb7ff32d Gabriel Krisman Bertazi 2020-10-08 1164 if (dio->flags & DIO_LOCKING && iov_iter_rw(iter) == READ) {
5fe878ae7f82fb Christoph Hellwig 2009-12-15 1165 /* will be released by direct_io_worker */
5955102c9984fa Al Viro 2016-01-22 1166 inode_lock(inode);
df2d6f26586f12 Christoph Hellwig 2011-06-24 1167 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1168
74cedf9b6c603f Jan Kara 2015-11-30 1169 /* Once we sampled i_size check for reads beyond EOF */
74cedf9b6c603f Jan Kara 2015-11-30 1170 dio->i_size = i_size_read(inode);
74cedf9b6c603f Jan Kara 2015-11-30 1171 if (iov_iter_rw(iter) == READ && offset >= dio->i_size) {
2d4594acbf6d8f Al Viro 2015-12-08 1172 retval = 0;
46d716025a228d Gabriel Krisman Bertazi 2020-10-08 1173 goto fail_dio;
74cedf9b6c603f Jan Kara 2015-11-30 1174 }
74cedf9b6c603f Jan Kara 2015-11-30 1175
446db6bc49cd5c Jens Axboe 2021-02-11 1176 if (offset & blocksize_mask) {
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 @1177 if (bdev)
^^^^
Hopefully this check can be removed? We would have crashed by this
point.
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1178 blkbits = blksize_bits(bdev_logical_block_size(bdev));
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1179 blocksize_mask = (1 << blkbits) - 1;
446db6bc49cd5c Jens Axboe 2021-02-11 1180 if (offset & blocksize_mask)
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1181 goto fail_dio;
41b21af388f94b Gabriel Krisman Bertazi 2020-10-08 1182 }
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 37898 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-02-15 12:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-02-15 12:18 [block:dio-mem-align 1/3] fs/direct-io.c:1177 do_blockdev_direct_IO() warn: variable dereferenced before check 'bdev' (see line 1132) Dan Carpenter
2021-02-15 12:18 ` Dan Carpenter
-- strict thread matches above, loose matches on Subject: below --
2021-02-12 9:40 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.