:::::: :::::: Manual check reason: "low confidence static check warning: fs/zonefs/file.c:441:16: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign]" :::::: BCC: lkp@intel.com CC: llvm@lists.linux.dev CC: oe-kbuild-all@lists.linux.dev In-Reply-To: <20230110130830.246019-3-damien.lemoal@opensource.wdc.com> References: <20230110130830.246019-3-damien.lemoal@opensource.wdc.com> TO: Damien Le Moal TO: linux-fsdevel@vger.kernel.org CC: Johannes Thumshirn CC: Jorgen Hansen Hi Damien, I love your patch! Perhaps something to improve: [auto build test WARNING on linus/master] [also build test WARNING on v6.2-rc4] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Damien-Le-Moal/zonefs-Detect-append-writes-at-invalid-locations/20230110-211343 patch link: https://lore.kernel.org/r/20230110130830.246019-3-damien.lemoal%40opensource.wdc.com patch subject: [PATCH 2/7] zonefs: Reorganize code :::::: branch date: 7 days ago :::::: commit date: 7 days ago config: arm-randconfig-c002-20230112 compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 8d9828ef5aa9688500657d36cd2aefbe12bbd162) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://github.com/intel-lab-lkp/linux/commit/fd708e0cef46457f215a3b666910694e8e689dc1 git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Damien-Le-Moal/zonefs-Detect-append-writes-at-invalid-locations/20230110-211343 git checkout fd708e0cef46457f215a3b666910694e8e689dc1 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer olddefconfig COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot clang_analyzer warnings: (new ones prefixed by >>) ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/md/persistent-data/dm-btree.c:1157:3: note: Value stored to 'node' is never read node = dm_block_data(shadow_current(s)); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. drivers/md/dm-raid1.c:1133:2: warning: Value stored to 'argv' is never read [clang-analyzer-deadcode.DeadStores] argv += args_used; ^ ~~~~~~~~~ drivers/md/dm-raid1.c:1133:2: note: Value stored to 'argv' is never read argv += args_used; ^ ~~~~~~~~~ drivers/md/dm-raid1.c:1413:3: warning: Value stored to 'sz' is never read [clang-analyzer-deadcode.DeadStores] sz += log->type->status(log, type, result+sz, maxlen-sz); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/md/dm-raid1.c:1413:3: note: Value stored to 'sz' is never read sz += log->type->status(log, type, result+sz, maxlen-sz); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/bio.h:559:6: warning: Access to field 'tail' results in a dereference of a null pointer (loaded from variable 'bl') [clang-analyzer-core.NullDereference] if (bl->tail) ^ drivers/md/dm-raid1.c:855:2: note: Loop condition is false. Exiting loop spin_lock_irqsave(&ms->lock, flags); ^ include/linux/spinlock.h:380:2: note: expanded from macro 'spin_lock_irqsave' raw_spin_lock_irqsave(spinlock_check(lock), flags); \ ^ include/linux/spinlock.h:241:2: note: expanded from macro 'raw_spin_lock_irqsave' do { \ ^ drivers/md/dm-raid1.c:855:2: note: Loop condition is false. Exiting loop spin_lock_irqsave(&ms->lock, flags); ^ include/linux/spinlock.h:378:43: note: expanded from macro 'spin_lock_irqsave' #define spin_lock_irqsave(lock, flags) \ ^ drivers/md/dm-raid1.c:867:2: note: Calling 'do_writes' do_writes(ms, &writes); ^~~~~~~~~~~~~~~~~~~~~~ drivers/md/dm-raid1.c:681:42: note: 'this_list' initialized to a null pointer value struct bio_list sync, nosync, recover, *this_list = NULL; ^~~~~~~~~ drivers/md/dm-raid1.c:686:6: note: Assuming field 'head' is non-null if (!writes->head) ^~~~~~~~~~~~~ drivers/md/dm-raid1.c:686:2: note: Taking false branch if (!writes->head) ^ drivers/md/dm-raid1.c:697:2: note: Loop condition is true. Entering loop body while ((bio = bio_list_pop(writes))) { ^ drivers/md/dm-raid1.c:698:8: note: Assuming the condition is false if ((bio->bi_opf & REQ_PREFLUSH) || ^~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/md/dm-raid1.c:698:7: note: Left side of '||' is false if ((bio->bi_opf & REQ_PREFLUSH) || ^ drivers/md/dm-raid1.c:699:8: note: Assuming the condition is false (bio_op(bio) == REQ_OP_DISCARD)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/md/dm-raid1.c:698:3: note: Taking false branch if ((bio->bi_opf & REQ_PREFLUSH) || ^ drivers/md/dm-raid1.c:706:7: note: Assuming field 'is_remote_recovering' is null if (log->type->is_remote_recovering && ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/md/dm-raid1.c:706:39: note: Left side of '&&' is false if (log->type->is_remote_recovering && ^ drivers/md/dm-raid1.c:713:3: note: 'Default' branch taken. Execution continues on line 728 switch (state) { ^ drivers/md/dm-raid1.c:728:16: note: Passing null pointer value via 1st parameter 'bl' bio_list_add(this_list, bio); ^~~~~~~~~ drivers/md/dm-raid1.c:728:3: note: Calling 'bio_list_add' bio_list_add(this_list, bio); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/bio.h:559:6: note: Access to field 'tail' results in a dereference of a null pointer (loaded from variable 'bl') if (bl->tail) ^~ Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 1 warning generated. Suppressed 1 warnings (1 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 7 warnings generated. Suppressed 7 warnings (7 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. >> fs/zonefs/file.c:441:16: warning: Assigned value is garbage or undefined [clang-analyzer-core.uninitialized.Assign] iocb->ki_pos += size; ^ fs/zonefs/file.c:638:6: note: Assuming the condition is true if (unlikely(IS_IMMUTABLE(inode))) ^ include/linux/compiler.h:48:24: note: expanded from macro 'unlikely' # define unlikely(x) (__branch_check__(x, 0, __builtin_constant_p(x))) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:33:32: note: expanded from macro '__branch_check__' ______r = __builtin_expect(!!(x), expect); \ ^~~~ fs/zonefs/file.c:638:2: note: Taking false branch if (unlikely(IS_IMMUTABLE(inode))) ^ fs/zonefs/file.c:641:6: note: Assuming the condition is false if (sb_rdonly(inode->i_sb)) ^~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:641:2: note: Taking false branch if (sb_rdonly(inode->i_sb)) ^ fs/zonefs/file.c:645:6: note: Assuming field 'ki_pos' is < field 'i_max_size' if (iocb->ki_pos >= ZONEFS_I(inode)->i_max_size) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:645:2: note: Taking false branch if (iocb->ki_pos >= ZONEFS_I(inode)->i_max_size) ^ fs/zonefs/file.c:648:6: note: Assuming the condition is true if (iocb->ki_flags & IOCB_DIRECT) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:648:2: note: Taking true branch if (iocb->ki_flags & IOCB_DIRECT) { ^ fs/zonefs/file.c:649:17: note: Calling 'zonefs_file_dio_write' ssize_t ret = zonefs_file_dio_write(iocb, from); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:534:6: note: Assuming field 'i_ztype' is not equal to ZONEFS_ZTYPE_SEQ if (zi->i_ztype == ZONEFS_ZTYPE_SEQ && !sync && ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:534:38: note: Left side of '&&' is false if (zi->i_ztype == ZONEFS_ZTYPE_SEQ && !sync && ^ fs/zonefs/file.c:538:6: note: Assuming the condition is true if (iocb->ki_flags & IOCB_NOWAIT) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:538:2: note: Taking true branch if (iocb->ki_flags & IOCB_NOWAIT) { ^ fs/zonefs/file.c:539:7: note: Assuming the condition is false if (!inode_trylock(inode)) ^~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:539:3: note: Taking false branch if (!inode_trylock(inode)) ^ fs/zonefs/file.c:546:6: note: 'count' is > 0 if (count <= 0) { ^~~~~ fs/zonefs/file.c:546:2: note: Taking false branch if (count <= 0) { ^ fs/zonefs/file.c:551:6: note: Assuming the condition is false if ((iocb->ki_pos | count) & (sb->s_blocksize - 1)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:551:2: note: Taking false branch if ((iocb->ki_pos | count) & (sb->s_blocksize - 1)) { ^ fs/zonefs/file.c:557:6: note: Assuming field 'i_ztype' is equal to ZONEFS_ZTYPE_SEQ if (zi->i_ztype == ZONEFS_ZTYPE_SEQ) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:557:2: note: Taking true branch if (zi->i_ztype == ZONEFS_ZTYPE_SEQ) { ^ fs/zonefs/file.c:559:7: note: Assuming field 'ki_pos' is equal to field 'i_wpoffset' if (iocb->ki_pos != zi->i_wpoffset) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:559:3: note: Taking false branch if (iocb->ki_pos != zi->i_wpoffset) { ^ fs/zonefs/file.c:568:6: note: 'append' is true if (append) ^~~~~~ fs/zonefs/file.c:568:2: note: Taking true branch if (append) ^ fs/zonefs/file.c:569:9: note: Calling 'zonefs_file_dio_append' ret = zonefs_file_dio_append(iocb, from); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/zonefs/file.c:385:2: note: 'size' declared without an initial value ssize_t size; ^~~~~~~~~~~~ fs/zonefs/file.c:393:6: note: Assuming 'nr_pages' is not equal to 0 if (!nr_pages) ^~~~~~~~~ fs/zonefs/file.c:393:2: note: Taking false branch if (!nr_pages) ^ fs/zonefs/file.c:400:2: note: Taking true branch if (iocb_is_dsync(iocb)) ^ fs/zonefs/file.c:404:6: note: Assuming 'ret' is not equal to 0 if (unlikely(ret)) vim +441 fs/zonefs/file.c fd708e0cef4645 Damien Le Moal 2023-01-10 377 fd708e0cef4645 Damien Le Moal 2023-01-10 378 static ssize_t zonefs_file_dio_append(struct kiocb *iocb, struct iov_iter *from) fd708e0cef4645 Damien Le Moal 2023-01-10 379 { fd708e0cef4645 Damien Le Moal 2023-01-10 380 struct inode *inode = file_inode(iocb->ki_filp); fd708e0cef4645 Damien Le Moal 2023-01-10 381 struct zonefs_inode_info *zi = ZONEFS_I(inode); fd708e0cef4645 Damien Le Moal 2023-01-10 382 struct block_device *bdev = inode->i_sb->s_bdev; fd708e0cef4645 Damien Le Moal 2023-01-10 383 unsigned int max = bdev_max_zone_append_sectors(bdev); fd708e0cef4645 Damien Le Moal 2023-01-10 384 struct bio *bio; fd708e0cef4645 Damien Le Moal 2023-01-10 385 ssize_t size; fd708e0cef4645 Damien Le Moal 2023-01-10 386 int nr_pages; fd708e0cef4645 Damien Le Moal 2023-01-10 387 ssize_t ret; fd708e0cef4645 Damien Le Moal 2023-01-10 388 fd708e0cef4645 Damien Le Moal 2023-01-10 389 max = ALIGN_DOWN(max << SECTOR_SHIFT, inode->i_sb->s_blocksize); fd708e0cef4645 Damien Le Moal 2023-01-10 390 iov_iter_truncate(from, max); fd708e0cef4645 Damien Le Moal 2023-01-10 391 fd708e0cef4645 Damien Le Moal 2023-01-10 392 nr_pages = iov_iter_npages(from, BIO_MAX_VECS); fd708e0cef4645 Damien Le Moal 2023-01-10 393 if (!nr_pages) fd708e0cef4645 Damien Le Moal 2023-01-10 394 return 0; fd708e0cef4645 Damien Le Moal 2023-01-10 395 fd708e0cef4645 Damien Le Moal 2023-01-10 396 bio = bio_alloc(bdev, nr_pages, fd708e0cef4645 Damien Le Moal 2023-01-10 397 REQ_OP_ZONE_APPEND | REQ_SYNC | REQ_IDLE, GFP_NOFS); fd708e0cef4645 Damien Le Moal 2023-01-10 398 bio->bi_iter.bi_sector = zi->i_zsector; fd708e0cef4645 Damien Le Moal 2023-01-10 399 bio->bi_ioprio = iocb->ki_ioprio; fd708e0cef4645 Damien Le Moal 2023-01-10 400 if (iocb_is_dsync(iocb)) fd708e0cef4645 Damien Le Moal 2023-01-10 401 bio->bi_opf |= REQ_FUA; fd708e0cef4645 Damien Le Moal 2023-01-10 402 fd708e0cef4645 Damien Le Moal 2023-01-10 403 ret = bio_iov_iter_get_pages(bio, from); fd708e0cef4645 Damien Le Moal 2023-01-10 404 if (unlikely(ret)) fd708e0cef4645 Damien Le Moal 2023-01-10 405 goto out_release; fd708e0cef4645 Damien Le Moal 2023-01-10 406 fd708e0cef4645 Damien Le Moal 2023-01-10 407 size = bio->bi_iter.bi_size; fd708e0cef4645 Damien Le Moal 2023-01-10 408 task_io_account_write(size); fd708e0cef4645 Damien Le Moal 2023-01-10 409 fd708e0cef4645 Damien Le Moal 2023-01-10 410 if (iocb->ki_flags & IOCB_HIPRI) fd708e0cef4645 Damien Le Moal 2023-01-10 411 bio_set_polled(bio, iocb); fd708e0cef4645 Damien Le Moal 2023-01-10 412 fd708e0cef4645 Damien Le Moal 2023-01-10 413 ret = submit_bio_wait(bio); fd708e0cef4645 Damien Le Moal 2023-01-10 414 fd708e0cef4645 Damien Le Moal 2023-01-10 415 /* fd708e0cef4645 Damien Le Moal 2023-01-10 416 * If the file zone was written underneath the file system, the zone fd708e0cef4645 Damien Le Moal 2023-01-10 417 * write pointer may not be where we expect it to be, but the zone fd708e0cef4645 Damien Le Moal 2023-01-10 418 * append write can still succeed. So check manually that we wrote where fd708e0cef4645 Damien Le Moal 2023-01-10 419 * we intended to, that is, at zi->i_wpoffset. fd708e0cef4645 Damien Le Moal 2023-01-10 420 */ fd708e0cef4645 Damien Le Moal 2023-01-10 421 if (!ret) { fd708e0cef4645 Damien Le Moal 2023-01-10 422 sector_t wpsector = fd708e0cef4645 Damien Le Moal 2023-01-10 423 zi->i_zsector + (zi->i_wpoffset >> SECTOR_SHIFT); fd708e0cef4645 Damien Le Moal 2023-01-10 424 fd708e0cef4645 Damien Le Moal 2023-01-10 425 if (bio->bi_iter.bi_sector != wpsector) { fd708e0cef4645 Damien Le Moal 2023-01-10 426 zonefs_warn(inode->i_sb, fd708e0cef4645 Damien Le Moal 2023-01-10 427 "Corrupted write pointer %llu for zone at %llu\n", fd708e0cef4645 Damien Le Moal 2023-01-10 428 wpsector, zi->i_zsector); fd708e0cef4645 Damien Le Moal 2023-01-10 429 ret = -EIO; fd708e0cef4645 Damien Le Moal 2023-01-10 430 } fd708e0cef4645 Damien Le Moal 2023-01-10 431 } fd708e0cef4645 Damien Le Moal 2023-01-10 432 fd708e0cef4645 Damien Le Moal 2023-01-10 433 zonefs_file_write_dio_end_io(iocb, size, ret, 0); fd708e0cef4645 Damien Le Moal 2023-01-10 434 trace_zonefs_file_dio_append(inode, size, ret); fd708e0cef4645 Damien Le Moal 2023-01-10 435 fd708e0cef4645 Damien Le Moal 2023-01-10 436 out_release: fd708e0cef4645 Damien Le Moal 2023-01-10 437 bio_release_pages(bio, false); fd708e0cef4645 Damien Le Moal 2023-01-10 438 bio_put(bio); fd708e0cef4645 Damien Le Moal 2023-01-10 439 fd708e0cef4645 Damien Le Moal 2023-01-10 440 if (ret >= 0) { fd708e0cef4645 Damien Le Moal 2023-01-10 @441 iocb->ki_pos += size; fd708e0cef4645 Damien Le Moal 2023-01-10 442 return size; fd708e0cef4645 Damien Le Moal 2023-01-10 443 } fd708e0cef4645 Damien Le Moal 2023-01-10 444 fd708e0cef4645 Damien Le Moal 2023-01-10 445 return ret; fd708e0cef4645 Damien Le Moal 2023-01-10 446 } fd708e0cef4645 Damien Le Moal 2023-01-10 447 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests