From: Dan Carpenter <dan.carpenter@oracle.com>
To: ming.lei@redhat.com
Cc: linux-block@vger.kernel.org
Subject: [bug report] ublk_drv: add io_uring based userspace block driver
Date: Mon, 18 Jul 2022 14:13:42 +0300 [thread overview]
Message-ID: <YtVAZlOkteVueVnb@kili> (raw)
Hello Ming Lei,
The patch 71f28f3136af: "ublk_drv: add io_uring based userspace block
driver" from Jul 13, 2022, leads to the following Smatch static
checker warning:
drivers/block/ublk_drv.c:940 ublk_ch_uring_cmd()
error: potentially dereferencing uninitialized 'io'.
drivers/block/ublk_drv.c
863 static int ublk_ch_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags)
864 {
865 struct ublksrv_io_cmd *ub_cmd = (struct ublksrv_io_cmd *)cmd->cmd;
866 struct ublk_device *ub = cmd->file->private_data;
867 struct ublk_queue *ubq;
868 struct ublk_io *io;
869 u32 cmd_op = cmd->cmd_op;
870 unsigned tag = ub_cmd->tag;
871 int ret = -EINVAL;
872
873 pr_devel("%s: received: cmd op %d queue %d tag %d result %d\n",
874 __func__, cmd->cmd_op, ub_cmd->q_id, tag,
875 ub_cmd->result);
876
877 if (!(issue_flags & IO_URING_F_SQE128))
878 goto out;
"io" isn't intialized until later so this goto out will crash. Goto
out is always a red flag becaue the label name is too vague to say what
the goto does.
879
880 if (ub_cmd->q_id >= ub->dev_info.nr_hw_queues)
81 goto out;
882
883 ubq = ublk_get_queue(ub, ub_cmd->q_id);
884 if (!ubq || ub_cmd->q_id != ubq->q_id)
885 goto out;
886
887 if (ubq->ubq_daemon && ubq->ubq_daemon != current)
888 goto out;
889
890 if (tag >= ubq->q_depth)
891 goto out;
892
893 io = &ubq->ios[tag];
894
895 /* there is pending io cmd, something must be wrong */
896 if (io->flags & UBLK_IO_FLAG_ACTIVE) {
897 ret = -EBUSY;
898 goto out;
899 }
900
901 switch (cmd_op) {
902 case UBLK_IO_FETCH_REQ:
903 /* UBLK_IO_FETCH_REQ is only allowed before queue is setup */
904 if (ublk_queue_ready(ubq)) {
905 ret = -EBUSY;
906 goto out;
907 }
908 /*
909 * The io is being handled by server, so COMMIT_RQ is expected
910 * instead of FETCH_REQ
911 */
912 if (io->flags & UBLK_IO_FLAG_OWNED_BY_SRV)
913 goto out;
914 /* FETCH_RQ has to provide IO buffer */
915 if (!ub_cmd->addr)
916 goto out;
917 io->cmd = cmd;
918 io->flags |= UBLK_IO_FLAG_ACTIVE;
919 io->addr = ub_cmd->addr;
920
921 ublk_mark_io_ready(ub, ubq);
922 break;
923 case UBLK_IO_COMMIT_AND_FETCH_REQ:
924 /* FETCH_RQ has to provide IO buffer */
925 if (!ub_cmd->addr)
926 goto out;
927 if (!(io->flags & UBLK_IO_FLAG_OWNED_BY_SRV))
928 goto out;
929 io->addr = ub_cmd->addr;
930 io->flags |= UBLK_IO_FLAG_ACTIVE;
931 io->cmd = cmd;
932 ublk_commit_completion(ub, ub_cmd);
933 break;
934 default:
935 goto out;
936 }
937 return -EIOCBQUEUED;
938
939 out:
--> 940 io->flags &= ~UBLK_IO_FLAG_ACTIVE;
941 io_uring_cmd_done(cmd, ret, 0);
942 pr_devel("%s: complete: cmd op %d, tag %d ret %x io_flags %x\n",
943 __func__, cmd_op, tag, ret, io->flags);
944 return -EIOCBQUEUED;
945 }
regards,
dan carpenter
reply other threads:[~2022-07-18 11:13 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YtVAZlOkteVueVnb@kili \
--to=dan.carpenter@oracle.com \
--cc=linux-block@vger.kernel.org \
--cc=ming.lei@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.