* [bug report] ublk_drv: add io_uring based userspace block driver
@ 2022-07-18 11:13 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2022-07-18 11:13 UTC (permalink / raw)
To: ming.lei; +Cc: linux-block
Hello Ming Lei,
The patch 71f28f3136af: "ublk_drv: add io_uring based userspace block
driver" from Jul 13, 2022, leads to the following Smatch static
checker warning:
drivers/block/ublk_drv.c:940 ublk_ch_uring_cmd()
error: potentially dereferencing uninitialized 'io'.
drivers/block/ublk_drv.c
863 static int ublk_ch_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags)
864 {
865 struct ublksrv_io_cmd *ub_cmd = (struct ublksrv_io_cmd *)cmd->cmd;
866 struct ublk_device *ub = cmd->file->private_data;
867 struct ublk_queue *ubq;
868 struct ublk_io *io;
869 u32 cmd_op = cmd->cmd_op;
870 unsigned tag = ub_cmd->tag;
871 int ret = -EINVAL;
872
873 pr_devel("%s: received: cmd op %d queue %d tag %d result %d\n",
874 __func__, cmd->cmd_op, ub_cmd->q_id, tag,
875 ub_cmd->result);
876
877 if (!(issue_flags & IO_URING_F_SQE128))
878 goto out;
"io" isn't intialized until later so this goto out will crash. Goto
out is always a red flag becaue the label name is too vague to say what
the goto does.
879
880 if (ub_cmd->q_id >= ub->dev_info.nr_hw_queues)
81 goto out;
882
883 ubq = ublk_get_queue(ub, ub_cmd->q_id);
884 if (!ubq || ub_cmd->q_id != ubq->q_id)
885 goto out;
886
887 if (ubq->ubq_daemon && ubq->ubq_daemon != current)
888 goto out;
889
890 if (tag >= ubq->q_depth)
891 goto out;
892
893 io = &ubq->ios[tag];
894
895 /* there is pending io cmd, something must be wrong */
896 if (io->flags & UBLK_IO_FLAG_ACTIVE) {
897 ret = -EBUSY;
898 goto out;
899 }
900
901 switch (cmd_op) {
902 case UBLK_IO_FETCH_REQ:
903 /* UBLK_IO_FETCH_REQ is only allowed before queue is setup */
904 if (ublk_queue_ready(ubq)) {
905 ret = -EBUSY;
906 goto out;
907 }
908 /*
909 * The io is being handled by server, so COMMIT_RQ is expected
910 * instead of FETCH_REQ
911 */
912 if (io->flags & UBLK_IO_FLAG_OWNED_BY_SRV)
913 goto out;
914 /* FETCH_RQ has to provide IO buffer */
915 if (!ub_cmd->addr)
916 goto out;
917 io->cmd = cmd;
918 io->flags |= UBLK_IO_FLAG_ACTIVE;
919 io->addr = ub_cmd->addr;
920
921 ublk_mark_io_ready(ub, ubq);
922 break;
923 case UBLK_IO_COMMIT_AND_FETCH_REQ:
924 /* FETCH_RQ has to provide IO buffer */
925 if (!ub_cmd->addr)
926 goto out;
927 if (!(io->flags & UBLK_IO_FLAG_OWNED_BY_SRV))
928 goto out;
929 io->addr = ub_cmd->addr;
930 io->flags |= UBLK_IO_FLAG_ACTIVE;
931 io->cmd = cmd;
932 ublk_commit_completion(ub, ub_cmd);
933 break;
934 default:
935 goto out;
936 }
937 return -EIOCBQUEUED;
938
939 out:
--> 940 io->flags &= ~UBLK_IO_FLAG_ACTIVE;
941 io_uring_cmd_done(cmd, ret, 0);
942 pr_devel("%s: complete: cmd op %d, tag %d ret %x io_flags %x\n",
943 __func__, cmd_op, tag, ret, io->flags);
944 return -EIOCBQUEUED;
945 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-07-18 11:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-18 11:13 [bug report] ublk_drv: add io_uring based userspace block driver Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.