From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbusch@kernel.org
Cc: linux-block@vger.kernel.org
Subject: [bug report] block: fix leaking page ref on truncated direct io
Date: Tue, 12 Jul 2022 11:52:53 +0300 [thread overview]
Message-ID: <Ys02ZQ+ekH1b0Dtl@kili> (raw)
Hello Keith Busch,
The patch 7b1ccdf617ca: "block: fix leaking page ref on truncated
direct io" from Jul 5, 2022, leads to the following Smatch static
checker warning:
block/bio.c:1254 __bio_iov_iter_get_pages()
error: uninitialized symbol 'i'.
block/bio.c
1195 static int __bio_iov_iter_get_pages(struct bio *bio, struct iov_iter *iter)
1196 {
1197 unsigned short nr_pages = bio->bi_max_vecs - bio->bi_vcnt;
1198 unsigned short entries_left = bio->bi_max_vecs - bio->bi_vcnt;
1199 struct bio_vec *bv = bio->bi_io_vec + bio->bi_vcnt;
1200 struct page **pages = (struct page **)bv;
1201 ssize_t size, left;
1202 unsigned len, i;
1203 size_t offset, trim;
1204 int ret = 0;
1205
1206 /*
1207 * Move page array up in the allocated memory for the bio vecs as far as
1208 * possible so that we can start filling biovecs from the beginning
1209 * without overwriting the temporary page array.
1210 */
1211 BUILD_BUG_ON(PAGE_PTRS_PER_BVEC < 2);
1212 pages += entries_left * (PAGE_PTRS_PER_BVEC - 1);
1213
1214 /*
1215 * Each segment in the iov is required to be a block size multiple.
1216 * However, we may not be able to get the entire segment if it spans
1217 * more pages than bi_max_vecs allows, so we have to ALIGN_DOWN the
1218 * result to ensure the bio's total size is correct. The remainder of
1219 * the iov data will be picked up in the next bio iteration.
1220 */
1221 size = iov_iter_get_pages2(iter, pages, UINT_MAX - bio->bi_iter.bi_size,
1222 nr_pages, &offset);
1223 if (unlikely(size <= 0))
1224 return size ? size : -EFAULT;
1225
1226 nr_pages = DIV_ROUND_UP(offset + size, PAGE_SIZE);
1227
1228 trim = size & (bdev_logical_block_size(bio->bi_bdev) - 1);
1229 iov_iter_revert(iter, trim);
1230
1231 size -= trim;
1232 if (unlikely(!size)) {
1233 ret = -EFAULT;
1234 goto out;
"i" is uninitialized on this path. (You probably have already fixed
this and recieved a million other static checker notifications).
1235 }
1236
1237 for (left = size, i = 0; left > 0; left -= len, i++) {
1238 struct page *page = pages[i];
1239
1240 len = min_t(size_t, PAGE_SIZE - offset, left);
1241 if (bio_op(bio) == REQ_OP_ZONE_APPEND) {
1242 ret = bio_iov_add_zone_append_page(bio, page, len,
1243 offset);
1244 if (ret)
1245 break;
1246 } else
1247 bio_iov_add_page(bio, page, len, offset);
1248
1249 offset = 0;
1250 }
1251
1252 iov_iter_revert(iter, left);
1253 out:
--> 1254 while (i < nr_pages)
1255 put_page(pages[i++]);
1256
1257 return ret;
1258 }
regards,
dan carpenter
next reply other threads:[~2022-07-12 8:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-12 8:52 Dan Carpenter [this message]
2022-07-12 18:56 ` [bug report] block: fix leaking page ref on truncated direct io Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ys02ZQ+ekH1b0Dtl@kili \
--to=dan.carpenter@oracle.com \
--cc=kbusch@kernel.org \
--cc=linux-block@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox