* [bug report] ublk_drv: add io_uring based userspace block driver
@ 2022-07-18 11:13 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2022-07-18 11:13 UTC (permalink / raw)
To: ming.lei; +Cc: linux-block
Hello Ming Lei,
The patch 71f28f3136af: "ublk_drv: add io_uring based userspace block
driver" from Jul 13, 2022, leads to the following Smatch static
checker warning:
drivers/block/ublk_drv.c:940 ublk_ch_uring_cmd()
error: potentially dereferencing uninitialized 'io'.
drivers/block/ublk_drv.c
863 static int ublk_ch_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags)
864 {
865 struct ublksrv_io_cmd *ub_cmd = (struct ublksrv_io_cmd *)cmd->cmd;
866 struct ublk_device *ub = cmd->file->private_data;
867 struct ublk_queue *ubq;
868 struct ublk_io *io;
869 u32 cmd_op = cmd->cmd_op;
870 unsigned tag = ub_cmd->tag;
871 int ret = -EINVAL;
872
873 pr_devel("%s: received: cmd op %d queue %d tag %d result %d\n",
874 __func__, cmd->cmd_op, ub_cmd->q_id, tag,
875 ub_cmd->result);
876
877 if (!(issue_flags & IO_URING_F_SQE128))
878 goto out;
"io" isn't intialized until later so this goto out will crash. Goto
out is always a red flag becaue the label name is too vague to say what
the goto does.
879
880 if (ub_cmd->q_id >= ub->dev_info.nr_hw_queues)
81 goto out;
882
883 ubq = ublk_get_queue(ub, ub_cmd->q_id);
884 if (!ubq || ub_cmd->q_id != ubq->q_id)
885 goto out;
886
887 if (ubq->ubq_daemon && ubq->ubq_daemon != current)
888 goto out;
889
890 if (tag >= ubq->q_depth)
891 goto out;
892
893 io = &ubq->ios[tag];
894
895 /* there is pending io cmd, something must be wrong */
896 if (io->flags & UBLK_IO_FLAG_ACTIVE) {
897 ret = -EBUSY;
898 goto out;
899 }
900
901 switch (cmd_op) {
902 case UBLK_IO_FETCH_REQ:
903 /* UBLK_IO_FETCH_REQ is only allowed before queue is setup */
904 if (ublk_queue_ready(ubq)) {
905 ret = -EBUSY;
906 goto out;
907 }
908 /*
909 * The io is being handled by server, so COMMIT_RQ is expected
910 * instead of FETCH_REQ
911 */
912 if (io->flags & UBLK_IO_FLAG_OWNED_BY_SRV)
913 goto out;
914 /* FETCH_RQ has to provide IO buffer */
915 if (!ub_cmd->addr)
916 goto out;
917 io->cmd = cmd;
918 io->flags |= UBLK_IO_FLAG_ACTIVE;
919 io->addr = ub_cmd->addr;
920
921 ublk_mark_io_ready(ub, ubq);
922 break;
923 case UBLK_IO_COMMIT_AND_FETCH_REQ:
924 /* FETCH_RQ has to provide IO buffer */
925 if (!ub_cmd->addr)
926 goto out;
927 if (!(io->flags & UBLK_IO_FLAG_OWNED_BY_SRV))
928 goto out;
929 io->addr = ub_cmd->addr;
930 io->flags |= UBLK_IO_FLAG_ACTIVE;
931 io->cmd = cmd;
932 ublk_commit_completion(ub, ub_cmd);
933 break;
934 default:
935 goto out;
936 }
937 return -EIOCBQUEUED;
938
939 out:
--> 940 io->flags &= ~UBLK_IO_FLAG_ACTIVE;
941 io_uring_cmd_done(cmd, ret, 0);
942 pr_devel("%s: complete: cmd op %d, tag %d ret %x io_flags %x\n",
943 __func__, cmd_op, tag, ret, io->flags);
944 return -EIOCBQUEUED;
945 }
regards,
dan carpenter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-07-18 11:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-18 11:13 [bug report] ublk_drv: add io_uring based userspace block driver Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox