From: Dan Carpenter <dan.carpenter@oracle.com>
To: Jens Axboe <axboe@kernel.dk>
Cc: linux-fsdevel@vger.kernel.org
Subject: Re: [bug report] io_uring: add support for sqe links
Date: Mon, 27 May 2019 17:10:14 +0300 [thread overview]
Message-ID: <20190527141014.GI24680@kadam> (raw)
In-Reply-To: <e46527f2-44f9-499d-3de9-510fc8f08feb@kernel.dk>
On Mon, May 27, 2019 at 07:36:22AM -0600, Jens Axboe wrote:
> On 5/27/19 4:08 AM, Dan Carpenter wrote:
> > Hello Jens Axboe,
> >
> > The patch f3fafe4103bd: "io_uring: add support for sqe links" from
> > May 10, 2019, leads to the following static checker warning:
> >
> > fs/io_uring.c:623 io_req_link_next()
> > error: potential NULL dereference 'nxt'.
> >
> > fs/io_uring.c
> > 614 static void io_req_link_next(struct io_kiocb *req)
> > 615 {
> > 616 struct io_kiocb *nxt;
> > 617
> > 618 nxt = list_first_entry_or_null(&req->link_list, struct io_kiocb, list);
^^^^^^^^^^^^^^^
If this list is empty then "nxt" is NULL.
> > 619 list_del(&nxt->list);
> > ^^^^^^^^^
> > The warning is a false positive but this is a NULL dereference.
> >
> > 620 if (!list_empty(&req->link_list)) {
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
We're checking for list_empty() here.
> > 621 INIT_LIST_HEAD(&nxt->link_list);
> > ^^^^^
> > False positive.
>
> Both of them are false positives. I can work around them though, as it
> probably makes it a bit cleaner, too.
>
> >
> > 622 list_splice(&req->link_list, &nxt->link_list);
> > 623 nxt->flags |= REQ_F_LINK;
> > 624 }
> > 625
> > 626 INIT_WORK(&nxt->work, io_sq_wq_submit_work);
> > ^^^^^^^^^^
> > 627 queue_work(req->ctx->sqo_wq, &nxt->work);
> > ^^^^^^^^^^
> > Other bugs.
>
> Not sure what that means?
All these dereferences outside the if not empty check are a problem.
regards,
dan carpenter
next prev parent reply other threads:[~2019-05-27 14:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-27 10:08 [bug report] io_uring: add support for sqe links Dan Carpenter
2019-05-27 13:36 ` Jens Axboe
2019-05-27 14:10 ` Dan Carpenter [this message]
2019-05-27 14:34 ` Jens Axboe
2019-05-27 15:23 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190527141014.GI24680@kadam \
--to=dan.carpenter@oracle.com \
--cc=axboe@kernel.dk \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).