[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 6 Jun 2022 15:10:44 +0100
From: "Colin King (gmail)" <colin.i.king@...il.com>
To: Shiyang Ruan <ruansy.fnst@...itsu.com>
Cc: Alexander Viro <viro@...iv.linux.org.uk>,
Dan Williams <dan.j.williams@...el.com>,
Matthew Wilcox <willy@...radead.org>, Jan Kara <jack@...e.cz>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
nvdimm@...ts.linux.dev,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: fsdax: output address in dax_iomap_pfn() and rename it
Hi,
Static analysis with clang scan-build found a potential issue with the
following commit in linux-next today:
commit 1447ac26a96463a05ad9f5cfba7eef43d52913ef
Author: Shiyang Ruan <ruansy.fnst@...itsu.com>
Date: Fri Jun 3 13:37:32 2022 +0800
fsdax: output address in dax_iomap_pfn() and rename it
The analysis is as follows:
static int dax_iomap_direct_access(const struct iomap *iomap, loff_t pos,
size_t size, void **kaddr, pfn_t *pfnp)
{
pgoff_t pgoff = dax_iomap_pgoff(iomap, pos);
int id, rc;
long length;
id = dax_read_lock();
length = dax_direct_access(iomap->dax_dev, pgoff, PHYS_PFN(size),
DAX_ACCESS, kaddr, pfnp);
if (length < 0) {
rc = length;
goto out;
}
if (!pfnp)
goto out_check_addr;
The above check jumps to out_check_addr, if kaddr is null then rc is not
set and a garbage uninitialized value for rc is returned on the out path.
rc = -EINVAL;
if (PFN_PHYS(length) < size)
goto out;
if (pfn_t_to_pfn(*pfnp) & (PHYS_PFN(size)-1))
goto out;
/* For larger pages we need devmap */
if (length > 1 && !pfn_t_devmap(*pfnp))
goto out;
rc = 0;
out_check_addr:
if (!kaddr)
goto out;
if (!*kaddr)
rc = -EFAULT;
out:
dax_read_unlock(id);
return rc;
}
Colin
Powered by blists - more mailing lists