re: fsdax: output address in dax_iomap_pfn() and rename it

From: Colin King (gmail)
Date: Mon Jun 06 2022 - 10:10:57 EST

Next message: Tzung-Bi Shih: "[PATCH 00/13] platform/chrome: Kunit tests and refactor for cros_ec_query_all()"
Previous message: Andy Shevchenko: "Re: [PATCH v2 1/6] serial: 8250: Store to lsr_save_flags after lsr read"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Static analysis with clang scan-build found a potential issue with the following commit in linux-next today:

commit 1447ac26a96463a05ad9f5cfba7eef43d52913ef
Author: Shiyang Ruan <ruansy.fnst@xxxxxxxxxxx>
Date: Fri Jun 3 13:37:32 2022 +0800

fsdax: output address in dax_iomap_pfn() and rename it

The analysis is as follows:

static int dax_iomap_direct_access(const struct iomap *iomap, loff_t pos,
size_t size, void **kaddr, pfn_t *pfnp)
{
pgoff_t pgoff = dax_iomap_pgoff(iomap, pos);
int id, rc;
long length;

id = dax_read_lock();
length = dax_direct_access(iomap->dax_dev, pgoff, PHYS_PFN(size),
DAX_ACCESS, kaddr, pfnp);
if (length < 0) {
rc = length;
goto out;
}
if (!pfnp)
goto out_check_addr;

The above check jumps to out_check_addr, if kaddr is null then rc is not set and a garbage uninitialized value for rc is returned on the out path.

rc = -EINVAL;
if (PFN_PHYS(length) < size)
goto out;
if (pfn_t_to_pfn(*pfnp) & (PHYS_PFN(size)-1))
goto out;
/* For larger pages we need devmap */
if (length > 1 && !pfn_t_devmap(*pfnp))
goto out;
rc = 0;

out_check_addr:
if (!kaddr)
goto out;
if (!*kaddr)
rc = -EFAULT;
out:
dax_read_unlock(id);
return rc;
}

Colin

Next message: Tzung-Bi Shih: "[PATCH 00/13] platform/chrome: Kunit tests and refactor for cros_ec_query_all()"
Previous message: Andy Shevchenko: "Re: [PATCH v2 1/6] serial: 8250: Store to lsr_save_flags after lsr read"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]