:::::: :::::: Manual check reason: "low confidence bisect report" :::::: Manual check reason: "low confidence static check warning: io_uring/rw.c:382:17: warning: use of uninitialized value '<unknown>' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]" ::::::
BCC: l...@intel.com CC: kbuild-...@lists.01.org CC: linux-ker...@vger.kernel.org TO: Jens Axboe <ax...@kernel.dk> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 4e23eeebb2e57f5a28b36221aa776b5a1122dde5 commit: f3b44f92e59a804cf375479bda0bccbf4b6e6ef6 io_uring: move read/write related opcodes to its own file date: 2 weeks ago :::::: branch date: 8 hours ago :::::: commit date: 2 weeks ago config: arm-randconfig-c002-20220804 (https://download.01.org/0day-ci/archive/20220808/202208081640.ucdfbp65-...@intel.com/config) compiler: arm-linux-gnueabi-gcc (GCC) 12.1.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f3b44f92e59a804cf375479bda0bccbf4b6e6ef6 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout f3b44f92e59a804cf375479bda0bccbf4b6e6ef6 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross ARCH=arm KBUILD_USERCFLAGS='-fanalyzer -Wno-error' If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <l...@intel.com> gcc-analyzer warnings: (new ones prefixed by >>) | 'io_do_iopoll': event 5 | |cc1: | (5): ...to here | 'io_do_iopoll': event 6 | | 1076 | wq_list_for_each_resume(pos, prev) { | | ^~~ | | | | | (6) following 'true' branch (when 'pos' is non-NULL)... io_uring/io-wq.h:36:16: note: in definition of macro 'wq_list_for_each_resume' | 36 | for (; pos; prv = pos, pos = (pos)->next) | | ^~~ | 'io_do_iopoll': events 7-12 | |io_uring/rw.c:1077:17: | 1077 | struct io_kiocb *req = container_of(pos, struct io_kiocb, comp_list); | | ^~~~~~ | | | | | (7) ...to here |...... | 1080 | if (!smp_load_acquire(&req->iopoll_completed)) | | ~ | | | | | (8) following 'false' branch... | 1081 | break; | 1082 | nr_events++; | | ~~~~~~~~~ | | | | | (9) ...to here | 1083 | if (unlikely(req->flags & REQ_F_CQE_SKIP)) | | ~ | | | | | (10) following 'false' branch... |...... | 1086 | req->cqe.flags = io_put_kbuf(req, 0); | | ~~~ ~~~~~~~~~~~~~~~~~~~ | | | | | | (11) ...to here (12) calling 'io_put_kbuf' from 'io_do_iopoll' | +--> 'io_put_kbuf': events 13-18 | |io_uring/kbuf.h:105:28: | 105 | static inline unsigned int io_put_kbuf(struct io_kiocb *req, | | ^~~~~~~~~~~ | | | | | (13) entry to 'io_put_kbuf' |...... | 110 | if (!(req->flags & (REQ_F_BUFFER_SELECTED|REQ_F_BUFFER_RING))) | | ~ | | | | | (14) following 'false' branch... |...... | 125 | if (req->flags & REQ_F_BUFFER_RING) { | | ~~ ~ | | | | | | | (16) following 'true' branch... | | (15) ...to here | 126 | /* no buffers to recycle for this case */ | 127 | cflags = __io_put_kbuf(req, NULL); | | ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (18) calling '__io_put_kbuf' from 'io_put_kbuf' | | (17) ...to here | +--> '__io_put_kbuf': events 19-22 | | 82 | static unsigned int __io_put_kbuf(struct io_kiocb *req, struct list_head *list) | | ^~~~~~~~~~~~~ | | | | | (19) entry to '__io_put_kbuf' | 83 | { | 84 | if (req->flags & REQ_F_BUFFER_RING) { | | ~ | | | | | (20) following 'false' branch... |...... | 89 | list_add(&req->kbuf->list, list); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (21) ...to here | | (22) calling 'list_add' from '__io_put_kbuf' | +--> 'list_add': events 23-24 | |include/linux/list.h:86:20: | 86 | static inline void list_add(struct list_head *new, struct list_head *head) | | ^~~~~~~~ | | | | | (23) entry to 'list_add' | 87 | { | 88 | __list_add(new, head, head->next); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (24) dereference of NULL 'head' | io_uring/rw.c: In function '__io_iov_buffer_select': >> io_uring/rw.c:382:17: warning: use of uninitialized value '<unknown>' >> [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 382 | ssize_t len; | ^~~ 'io_write': events 1-4 | | 916 | int io_write(struct io_kiocb *req, unsigned int issue_flags) | | ^~~~~~~~ | | | | | (1) entry to 'io_write' |...... | 926 | if (!req_has_async_data(req)) { | | ~ | | | | | (2) following 'true' branch... | 927 | ret = io_import_iovec(WRITE, req, &iovec, s, issue_flags); | | ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (4) calling 'io_import_iovec' from 'io_write' | | (3) ...to here | +--> 'io_import_iovec': events 5-6 | | 473 | static inline int io_import_iovec(int rw, struct io_kiocb *req, | | ^~~~~~~~~~~~~~~ | | | | | (5) entry to 'io_import_iovec' |...... | 477 | *iovec = __io_import_iovec(rw, req, s, issue_flags); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (6) calling '__io_import_iovec' from 'io_import_iovec' | +--> '__io_import_iovec': events 7-14 | | 420 | static struct iovec *__io_import_iovec(int ddir, struct io_kiocb *req, | | ^~~~~~~~~~~~~~~~~ | | | | | (7) entry to '__io_import_iovec' |...... | 432 | if (opcode == IORING_OP_READ_FIXED || opcode == IORING_OP_WRITE_FIXED) { | | ~ | | | | | (8) following 'false' branch... |...... | 439 | buf = u64_to_user_ptr(rw->addr); | | ~~~ | | | | | (9) ...to here |...... | 442 | if (opcode == IORING_OP_READ || opcode == IORING_OP_WRITE) { | | ~ | | | | | (10) following 'false' branch... |...... | 457 | iovec = s->fast_iov; | | ~~~~~ | | | | | (11) ...to here | 458 | if (req->flags & REQ_F_BUFFER_SELECT) { | | ~ | | | | | (12) following 'true' branch... | 459 | ret = io_iov_buffer_select(req, iovec, issue_flags); | | ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (14) calling 'io_iov_buffer_select' from '__io_import_iovec' | | (13) ...to here | +--> 'io_iov_buffer_select': events 15-20 | | 399 | static ssize_t io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov, | | ^~~~~~~~~~~~~~~~~~~~ | | | | | (15) entry to 'io_iov_buffer_select' |...... | 404 | if (req->flags & (REQ_F_BUFFER_SELECTED|REQ_F_BUFFER_RING)) { | | ~ | | | | | (16) following 'false' branch... |...... | 409 | if (rw->len != 1) | | ~~ ~ | | | | | | | (18) following 'false' branch... | | (17) ...to here |...... | 417 | return __io_iov_buffer_select(req, iov, issue_flags); | | ~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (20) calling '__io_iov_buffer_select' from 'io_iov_buffer_select' | | (19) ...to here | +--> '__io_iov_buffer_select': events 21-22 | | 376 | static ssize_t __io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov, | | ^~~~~~~~~~~~~~~~~~~~~~ | | | | | (21) entry to '__io_iov_buffer_select' |...... | 382 | ssize_t len; | | ~~~ vim +382 io_uring/rw.c f3b44f92e59a80 Jens Axboe 2022-06-13 375 f3b44f92e59a80 Jens Axboe 2022-06-13 376 static ssize_t __io_iov_buffer_select(struct io_kiocb *req, struct iovec *iov, f3b44f92e59a80 Jens Axboe 2022-06-13 377 unsigned int issue_flags) f3b44f92e59a80 Jens Axboe 2022-06-13 378 { f3b44f92e59a80 Jens Axboe 2022-06-13 379 struct io_rw *rw = io_kiocb_to_cmd(req); f3b44f92e59a80 Jens Axboe 2022-06-13 380 struct iovec __user *uiov = u64_to_user_ptr(rw->addr); f3b44f92e59a80 Jens Axboe 2022-06-13 381 void __user *buf; f3b44f92e59a80 Jens Axboe 2022-06-13 @382 ssize_t len; f3b44f92e59a80 Jens Axboe 2022-06-13 383 f3b44f92e59a80 Jens Axboe 2022-06-13 384 if (copy_from_user(iov, uiov, sizeof(*uiov))) f3b44f92e59a80 Jens Axboe 2022-06-13 385 return -EFAULT; f3b44f92e59a80 Jens Axboe 2022-06-13 386 f3b44f92e59a80 Jens Axboe 2022-06-13 387 len = iov[0].iov_len; f3b44f92e59a80 Jens Axboe 2022-06-13 388 if (len < 0) f3b44f92e59a80 Jens Axboe 2022-06-13 389 return -EINVAL; f3b44f92e59a80 Jens Axboe 2022-06-13 390 buf = io_buffer_select(req, &len, issue_flags); f3b44f92e59a80 Jens Axboe 2022-06-13 391 if (!buf) f3b44f92e59a80 Jens Axboe 2022-06-13 392 return -ENOBUFS; f3b44f92e59a80 Jens Axboe 2022-06-13 393 rw->addr = (unsigned long) buf; f3b44f92e59a80 Jens Axboe 2022-06-13 394 iov[0].iov_base = buf; f3b44f92e59a80 Jens Axboe 2022-06-13 395 rw->len = iov[0].iov_len = len; f3b44f92e59a80 Jens Axboe 2022-06-13 396 return 0; f3b44f92e59a80 Jens Axboe 2022-06-13 397 } f3b44f92e59a80 Jens Axboe 2022-06-13 398 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- kbuild@lists.01.org To unsubscribe send an email to kbuild-le...@lists.01.org
