hi Dan Carpenter,
On 2019/03/05 15:12, Dan Carpenter wrote:
> Hi liaoweixiong,
>
> url:
> https://github.com/0day-ci/linux/commits/liaoweixiong/pstore-block-new-support-logger-for-block-devices/20190303-142003
> base: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git
> for-next/pstore
>
> smatch warnings:
> fs/pstore/blkzone.c:180 blkz_zone_write() error: we previously assumed
> 'zone->buffer' could be null (see line 167)
>
> #
> https://github.com/0day-ci/linux/commit/113727d0f1946ad094dbc6531d653a88c7a221bf
> git remote add linux-review https://github.com/0day-ci/linux
> git remote update linux-review
> git checkout 113727d0f1946ad094dbc6531d653a88c7a221bf
> vim +180 fs/pstore/blkzone.c
>
> 113727d0 liaoweixiong 2019-02-28 153
> 113727d0 liaoweixiong 2019-02-28 154 static int blkz_zone_write(struct
> blkz_zone *zone,
> 113727d0 liaoweixiong 2019-02-28 155 enum blkz_flush_mode
> flush_mode, const char *buf,
> 113727d0 liaoweixiong 2019-02-28 156 size_t len, unsigned
> long off)
> 113727d0 liaoweixiong 2019-02-28 157 {
> 113727d0 liaoweixiong 2019-02-28 158 struct blkz_info *info =
> blkz_cxt.bzinfo;
> 113727d0 liaoweixiong 2019-02-28 159 ssize_t wcnt;
> 113727d0 liaoweixiong 2019-02-28 160 ssize_t (*writeop)(const char
> *buf, size_t bytes, loff_t pos);
> 113727d0 liaoweixiong 2019-02-28 161 size_t wlen;
> 113727d0 liaoweixiong 2019-02-28 162
> 113727d0 liaoweixiong 2019-02-28 163 if (off > zone->buffer_size)
> 113727d0 liaoweixiong 2019-02-28 164 return -EINVAL;
> 113727d0 liaoweixiong 2019-02-28 165 wlen = min_t(size_t, len,
> zone->buffer_size - off);
> 113727d0 liaoweixiong 2019-02-28 166 if (flush_mode != FLUSH_META &&
> flush_mode != FLUSH_NONE) {
> 113727d0 liaoweixiong 2019-02-28 @167 if (buf && zone->buffer)
> ^^^^^^^^^^^^
> Check.
>
zone->buffer should not be checked whether null as it will never be null
here. I will fix it on next version.
zone->buffer was allocated when the zone was initialized (see line 995).
Pstore/blk will not go on if allocates buffer for zone->buffer failed.
> 113727d0 liaoweixiong 2019-02-28 168
> memcpy(zone->buffer->data + off, buf, wlen);
> 113727d0 liaoweixiong 2019-02-28 169
> atomic_set(&zone->buffer->datalen, wlen + off);
> 113727d0 liaoweixiong 2019-02-28 170 }
> 113727d0 liaoweixiong 2019-02-28 171
> 113727d0 liaoweixiong 2019-02-28 172 writeop = is_on_panic() ?
> info->panic_write : info->write;
> 113727d0 liaoweixiong 2019-02-28 173 if (!writeop)
> 113727d0 liaoweixiong 2019-02-28 174 return -EINVAL;
> 113727d0 liaoweixiong 2019-02-28 175
> 113727d0 liaoweixiong 2019-02-28 176 switch (flush_mode) {
> 113727d0 liaoweixiong 2019-02-28 177 case FLUSH_NONE:
> 113727d0 liaoweixiong 2019-02-28 178 return 0;
> 113727d0 liaoweixiong 2019-02-28 179 case FLUSH_PART:
> 113727d0 liaoweixiong 2019-02-28 @180 wcnt = writeop((const
> char *)zone->buffer->data + off, wlen,
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Unchecked.
>
> 113727d0 liaoweixiong 2019-02-28 181
> zone->off + sizeof(*zone->buffer) + off);
>
> ^^^^^^^^^^^^
> This is weird. I can't fetch for-next/pstore so I don't know what
> type "buffer" is. It's vague. We also have ->buffer_size which seems
> like a more expected way to describe the size.
>
The type of buffer is struct blkz_buffer (see line 98). struct
blkz_buffer is a header of data, who's member data[0] point to real
data. The codes "sizeof(*zone->buffer)" just to get size of header.
There is a size recorder for blkz_buffer->data on struct blkz_zone. It
is no need to write to block device, that's why it do not live in struct
blkz_buffer.
> 113727d0 liaoweixiong 2019-02-28 182 if (wcnt != wlen)
> 113727d0 liaoweixiong 2019-02-28 183 goto set_dirty;
> 113727d0 liaoweixiong 2019-02-28 184 case FLUSH_META:
> 113727d0 liaoweixiong 2019-02-28 185 wlen = sizeof(struct
> blkz_buffer);
> 113727d0 liaoweixiong 2019-02-28 186 wcnt = writeop((const
> char *)zone->buffer, wlen, zone->off);
> 113727d0 liaoweixiong 2019-02-28 187 if (wcnt != wlen)
> 113727d0 liaoweixiong 2019-02-28 188 goto set_dirty;
> 113727d0 liaoweixiong 2019-02-28 189 break;
> 113727d0 liaoweixiong 2019-02-28 190 case FLUSH_ALL:
> 113727d0 liaoweixiong 2019-02-28 191 wlen =
> buffer_datalen(zone) + sizeof(*zone->buffer);
> 113727d0 liaoweixiong 2019-02-28 192 wcnt = writeop((const
> char *)zone->buffer, wlen, zone->off);
> 113727d0 liaoweixiong 2019-02-28 193 if (wcnt != wlen)
> 113727d0 liaoweixiong 2019-02-28 194 goto set_dirty;
> 113727d0 liaoweixiong 2019-02-28 195 break;
> 113727d0 liaoweixiong 2019-02-28 196 }
> 113727d0 liaoweixiong 2019-02-28 197
> 113727d0 liaoweixiong 2019-02-28 198 return 0;
> 113727d0 liaoweixiong 2019-02-28 199 set_dirty:
> 113727d0 liaoweixiong 2019-02-28 200 pr_err("write failed with %zd
> returned, set dirty\n", wcnt);
> 113727d0 liaoweixiong 2019-02-28 201 atomic_set(&zone->dirty, true);
> 113727d0 liaoweixiong 2019-02-28 202 return -EBUSY;
> 113727d0 liaoweixiong 2019-02-28 203 }
> 113727d0 liaoweixiong 2019-02-28 204
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
>
--
liaoweixiong
