| Message ID | 20230119213351.443388-19-trondmy@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Initial conversion of NFS basic I/O to use folios | expand |
On Thu, Jan 19, 2023 at 04:33:51PM -0500, trondmy@kernel.org wrote: > From: Trond Myklebust <trond.myklebust@hammerspace.com> > > All the callers are expected to supply a valid struct file argument, so > there is no need for the NULL check. Ummm. Not sure that's true. Look at this path: mapping_read_folio_gfp(mapping, index, gfp) do_read_cache_folio(mapping, index, NULL, NULL, gfp) filemap_read_folio(NULL, mapping->a_ops->read_folio, folio) It could well be that nobody does this to an NFS file! The places where I see this called tend to be filesystems doing it to block devices, or filesystems doing it to their own files (eg reading a journal file or quota file) But I'm suspicious of static match tools claiming it can't ever happen, and I'd like more details please. I can't find the original report. Also, it would have been nice to be cc'd on the folio conversion patches. > Reported-by: kernel test robot <lkp@intel.com> > Reported-by: Dan Carpenter <error27@gmail.com> > Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> > --- > fs/nfs/read.c | 8 +------- > 1 file changed, 1 insertion(+), 7 deletions(-) > > diff --git a/fs/nfs/read.c b/fs/nfs/read.c > index bf4154f9b48c..c380cff4108e 100644 > --- a/fs/nfs/read.c > +++ b/fs/nfs/read.c > @@ -355,13 +355,7 @@ int nfs_read_folio(struct file *file, struct folio *folio) > if (NFS_STALE(inode)) > goto out_unlock; > > - if (file == NULL) { > - ret = -EBADF; > - desc.ctx = nfs_find_open_context(inode, NULL, FMODE_READ); > - if (desc.ctx == NULL) > - goto out_unlock; > - } else > - desc.ctx = get_nfs_open_context(nfs_file_open_context(file)); > + desc.ctx = get_nfs_open_context(nfs_file_open_context(file)); > > xchg(&desc.ctx->error, 0); > nfs_pageio_init_read(&desc.pgio, inode, false, > -- > 2.39.0 >
On Thu, Feb 23, 2023 at 01:22:54PM +0000, Matthew Wilcox wrote: > But I'm suspicious of static match tools claiming it can't ever happen, > and I'd like more details please. I can't find the original report. I would never write a warning like that... However at the time when I reported the bug then Smatch did say that all the callers passed a non-NULL file pointer. I've reviewed my logs and that was true when I said it but it's not true now. :( Now Smatch says there are three callers and nfs_write_begin() passes a valid pointer, read_pages() passes either a valid pointer or a NULL and filemap_read_folio() passes an unknown pointer. https://lore.kernel.org/all/Y77+n9MyHgx%2FalA4@kadam/ The issue here is that the pointer was already derefernced on the lines before the check for NULL. struct inode *inode = file_inode(file); So either the dereference or the check was wrong. regards, dan carpenter
diff --git a/fs/nfs/read.c b/fs/nfs/read.c index bf4154f9b48c..c380cff4108e 100644 --- a/fs/nfs/read.c +++ b/fs/nfs/read.c @@ -355,13 +355,7 @@ int nfs_read_folio(struct file *file, struct folio *folio) if (NFS_STALE(inode)) goto out_unlock; - if (file == NULL) { - ret = -EBADF; - desc.ctx = nfs_find_open_context(inode, NULL, FMODE_READ); - if (desc.ctx == NULL) - goto out_unlock; - } else - desc.ctx = get_nfs_open_context(nfs_file_open_context(file)); + desc.ctx = get_nfs_open_context(nfs_file_open_context(file)); xchg(&desc.ctx->error, 0); nfs_pageio_init_read(&desc.pgio, inode, false,