From: Dan Carpenter <dan.carpenter@linaro.org>
To: kent.overstreet@gmail.com
Cc: linux-bcachefs@vger.kernel.org
Subject: [bug report] bcachefs: missing error checks for bio_alloc_bioset()
Date: Wed, 31 Jan 2024 17:52:11 +0300 [thread overview]
Message-ID: <0c35596b-a280-40df-946c-c50574c3ce26@moroto.mountain> (raw)
Hello Kent Overstreet,
The patch 1c6fdbd8f246: "bcachefs: Initial commit" from Mar 16, 2017
(linux-next), leads to the following Smatch static checker warning:
fs/bcachefs/btree_io.c:1672 bch2_btree_node_read() potential NULL container_of 'bio'
fs/bcachefs/btree_io.c:2165 __bch2_btree_node_write() potential NULL container_of 'bio_alloc_bioset()'
fs/bcachefs/ec.c:734 ec_block_io() potential NULL container_of 'bio_alloc_bioset()'
fs/bcachefs/fs-io-buffered.c:489 bch2_writepage_io_alloc() potential NULL container_of 'bio_alloc_bioset()'
fs/bcachefs/fs-io.c:81 bch2_inode_flush_nocow_writes_async() potential NULL container_of 'bio_alloc_bioset()'
fs/bcachefs/io_write.c:407 bch2_submit_wbio_replicas() potential NULL container_of 'bio_alloc_clone()'
fs/bcachefs/fs-io-direct.c:622 bch2_direct_write() potential NULL container_of 'bio'
fs/bcachefs/btree_io.c
1628 void bch2_btree_node_read(struct btree_trans *trans, struct btree *b,
1629 bool sync)
1630 {
1631 struct bch_fs *c = trans->c;
1632 struct extent_ptr_decoded pick;
1633 struct btree_read_bio *rb;
1634 struct bch_dev *ca;
1635 struct bio *bio;
1636 int ret;
1637
1638 trace_and_count(c, btree_node_read, trans, b);
1639
1640 if (bch2_verify_all_btree_replicas &&
1641 !btree_node_read_all_replicas(c, b, sync))
1642 return;
1643
1644 ret = bch2_bkey_pick_read_device(c, bkey_i_to_s_c(&b->key),
1645 NULL, &pick);
1646
1647 if (ret <= 0) {
1648 struct printbuf buf = PRINTBUF;
1649
1650 prt_str(&buf, "btree node read error: no device to read from\n at ");
1651 bch2_btree_pos_to_text(&buf, c, b);
1652 bch_err(c, "%s", buf.buf);
1653
1654 if (c->recovery_passes_explicit & BIT_ULL(BCH_RECOVERY_PASS_check_topology) &&
1655 c->curr_recovery_pass > BCH_RECOVERY_PASS_check_topology)
1656 bch2_fatal_error(c);
1657
1658 set_btree_node_read_error(b);
1659 clear_btree_node_read_in_flight(b);
1660 wake_up_bit(&b->flags, BTREE_NODE_read_in_flight);
1661 printbuf_exit(&buf);
1662 return;
1663 }
1664
1665 ca = bch_dev_bkey_exists(c, pick.ptr.dev);
1666
1667 bio = bio_alloc_bioset(NULL,
^^^^^^^^^^^^^^^^^^^^^^
No check for if bio_alloc_bioset() returns NULL.
1668 buf_pages(b->data, btree_buf_bytes(b)),
1669 REQ_OP_READ|REQ_SYNC|REQ_META,
1670 GFP_NOFS,
1671 &c->btree_bio);
--> 1672 rb = container_of(bio, struct btree_read_bio, bio);
1673 rb->c = c;
1674 rb->b = b;
1675 rb->ra = NULL;
1676 rb->start_time = local_clock();
1677 rb->have_ioref = bch2_dev_get_ioref(ca, READ);
1678 rb->pick = pick;
1679 INIT_WORK(&rb->work, btree_node_read_work);
1680 bio->bi_iter.bi_sector = pick.ptr.offset;
1681 bio->bi_end_io = btree_node_read_endio;
1682 bch2_bio_map(bio, b->data, btree_buf_bytes(b));
1683
1684 if (rb->have_ioref) {
1685 this_cpu_add(ca->io_done->sectors[READ][BCH_DATA_btree],
1686 bio_sectors(bio));
1687 bio_set_dev(bio, ca->disk_sb.bdev);
1688
1689 if (sync) {
1690 submit_bio_wait(bio);
1691 bch2_latency_acct(ca, rb->start_time, READ);
1692 btree_node_read_work(&rb->work);
1693 } else {
1694 submit_bio(bio);
1695 }
1696 } else {
1697 bio->bi_status = BLK_STS_REMOVED;
1698
1699 if (sync)
1700 btree_node_read_work(&rb->work);
1701 else
1702 queue_work(c->io_complete_wq, &rb->work);
1703 }
1704 }
regards,
dan carpenter
next reply other threads:[~2024-01-31 14:52 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-31 14:52 Dan Carpenter [this message]
2024-01-31 15:10 ` [bug report] bcachefs: missing error checks for bio_alloc_bioset() Kent Overstreet
2024-01-31 15:24 ` Dan Carpenter
2024-01-31 15:59 ` Kent Overstreet
2024-01-31 18:43 ` Dan Carpenter
2024-01-31 18:57 ` Kent Overstreet
2024-02-01 10:00 ` Dan Carpenter
2024-02-01 10:45 ` Kent Overstreet
2024-02-20 11:39 ` Dan Carpenter
2024-02-20 21:26 ` Kent Overstreet
2024-02-21 6:01 ` Dan Carpenter
2024-02-22 0:02 ` Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0c35596b-a280-40df-946c-c50574c3ce26@moroto.mountain \
--to=dan.carpenter@linaro.org \
--cc=kent.overstreet@gmail.com \
--cc=linux-bcachefs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).