From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CDC21C433F5
	for <linux-mm@archiver.kernel.org>; Wed,  9 Mar 2022 17:32:24 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 038AC8D0002; Wed,  9 Mar 2022 12:32:24 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id F04838D0001; Wed,  9 Mar 2022 12:32:23 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id DA4A78D0002; Wed,  9 Mar 2022 12:32:23 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.25])
	by kanga.kvack.org (Postfix) with ESMTP id C8D2E8D0001
	for <linux-mm@kvack.org>; Wed,  9 Mar 2022 12:32:23 -0500 (EST)
Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 981542188F
	for <linux-mm@kvack.org>; Wed,  9 Mar 2022 17:32:23 +0000 (UTC)
X-FDA: 79225541766.09.2DA222E
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
	by imf08.hostedemail.com (Postfix) with ESMTP id 76DAB16000A
	for <linux-mm@kvack.org>; Wed,  9 Mar 2022 17:32:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1646847142; x=1678383142;
  h=date:from:to:cc:subject:message-id:mime-version;
  bh=DtvQSeTpIxKqcjh7oj+ku1gH9C523u3iMx1Ir8Alk0g=;
  b=LG/FRsbpqGjiQ5DNmtaop0qS8B0+rh2boiWld4i+AvW0xH/3pzcXIdan
   SaEMo0ke4g4nPbPHu3llk8xc6I/a1vTnGGGUuxDO/BANZttF+1/ty0foZ
   GY81cH0whn9sw5gmS8XgLeW9q1+RIrQMKxQzLo3RluImznP/dLdvTR3Zv
   eHgiG66ELKW2w/F+8C1xsf5TwsjCe//4+q1jTX1McRv9/VRVPjEAqIToD
   vj7dSSrmbb+FzRGkb6WJFy3MREGl4wmTo8/TdNZqeHzg3Lmq2GZWYHV+b
   ZJEXqfqJ0fdu96GdJzJlWHrNTxbylTr3BmVspmkGguzTcPJeyEby/NeMs
   w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10281"; a="255229922"
X-IronPort-AV: E=Sophos;i="5.90,167,1643702400"; 
   d="scan'208";a="255229922"
Received: from orsmga006.jf.intel.com ([10.7.209.51])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Mar 2022 09:32:21 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,167,1643702400"; 
   d="scan'208";a="513611229"
Received: from lkp-server02.sh.intel.com (HELO 89b41b6ae01c) ([10.239.97.151])
  by orsmga006.jf.intel.com with ESMTP; 09 Mar 2022 09:32:19 -0800
Received: from kbuild by 89b41b6ae01c with local (Exim 4.92)
	(envelope-from <lkp@intel.com>)
	id 1nS0Ad-0003cp-1q; Wed, 09 Mar 2022 17:32:19 +0000
Date: Thu, 10 Mar 2022 01:31:54 +0800
From: kernel test robot <lkp@intel.com>
To: Jens Axboe <axboe@kernel.dk>
Cc: kbuild-all@lists.01.org,
	Linux Memory Management List <linux-mm@kvack.org>
Subject: [linux-next:master 10012/11713] fs/io_uring.c:10332
 __do_sys_io_uring_enter() warn: unsigned 'fd' is never less than zero.
Message-ID: <202203100127.ch6HRrXo-lkp@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 76DAB16000A
X-Stat-Signature: b4xezoyxsdzq6qatisauw3i9js3cbpof
Authentication-Results: imf08.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b="LG/FRsbp";
	spf=none (imf08.hostedemail.com: domain of lkp@intel.com has no SPF policy when checking 192.55.52.115) smtp.mailfrom=lkp@intel.com;
	dmarc=pass (policy=none) header.from=intel.com
X-HE-Tag: 1646847142-918479
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   4e7a74a6856f8613dab9794da4b5cfb8fd54fb8c
commit: 8061ecdca6112c8b5c0e6f0e2268fc64acacebb9 [10012/11713] io_uring: add support for registering ring file descriptors
config: i386-randconfig-m031-20220307 (https://download.01.org/0day-ci/archive/20220310/202203100127.ch6HRrXo-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

New smatch warnings:
fs/io_uring.c:10332 __do_sys_io_uring_enter() warn: unsigned 'fd' is never less than zero.
fs/io_uring.c:10337 __do_sys_io_uring_enter() warn: potential spectre issue 'tctx->registered_rings' [r] (local cap)
fs/io_uring.c:10338 __do_sys_io_uring_enter() warn: possible spectre second half.  'f.file'
fs/io_uring.c:10332 __do_sys_io_uring_enter() warn: unsigned 'fd' is never less than zero.
fs/io_uring.c:10337 __do_sys_io_uring_enter() warn: potential spectre issue 'tctx->registered_rings' [r] (local cap)
fs/io_uring.c:10338 __do_sys_io_uring_enter() warn: possible spectre second half.  'f.file'

Old smatch warnings:
fs/io_uring.c:5284 io_recv() error: uninitialized symbol 'flags'.
fs/io_uring.c:6140 io_timeout_cancel() warn: passing a valid pointer to 'PTR_ERR'
fs/io_uring.c:6197 io_timeout_update() warn: passing a valid pointer to 'PTR_ERR'
fs/io_uring.c:8468 io_sqe_files_register() error: we previously assumed 'ctx->file_data' could be null (see line 8440)
fs/io_uring.c:10347 __do_sys_io_uring_enter() warn: possible spectre second half.  'f.file'
fs/io_uring.c:10347 __do_sys_io_uring_enter() warn: possible spectre second half.  'f.file'

vim +/fd +10332 fs/io_uring.c

 10305	
 10306	SYSCALL_DEFINE6(io_uring_enter, unsigned int, fd, u32, to_submit,
 10307			u32, min_complete, u32, flags, const void __user *, argp,
 10308			size_t, argsz)
 10309	{
 10310		struct io_ring_ctx *ctx;
 10311		int submitted = 0;
 10312		struct fd f;
 10313		long ret;
 10314	
 10315		io_run_task_work();
 10316	
 10317		if (unlikely(flags & ~(IORING_ENTER_GETEVENTS | IORING_ENTER_SQ_WAKEUP |
 10318				       IORING_ENTER_SQ_WAIT | IORING_ENTER_EXT_ARG |
 10319				       IORING_ENTER_REGISTERED_RING)))
 10320			return -EINVAL;
 10321	
 10322		/*
 10323		 * Ring fd has been registered via IORING_REGISTER_RING_FDS, we
 10324		 * need only dereference our task private array to find it.
 10325		 */
 10326		if (flags & IORING_ENTER_REGISTERED_RING) {
 10327			struct io_uring_task *tctx = current->io_uring;
 10328	
 10329			if (!tctx)
 10330				return -EINVAL;
 10331			if (fd != tctx->last_reg_fd) {
 10332				if (fd < 0 || fd >= IO_RINGFD_REG_MAX || !tctx)
 10333					return -EINVAL;
 10334				tctx->last_reg_fd = array_index_nospec(fd,
 10335								IO_RINGFD_REG_MAX);
 10336			}
 10337			f.file = tctx->registered_rings[tctx->last_reg_fd];
 10338			if (unlikely(!f.file))
 10339				return -EBADF;
 10340		} else {
 10341			f = fdget(fd);
 10342			if (unlikely(!f.file))
 10343				return -EBADF;
 10344		}
 10345	
 10346		ret = -EOPNOTSUPP;
 10347		if (unlikely(f.file->f_op != &io_uring_fops))
 10348			goto out_fput;
 10349	
 10350		ret = -ENXIO;
 10351		ctx = f.file->private_data;
 10352		if (unlikely(!percpu_ref_tryget(&ctx->refs)))
 10353			goto out_fput;
 10354	
 10355		ret = -EBADFD;
 10356		if (unlikely(ctx->flags & IORING_SETUP_R_DISABLED))
 10357			goto out;
 10358	
 10359		/*
 10360		 * For SQ polling, the thread will do all submissions and completions.
 10361		 * Just return the requested submit count, and wake the thread if
 10362		 * we were asked to.
 10363		 */
 10364		ret = 0;
 10365		if (ctx->flags & IORING_SETUP_SQPOLL) {
 10366			io_cqring_overflow_flush(ctx);
 10367	
 10368			if (unlikely(ctx->sq_data->thread == NULL)) {
 10369				ret = -EOWNERDEAD;
 10370				goto out;
 10371			}
 10372			if (flags & IORING_ENTER_SQ_WAKEUP)
 10373				wake_up(&ctx->sq_data->wait);
 10374			if (flags & IORING_ENTER_SQ_WAIT) {
 10375				ret = io_sqpoll_wait_sq(ctx);
 10376				if (ret)
 10377					goto out;
 10378			}
 10379			submitted = to_submit;
 10380		} else if (to_submit) {
 10381			ret = io_uring_add_tctx_node(ctx);
 10382			if (unlikely(ret))
 10383				goto out;
 10384			mutex_lock(&ctx->uring_lock);
 10385			submitted = io_submit_sqes(ctx, to_submit);
 10386			mutex_unlock(&ctx->uring_lock);
 10387	
 10388			if (submitted != to_submit)
 10389				goto out;
 10390		}
 10391		if (flags & IORING_ENTER_GETEVENTS) {
 10392			const sigset_t __user *sig;
 10393			struct __kernel_timespec __user *ts;
 10394	
 10395			ret = io_get_ext_arg(flags, argp, &argsz, &ts, &sig);
 10396			if (unlikely(ret))
 10397				goto out;
 10398	
 10399			min_complete = min(min_complete, ctx->cq_entries);
 10400	
 10401			/*
 10402			 * When SETUP_IOPOLL and SETUP_SQPOLL are both enabled, user
 10403			 * space applications don't need to do io completion events
 10404			 * polling again, they can rely on io_sq_thread to do polling
 10405			 * work, which can reduce cpu usage and uring_lock contention.
 10406			 */
 10407			if (ctx->flags & IORING_SETUP_IOPOLL &&
 10408			    !(ctx->flags & IORING_SETUP_SQPOLL)) {
 10409				ret = io_iopoll_check(ctx, min_complete);
 10410			} else {
 10411				ret = io_cqring_wait(ctx, min_complete, sig, argsz, ts);
 10412			}
 10413		}
 10414	
 10415	out:
 10416		percpu_ref_put(&ctx->refs);
 10417	out_fput:
 10418		if (!(flags & IORING_ENTER_REGISTERED_RING))
 10419			fdput(f);
 10420		return submitted ? submitted : ret;
 10421	}
 10422	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org