Hi Greg,
On 24/10/22 5:04 pm, Greg Kroah-Hartman wrote:
From: Pavel Begunkov asml.silence@gmail.com
[ upstream commit 62bb0647b14646fa6c9aa25ecdf67ad18f13523c ]
This commit 62bb0647b14646fa6c9aa25ecdf67ad18f13523 also changes second argument from unsigned to long.
Kernel test robot reports that we test negativity of an unsigned in io_fixup_rw_res() after a recent change, which masks error codes and messes up the return value in case I/O is re-retried and failed with an error.
Fixes: 4d9cb92ca41dd ("io_uring/rw: fix short rw error handling") Reported-by: kernel test robot lkp@intel.com Signed-off-by: Pavel Begunkov asml.silence@gmail.com Link: https://lore.kernel.org/r/9754a0970af1861e7865f9014f735c70dc60bf79.166307158... Signed-off-by: Jens Axboe axboe@kernel.dk Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
fs/io_uring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -2701,7 +2701,7 @@ static bool __io_complete_rw_common(stru return false; } -static inline unsigned io_fixup_rw_res(struct io_kiocb *req, unsigned res) +static inline int io_fixup_rw_res(struct io_kiocb *req, unsigned res) {
I think the res should be of type 'long'. I noticed this when I ran smatch on 5.10.y io_uring backport from 5.15.y patch.
Smatch warning: io_fixup_rw_res() warn: unsigned 'res' is never less than zero.
static inline int io_fixup_rw_res(struct io_kiocb *req, unsigned res) { struct io_async_rw *io = req->async_data;
/* add previously done IO, if any */ if (io && io->bytes_done > 0) { if (res < 0) //// unsigned comparison with zero. res = io->bytes_done; else res += io->bytes_done; } return res; }
We don't have upstream commit to backport in this case. Should we fix this with no-upstream reference commit?
Thanks, Harshit
struct io_async_rw *io = req->async_data;