Thread (2 messages) 2 messages, 2 authors, 2023-02-13

[bug report] NFS: Simplify struct nfs_cache_array_entry

From: Dan Carpenter <hidden>
Date: 2023-02-01 12:33:15

Hello Trond Myklebust,

The patch a52a8a6adad9: "NFS: Simplify struct nfs_cache_array_entry"
from Nov 1, 2020, leads to the following Smatch static checker
warning:

	fs/nfs/dir.c:226 nfs_readdir_clear_array()
	warn: uncapped user loop index 'i'

fs/nfs/dir.c
    219 static void nfs_readdir_clear_array(struct page *page)
    220 {
    221         struct nfs_cache_array *array;
    222         unsigned int i;
    223 
    224         array = kmap_atomic(page);
    225         for (i = 0; i < array->size; i++)
--> 226                 kfree(array->array[i].name);

I guess I don't really understand how kmap() works.  I thought it was
for mapping userspace memory into kernel space.  So Smatch marks "array"
as untrusted user controlled data.

How should smatch treat kmap()?

    227         array->size = 0;
    228         kunmap_atomic(array);
    229 }

regards,
dan carpenter
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help