From: Nathan Chancellor <natechancellor@gmail.com>
To: Qian Cai <cai@lca.pw>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Hugh Dickins <hughd@google.com>,
"Darrick J. Wong" <darrick.wong@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>,
Matej Kupljen <matej.kupljen@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Dan Carpenter <dan.carpenter@oracle.com>,
Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
Nick Desaulniers <ndesaulniers@google.com>
Subject: Re: [PATCH] tmpfs: fix uninitialized return value in shmem_link
Date: Thu, 28 Feb 2019 01:56:41 -0700 [thread overview]
Message-ID: <20190228085641.GA7991@archlinux-ryzen> (raw)
In-Reply-To: <1551276580.7087.1.camel@lca.pw>
On Wed, Feb 27, 2019 at 09:09:40AM -0500, Qian Cai wrote:
> On Mon, 2019-02-25 at 16:07 -0800, Linus Torvalds wrote:
> > On Mon, Feb 25, 2019 at 4:03 PM Qian Cai <cai@lca.pw> wrote:
> > > >
> > > > Of course, that's just gcc. I have no idea what llvm ends up doing.
> > >
> > > Clang 7.0:
> > >
> > > # clang -O2 -S -Wall /tmp/test.c
> > > /tmp/test.c:46:6: warning: variable 'ret' is used uninitialized whenever
> > > 'if'
> > > condition is false [-Wsometimes-uninitialized]
> >
> > Ok, good.
> >
> > Do we have any clang builds in any of the zero-day robot
> > infrastructure or something? Should we?
> >
> > And maybe this was how Dan noticed the problem in the first place? Or
> > is it just because of his eagle-eyes?
> >
>
> BTW, even clang is able to generate warnings in your sample code, it does not
> generate any warnings when compiling the buggy shmem.o via "make CC=clang". Here
Unfortunately, scripts/Kbuild.extrawarn disables -Wuninitialized for
Clang, which also disables -Wsometimes-uninitialized:
https://github.com/ClangBuiltLinux/linux/issues/381
https://clang.llvm.org/docs/DiagnosticsReference.html#wuninitialized
I'm going to be sending out patches to fix the warnings found with it
then enable it going forward so that things like this get caught.
Nathan
> is the objdump for arm64 (with KASAN_SW_TAGS inline).
>
> 000000000000effc <shmem_link>:
> {
> effc: f81c0ff7 str x23, [sp, #-64]!
> f000: a90157f6 stp x22, x21, [sp, #16]
> f004: a9024ff4 stp x20, x19, [sp, #32]
> f008: a9037bfd stp x29, x30, [sp, #48]
> f00c: 9100c3fd add x29, sp, #0x30
> f010: aa0203f3 mov x19, x2
> f014: aa0103f5 mov x21, x1
> f018: aa0003f4 mov x20, x0
> f01c: 94000000 bl 0 <_mcount>
> f020: 91016280 add x0, x20, #0x58
> f024: d2c20017 mov x23, #0x100000000000 //
> #17592186044416
> f028: b2481c08 orr x8, x0, #0xff00000000000000
> f02c: f2fdfff7 movk x23, #0xefff, lsl #48
> f030: d344fd08 lsr x8, x8, #4
> f034: 38776909 ldrb w9, [x8, x23]
> f038: 940017d5 bl 14f8c <OUTLINED_FUNCTION_11>
> f03c: 54000060 b.eq f048 <shmem_link+0x4c> // b.none
> f040: 7103fd1f cmp w8, #0xff
> f044: 54000981 b.ne f174 <shmem_link+0x178> // b.any
> f048: f9400014 ldr x20, [x0]
> if (inode->i_nlink) {
> f04c: 91010280 add x0, x20, #0x40
> f050: b2481c08 orr x8, x0, #0xff00000000000000
> f054: d344fd08 lsr x8, x8, #4
> f058: 38776909 ldrb w9, [x8, x23]
> f05c: 940017cc bl 14f8c <OUTLINED_FUNCTION_11>
> f060: 54000060 b.eq f06c <shmem_link+0x70> // b.none
> f064: 7103fd1f cmp w8, #0xff
> f068: 540008a1 b.ne f17c <shmem_link+0x180> // b.any
> f06c: b9400008 ldr w8, [x0]
> f070: 34000148 cbz w8, f098 <shmem_link+0x9c>
> f074: 940018fd bl 15468 <OUTLINED_FUNCTION_1124>
> ret = shmem_reserve_inode(inode->i_sb);
> f078: 38776909 ldrb w9, [x8, x23]
> f07c: 940017c4 bl 14f8c <OUTLINED_FUNCTION_11>
> f080: 54000060 b.eq f08c <shmem_link+0x90> // b.none
> f084: 7103fd1f cmp w8, #0xff
> f088: 540007e1 b.ne f184 <shmem_link+0x188> // b.any
> f08c: f9400000 ldr x0, [x0]
> f090: 97fffcf6 bl e468 <shmem_reserve_inode>
> if (ret)
> f094: 35000660 cbnz w0, f160 <shmem_link+0x164>
> dir->i_size += BOGO_DIRENT_SIZE;
> f098: 910122a0 add x0, x21, #0x48
> f09c: b2481c08 orr x8, x0, #0xff00000000000000
> f0a0: d344fd09 lsr x9, x8, #4
> f0a4: 3877692a ldrb w10, [x9, x23]
> f0a8: 94001828 bl 15148 <OUTLINED_FUNCTION_193>
> f0ac: 54000060 b.eq f0b8 <shmem_link+0xbc> // b.none
> f0b0: 7103fd1f cmp w8, #0xff
> f0b4: 540006c1 b.ne f18c <shmem_link+0x190> // b.any
> f0b8: 38776929 ldrb w9, [x9, x23]
> f0bc: 94001a4a bl 159e4 <OUTLINED_FUNCTION_1131>
> f0c0: 54000060 b.eq f0cc <shmem_link+0xd0> // b.none
> f0c4: 7103fd1f cmp w8, #0xff
> f0c8: 54000661 b.ne f194 <shmem_link+0x198> // b.any
> f0cc: f9000009 str x9, [x0]
> inode->i_ctime = dir->i_ctime = dir->i_mtime = current_time(inode);
> f0d0: aa1403e0 mov x0, x20
> f0d4: 910182b6 add x22, x21, #0x60
> f0d8: 94000000 bl 0 <current_time>
> f0dc: b2481ec9 orr x9, x22, #0xff00000000000000
> f0e0: d344fd29 lsr x9, x9, #4
>
prev parent reply other threads:[~2019-02-28 8:56 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-21 22:21 [PATCH] tmpfs: fix uninitialized return value in shmem_link Darrick J. Wong
2019-02-21 23:05 ` Hugh Dickins
2019-02-23 6:35 ` Hugh Dickins
2019-02-25 19:53 ` Linus Torvalds
2019-02-25 20:34 ` Hugh Dickins
2019-02-25 22:34 ` Linus Torvalds
2019-02-25 23:58 ` Linus Torvalds
2019-02-26 0:03 ` Qian Cai
2019-02-26 0:07 ` Linus Torvalds
2019-02-26 0:29 ` Darrick J. Wong
2019-02-27 14:09 ` Qian Cai
2019-02-27 20:12 ` Qian Cai
2019-02-28 8:56 ` Nathan Chancellor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190228085641.GA7991@archlinux-ryzen \
--to=natechancellor@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=cai@lca.pw \
--cc=dan.carpenter@oracle.com \
--cc=darrick.wong@oracle.com \
--cc=hughd@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=matej.kupljen@gmail.com \
--cc=ndesaulniers@google.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).