* [PATCH] lib: test_meminit: fix -Wmaybe-uninitialized false positive
@ 2019-06-17 13:11 Arnd Bergmann
2019-06-17 14:22 ` Alexander Potapenko
0 siblings, 1 reply; 2+ messages in thread
From: Arnd Bergmann @ 2019-06-17 13:11 UTC (permalink / raw)
To: Andrew Morton
Cc: Arnd Bergmann, Alexander Potapenko, Kees Cook, Christoph Lameter,
Nick Desaulniers, Kostya Serebryany, Dmitry Vyukov,
Sandeep Patil, Laura Abbott, Jann Horn, Marco Elver,
Stephen Rothwell, linux-kernel
The conditional logic is too complicated for the compiler to
fully comprehend:
lib/test_meminit.c: In function 'test_meminit_init':
lib/test_meminit.c:236:5: error: 'buf_copy' may be used uninitialized in this function [-Werror=maybe-uninitialized]
kfree(buf_copy);
^~~~~~~~~~~~~~~
lib/test_meminit.c:201:14: note: 'buf_copy' was declared here
Simplify it by splitting out the non-rcu section.
Fixes: af734ee6ec85 ("lib: introduce test_meminit module")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
lib/test_meminit.c | 50 ++++++++++++++++++++++++----------------------
1 file changed, 26 insertions(+), 24 deletions(-)
diff --git a/lib/test_meminit.c b/lib/test_meminit.c
index ed7efec1387b..7ae2183ff1f4 100644
--- a/lib/test_meminit.c
+++ b/lib/test_meminit.c
@@ -208,35 +208,37 @@ static int __init do_kmem_cache_size(size_t size, bool want_ctor,
/* Check that buf is zeroed, if it must be. */
fail = check_buf(buf, size, want_ctor, want_rcu, want_zero);
fill_with_garbage_skip(buf, size, want_ctor ? CTOR_BYTES : 0);
+
+ if (!want_rcu) {
+ kmem_cache_free(c, buf);
+ continue;
+ }
+
/*
* If this is an RCU cache, use a critical section to ensure we
* can touch objects after they're freed.
*/
- if (want_rcu) {
- rcu_read_lock();
- /*
- * Copy the buffer to check that it's not wiped on
- * free().
- */
- buf_copy = kmalloc(size, GFP_KERNEL);
- if (buf_copy)
- memcpy(buf_copy, buf, size);
- }
- kmem_cache_free(c, buf);
- if (want_rcu) {
- /*
- * Check that |buf| is intact after kmem_cache_free().
- * |want_zero| is false, because we wrote garbage to
- * the buffer already.
- */
- fail |= check_buf(buf, size, want_ctor, want_rcu,
- false);
- if (buf_copy) {
- fail |= (bool)memcmp(buf, buf_copy, size);
- kfree(buf_copy);
- }
- rcu_read_unlock();
+ rcu_read_lock();
+ /*
+ * Copy the buffer to check that it's not wiped on
+ * free().
+ */
+ buf_copy = kmalloc(size, GFP_KERNEL);
+ if (buf_copy)
+ memcpy(buf_copy, buf, size);
+
+ /*
+ * Check that |buf| is intact after kmem_cache_free().
+ * |want_zero| is false, because we wrote garbage to
+ * the buffer already.
+ */
+ fail |= check_buf(buf, size, want_ctor, want_rcu,
+ false);
+ if (buf_copy) {
+ fail |= (bool)memcmp(buf, buf_copy, size);
+ kfree(buf_copy);
}
+ rcu_read_unlock();
}
kmem_cache_destroy(c);
--
2.20.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] lib: test_meminit: fix -Wmaybe-uninitialized false positive
2019-06-17 13:11 [PATCH] lib: test_meminit: fix -Wmaybe-uninitialized false positive Arnd Bergmann
@ 2019-06-17 14:22 ` Alexander Potapenko
0 siblings, 0 replies; 2+ messages in thread
From: Alexander Potapenko @ 2019-06-17 14:22 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Andrew Morton, Kees Cook, Christoph Lameter, Nick Desaulniers,
Kostya Serebryany, Dmitry Vyukov, Sandeep Patil, Laura Abbott,
Jann Horn, Marco Elver, Stephen Rothwell, LKML
On Mon, Jun 17, 2019 at 3:12 PM Arnd Bergmann <arnd@arndb.de> wrote:
>
> The conditional logic is too complicated for the compiler to
> fully comprehend:
>
> lib/test_meminit.c: In function 'test_meminit_init':
> lib/test_meminit.c:236:5: error: 'buf_copy' may be used uninitialized in this function [-Werror=maybe-uninitialized]
> kfree(buf_copy);
> ^~~~~~~~~~~~~~~
> lib/test_meminit.c:201:14: note: 'buf_copy' was declared here
>
> Simplify it by splitting out the non-rcu section.
>
> Fixes: af734ee6ec85 ("lib: introduce test_meminit module")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Alexander Potapenko <glider@google.com>
> ---
> lib/test_meminit.c | 50 ++++++++++++++++++++++++----------------------
> 1 file changed, 26 insertions(+), 24 deletions(-)
>
> diff --git a/lib/test_meminit.c b/lib/test_meminit.c
> index ed7efec1387b..7ae2183ff1f4 100644
> --- a/lib/test_meminit.c
> +++ b/lib/test_meminit.c
> @@ -208,35 +208,37 @@ static int __init do_kmem_cache_size(size_t size, bool want_ctor,
> /* Check that buf is zeroed, if it must be. */
> fail = check_buf(buf, size, want_ctor, want_rcu, want_zero);
> fill_with_garbage_skip(buf, size, want_ctor ? CTOR_BYTES : 0);
> +
> + if (!want_rcu) {
> + kmem_cache_free(c, buf);
> + continue;
> + }
> +
> /*
> * If this is an RCU cache, use a critical section to ensure we
> * can touch objects after they're freed.
> */
> - if (want_rcu) {
> - rcu_read_lock();
> - /*
> - * Copy the buffer to check that it's not wiped on
> - * free().
> - */
> - buf_copy = kmalloc(size, GFP_KERNEL);
> - if (buf_copy)
> - memcpy(buf_copy, buf, size);
> - }
> - kmem_cache_free(c, buf);
> - if (want_rcu) {
> - /*
> - * Check that |buf| is intact after kmem_cache_free().
> - * |want_zero| is false, because we wrote garbage to
> - * the buffer already.
> - */
> - fail |= check_buf(buf, size, want_ctor, want_rcu,
> - false);
> - if (buf_copy) {
> - fail |= (bool)memcmp(buf, buf_copy, size);
> - kfree(buf_copy);
> - }
> - rcu_read_unlock();
> + rcu_read_lock();
> + /*
> + * Copy the buffer to check that it's not wiped on
> + * free().
> + */
> + buf_copy = kmalloc(size, GFP_KERNEL);
> + if (buf_copy)
> + memcpy(buf_copy, buf, size);
> +
> + /*
> + * Check that |buf| is intact after kmem_cache_free().
> + * |want_zero| is false, because we wrote garbage to
> + * the buffer already.
> + */
> + fail |= check_buf(buf, size, want_ctor, want_rcu,
> + false);
> + if (buf_copy) {
> + fail |= (bool)memcmp(buf, buf_copy, size);
> + kfree(buf_copy);
> }
> + rcu_read_unlock();
> }
> kmem_cache_destroy(c);
>
> --
> 2.20.0
>
--
Alexander Potapenko
Software Engineer
Google Germany GmbH
Erika-Mann-Straße, 33
80636 München
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-06-17 14:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-17 13:11 [PATCH] lib: test_meminit: fix -Wmaybe-uninitialized false positive Arnd Bergmann
2019-06-17 14:22 ` Alexander Potapenko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.