All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] lib: test_meminit: fix -Wmaybe-uninitialized false positive
@ 2019-06-17 13:11 Arnd Bergmann
  2019-06-17 14:22 ` Alexander Potapenko
  0 siblings, 1 reply; 2+ messages in thread
From: Arnd Bergmann @ 2019-06-17 13:11 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Arnd Bergmann, Alexander Potapenko, Kees Cook, Christoph Lameter,
	Nick Desaulniers, Kostya Serebryany, Dmitry Vyukov,
	Sandeep Patil, Laura Abbott, Jann Horn, Marco Elver,
	Stephen Rothwell, linux-kernel

The conditional logic is too complicated for the compiler to
fully comprehend:

lib/test_meminit.c: In function 'test_meminit_init':
lib/test_meminit.c:236:5: error: 'buf_copy' may be used uninitialized in this function [-Werror=maybe-uninitialized]
     kfree(buf_copy);
     ^~~~~~~~~~~~~~~
lib/test_meminit.c:201:14: note: 'buf_copy' was declared here

Simplify it by splitting out the non-rcu section.

Fixes: af734ee6ec85 ("lib: introduce test_meminit module")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 lib/test_meminit.c | 50 ++++++++++++++++++++++++----------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/lib/test_meminit.c b/lib/test_meminit.c
index ed7efec1387b..7ae2183ff1f4 100644
--- a/lib/test_meminit.c
+++ b/lib/test_meminit.c
@@ -208,35 +208,37 @@ static int __init do_kmem_cache_size(size_t size, bool want_ctor,
 		/* Check that buf is zeroed, if it must be. */
 		fail = check_buf(buf, size, want_ctor, want_rcu, want_zero);
 		fill_with_garbage_skip(buf, size, want_ctor ? CTOR_BYTES : 0);
+
+		if (!want_rcu) {
+			kmem_cache_free(c, buf);
+			continue;
+		}
+
 		/*
 		 * If this is an RCU cache, use a critical section to ensure we
 		 * can touch objects after they're freed.
 		 */
-		if (want_rcu) {
-			rcu_read_lock();
-			/*
-			 * Copy the buffer to check that it's not wiped on
-			 * free().
-			 */
-			buf_copy = kmalloc(size, GFP_KERNEL);
-			if (buf_copy)
-				memcpy(buf_copy, buf, size);
-		}
-		kmem_cache_free(c, buf);
-		if (want_rcu) {
-			/*
-			 * Check that |buf| is intact after kmem_cache_free().
-			 * |want_zero| is false, because we wrote garbage to
-			 * the buffer already.
-			 */
-			fail |= check_buf(buf, size, want_ctor, want_rcu,
-					  false);
-			if (buf_copy) {
-				fail |= (bool)memcmp(buf, buf_copy, size);
-				kfree(buf_copy);
-			}
-			rcu_read_unlock();
+		rcu_read_lock();
+		/*
+		 * Copy the buffer to check that it's not wiped on
+		 * free().
+		 */
+		buf_copy = kmalloc(size, GFP_KERNEL);
+		if (buf_copy)
+			memcpy(buf_copy, buf, size);
+
+		/*
+		 * Check that |buf| is intact after kmem_cache_free().
+		 * |want_zero| is false, because we wrote garbage to
+		 * the buffer already.
+		 */
+		fail |= check_buf(buf, size, want_ctor, want_rcu,
+				  false);
+		if (buf_copy) {
+			fail |= (bool)memcmp(buf, buf_copy, size);
+			kfree(buf_copy);
 		}
+		rcu_read_unlock();
 	}
 	kmem_cache_destroy(c);
 
-- 
2.20.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] lib: test_meminit: fix -Wmaybe-uninitialized false positive
  2019-06-17 13:11 [PATCH] lib: test_meminit: fix -Wmaybe-uninitialized false positive Arnd Bergmann
@ 2019-06-17 14:22 ` Alexander Potapenko
  0 siblings, 0 replies; 2+ messages in thread
From: Alexander Potapenko @ 2019-06-17 14:22 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Andrew Morton, Kees Cook, Christoph Lameter, Nick Desaulniers,
	Kostya Serebryany, Dmitry Vyukov, Sandeep Patil, Laura Abbott,
	Jann Horn, Marco Elver, Stephen Rothwell, LKML

On Mon, Jun 17, 2019 at 3:12 PM Arnd Bergmann <arnd@arndb.de> wrote:
>
> The conditional logic is too complicated for the compiler to
> fully comprehend:
>
> lib/test_meminit.c: In function 'test_meminit_init':
> lib/test_meminit.c:236:5: error: 'buf_copy' may be used uninitialized in this function [-Werror=maybe-uninitialized]
>      kfree(buf_copy);
>      ^~~~~~~~~~~~~~~
> lib/test_meminit.c:201:14: note: 'buf_copy' was declared here
>
> Simplify it by splitting out the non-rcu section.
>
> Fixes: af734ee6ec85 ("lib: introduce test_meminit module")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Alexander Potapenko <glider@google.com>
> ---
>  lib/test_meminit.c | 50 ++++++++++++++++++++++++----------------------
>  1 file changed, 26 insertions(+), 24 deletions(-)
>
> diff --git a/lib/test_meminit.c b/lib/test_meminit.c
> index ed7efec1387b..7ae2183ff1f4 100644
> --- a/lib/test_meminit.c
> +++ b/lib/test_meminit.c
> @@ -208,35 +208,37 @@ static int __init do_kmem_cache_size(size_t size, bool want_ctor,
>                 /* Check that buf is zeroed, if it must be. */
>                 fail = check_buf(buf, size, want_ctor, want_rcu, want_zero);
>                 fill_with_garbage_skip(buf, size, want_ctor ? CTOR_BYTES : 0);
> +
> +               if (!want_rcu) {
> +                       kmem_cache_free(c, buf);
> +                       continue;
> +               }
> +
>                 /*
>                  * If this is an RCU cache, use a critical section to ensure we
>                  * can touch objects after they're freed.
>                  */
> -               if (want_rcu) {
> -                       rcu_read_lock();
> -                       /*
> -                        * Copy the buffer to check that it's not wiped on
> -                        * free().
> -                        */
> -                       buf_copy = kmalloc(size, GFP_KERNEL);
> -                       if (buf_copy)
> -                               memcpy(buf_copy, buf, size);
> -               }
> -               kmem_cache_free(c, buf);
> -               if (want_rcu) {
> -                       /*
> -                        * Check that |buf| is intact after kmem_cache_free().
> -                        * |want_zero| is false, because we wrote garbage to
> -                        * the buffer already.
> -                        */
> -                       fail |= check_buf(buf, size, want_ctor, want_rcu,
> -                                         false);
> -                       if (buf_copy) {
> -                               fail |= (bool)memcmp(buf, buf_copy, size);
> -                               kfree(buf_copy);
> -                       }
> -                       rcu_read_unlock();
> +               rcu_read_lock();
> +               /*
> +                * Copy the buffer to check that it's not wiped on
> +                * free().
> +                */
> +               buf_copy = kmalloc(size, GFP_KERNEL);
> +               if (buf_copy)
> +                       memcpy(buf_copy, buf, size);
> +
> +               /*
> +                * Check that |buf| is intact after kmem_cache_free().
> +                * |want_zero| is false, because we wrote garbage to
> +                * the buffer already.
> +                */
> +               fail |= check_buf(buf, size, want_ctor, want_rcu,
> +                                 false);
> +               if (buf_copy) {
> +                       fail |= (bool)memcmp(buf, buf_copy, size);
> +                       kfree(buf_copy);
>                 }
> +               rcu_read_unlock();
>         }
>         kmem_cache_destroy(c);
>
> --
> 2.20.0
>


-- 
Alexander Potapenko
Software Engineer

Google Germany GmbH
Erika-Mann-Straße, 33
80636 München

Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-06-17 14:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-17 13:11 [PATCH] lib: test_meminit: fix -Wmaybe-uninitialized false positive Arnd Bergmann
2019-06-17 14:22 ` Alexander Potapenko

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.