All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] livepatch: Reorder to use before freeing a pointer
@ 2022-03-20  1:51 trix
  2022-03-21 13:24 ` Petr Mladek
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: trix @ 2022-03-20  1:51 UTC (permalink / raw)
  To: jpoimboe, jikos, mbenes, pmladek, joe.lawrence, nathan, ndesaulniers
  Cc: live-patching, linux-kernel, llvm, Tom Rix

From: Tom Rix <trix@redhat.com>

Clang static analysis reports this issue
livepatch-shadow-fix1.c:113:2: warning: Use of
  memory after it is freed
  pr_info("%s: dummy @ %p, prevented leak @ %p\n",
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The pointer is freed in the previous statement.
Reorder the pr_info to report before the free.

Similar issue in livepatch-shadow-fix2.c

Signed-off-by: Tom Rix <trix@redhat.com>
---
v2: Fix similar issue in livepatch-shadow-fix2.c

 samples/livepatch/livepatch-shadow-fix1.c | 2 +-
 samples/livepatch/livepatch-shadow-fix2.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
index 918ce17b43fda..6701641bf12d4 100644
--- a/samples/livepatch/livepatch-shadow-fix1.c
+++ b/samples/livepatch/livepatch-shadow-fix1.c
@@ -109,9 +109,9 @@ static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)
 	void *d = obj;
 	int **shadow_leak = shadow_data;
 
-	kfree(*shadow_leak);
 	pr_info("%s: dummy @ %p, prevented leak @ %p\n",
 			 __func__, d, *shadow_leak);
+	kfree(*shadow_leak);
 }
 
 static void livepatch_fix1_dummy_free(struct dummy *d)
diff --git a/samples/livepatch/livepatch-shadow-fix2.c b/samples/livepatch/livepatch-shadow-fix2.c
index 29fe5cd420472..361046a4f10cf 100644
--- a/samples/livepatch/livepatch-shadow-fix2.c
+++ b/samples/livepatch/livepatch-shadow-fix2.c
@@ -61,9 +61,9 @@ static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
 	void *d = obj;
 	int **shadow_leak = shadow_data;
 
-	kfree(*shadow_leak);
 	pr_info("%s: dummy @ %p, prevented leak @ %p\n",
 			 __func__, d, *shadow_leak);
+	kfree(*shadow_leak);
 }
 
 static void livepatch_fix2_dummy_free(struct dummy *d)
-- 
2.26.3


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] livepatch: Reorder to use before freeing a pointer
  2022-03-20  1:51 [PATCH v2] livepatch: Reorder to use before freeing a pointer trix
@ 2022-03-21 13:24 ` Petr Mladek
  2022-03-21 13:39 ` Joe Lawrence
  2022-03-23 15:53 ` Petr Mladek
  2 siblings, 0 replies; 7+ messages in thread
From: Petr Mladek @ 2022-03-21 13:24 UTC (permalink / raw)
  To: trix
  Cc: jpoimboe, jikos, mbenes, joe.lawrence, nathan, ndesaulniers,
	live-patching, linux-kernel, llvm

On Sat 2022-03-19 18:51:43, trix@redhat.com wrote:
> From: Tom Rix <trix@redhat.com>
> 
> Clang static analysis reports this issue
> livepatch-shadow-fix1.c:113:2: warning: Use of
>   memory after it is freed
>   pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> The pointer is freed in the previous statement.
> Reorder the pr_info to report before the free.
> 
> Similar issue in livepatch-shadow-fix2.c
> 
> Signed-off-by: Tom Rix <trix@redhat.com>

Strictly speaking, the freed memory is not used.
pr_info() only prints the address.

Anyway, I agree that the reordered code is cleaner.

Reviewed-by: Petr Mladek <pmladek@suse.com>

Best Regards,
Petr

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] livepatch: Reorder to use before freeing a pointer
  2022-03-20  1:51 [PATCH v2] livepatch: Reorder to use before freeing a pointer trix
  2022-03-21 13:24 ` Petr Mladek
@ 2022-03-21 13:39 ` Joe Lawrence
  2022-03-21 14:05   ` Tom Rix
  2022-03-23 15:53 ` Petr Mladek
  2 siblings, 1 reply; 7+ messages in thread
From: Joe Lawrence @ 2022-03-21 13:39 UTC (permalink / raw)
  To: trix, jpoimboe, jikos, mbenes, pmladek, nathan, ndesaulniers
  Cc: live-patching, linux-kernel, llvm

On 3/19/22 9:51 PM, trix@redhat.com wrote:
> From: Tom Rix <trix@redhat.com>
> 
> Clang static analysis reports this issue
> livepatch-shadow-fix1.c:113:2: warning: Use of
>   memory after it is freed
>   pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> The pointer is freed in the previous statement.
> Reorder the pr_info to report before the free.
> 
> Similar issue in livepatch-shadow-fix2.c
> 
> Signed-off-by: Tom Rix <trix@redhat.com>
> ---
> v2: Fix similar issue in livepatch-shadow-fix2.c
> 
>  samples/livepatch/livepatch-shadow-fix1.c | 2 +-
>  samples/livepatch/livepatch-shadow-fix2.c | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
> index 918ce17b43fda..6701641bf12d4 100644
> --- a/samples/livepatch/livepatch-shadow-fix1.c
> +++ b/samples/livepatch/livepatch-shadow-fix1.c
> @@ -109,9 +109,9 @@ static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)
>  	void *d = obj;
>  	int **shadow_leak = shadow_data;
>  
> -	kfree(*shadow_leak);
>  	pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>  			 __func__, d, *shadow_leak);
> +	kfree(*shadow_leak);
>  }
>  
>  static void livepatch_fix1_dummy_free(struct dummy *d)
> diff --git a/samples/livepatch/livepatch-shadow-fix2.c b/samples/livepatch/livepatch-shadow-fix2.c
> index 29fe5cd420472..361046a4f10cf 100644
> --- a/samples/livepatch/livepatch-shadow-fix2.c
> +++ b/samples/livepatch/livepatch-shadow-fix2.c
> @@ -61,9 +61,9 @@ static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
>  	void *d = obj;
>  	int **shadow_leak = shadow_data;
>  
> -	kfree(*shadow_leak);
>  	pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>  			 __func__, d, *shadow_leak);
> +	kfree(*shadow_leak);
>  }
>  
>  static void livepatch_fix2_dummy_free(struct dummy *d)
> 

Hi Tom,

Ordering doesn't matter for the example, so let's clean up the static
analysis.

Acked-by: Joe Lawrence <joe.lawrence@redhat.com>

But for my sanity, isn't this a false positive?  There shouldn't be harm
in printing the pointer itself, even after what it points to has been
freed, i.e.

	int *i = malloc(sizeof(*i));
	free(i);
	printf("%p\n", i);      << ok
	printf("%d\n", *i);     << NOT ok

But I suppose clang doesn't know that the passed pointer isn't getting
dereferenced by the function, so it throws up a warning?  Just curious
what your experience has been with respect to these reports.

Thanks,
-- 
Joe


^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] livepatch: Reorder to use before freeing a pointer
  2022-03-21 13:39 ` Joe Lawrence
@ 2022-03-21 14:05   ` Tom Rix
  2022-03-23  3:21     ` David Vernet
  0 siblings, 1 reply; 7+ messages in thread
From: Tom Rix @ 2022-03-21 14:05 UTC (permalink / raw)
  To: Joe Lawrence, jpoimboe, jikos, mbenes, pmladek, nathan, ndesaulniers
  Cc: live-patching, linux-kernel, llvm


On 3/21/22 6:39 AM, Joe Lawrence wrote:
> On 3/19/22 9:51 PM, trix@redhat.com wrote:
>> From: Tom Rix <trix@redhat.com>
>>
>> Clang static analysis reports this issue
>> livepatch-shadow-fix1.c:113:2: warning: Use of
>>    memory after it is freed
>>    pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>>    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> The pointer is freed in the previous statement.
>> Reorder the pr_info to report before the free.
>>
>> Similar issue in livepatch-shadow-fix2.c
>>
>> Signed-off-by: Tom Rix <trix@redhat.com>
>> ---
>> v2: Fix similar issue in livepatch-shadow-fix2.c
>>
>>   samples/livepatch/livepatch-shadow-fix1.c | 2 +-
>>   samples/livepatch/livepatch-shadow-fix2.c | 2 +-
>>   2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
>> index 918ce17b43fda..6701641bf12d4 100644
>> --- a/samples/livepatch/livepatch-shadow-fix1.c
>> +++ b/samples/livepatch/livepatch-shadow-fix1.c
>> @@ -109,9 +109,9 @@ static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)
>>   	void *d = obj;
>>   	int **shadow_leak = shadow_data;
>>   
>> -	kfree(*shadow_leak);
>>   	pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>>   			 __func__, d, *shadow_leak);
>> +	kfree(*shadow_leak);
>>   }
>>   
>>   static void livepatch_fix1_dummy_free(struct dummy *d)
>> diff --git a/samples/livepatch/livepatch-shadow-fix2.c b/samples/livepatch/livepatch-shadow-fix2.c
>> index 29fe5cd420472..361046a4f10cf 100644
>> --- a/samples/livepatch/livepatch-shadow-fix2.c
>> +++ b/samples/livepatch/livepatch-shadow-fix2.c
>> @@ -61,9 +61,9 @@ static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
>>   	void *d = obj;
>>   	int **shadow_leak = shadow_data;
>>   
>> -	kfree(*shadow_leak);
>>   	pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>>   			 __func__, d, *shadow_leak);
>> +	kfree(*shadow_leak);
>>   }
>>   
>>   static void livepatch_fix2_dummy_free(struct dummy *d)
>>
> Hi Tom,
>
> Ordering doesn't matter for the example, so let's clean up the static
> analysis.
>
> Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
>
> But for my sanity, isn't this a false positive?  There shouldn't be harm
> in printing the pointer itself, even after what it points to has been
> freed, i.e.
>
> 	int *i = malloc(sizeof(*i));
> 	free(i);
> 	printf("%p\n", i);      << ok
> 	printf("%d\n", *i);     << NOT ok
>
> But I suppose clang doesn't know that the passed pointer isn't getting
> dereferenced by the function, so it throws up a warning?  Just curious
> what your experience has been with respect to these reports.

The analysis it good for static functions, for extern functions it has 
nothing to analyze so a worst case is assumed.

I agree this is likely a false positive.

Tom

>
> Thanks,


^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] livepatch: Reorder to use before freeing a pointer
  2022-03-21 14:05   ` Tom Rix
@ 2022-03-23  3:21     ` David Vernet
  0 siblings, 0 replies; 7+ messages in thread
From: David Vernet @ 2022-03-23  3:21 UTC (permalink / raw)
  To: Tom Rix
  Cc: Joe Lawrence, jpoimboe, jikos, mbenes, pmladek, nathan,
	ndesaulniers, live-patching, linux-kernel, llvm

> > On 3/19/22 9:51 PM, trix@redhat.com wrote:
> > > From: Tom Rix <trix@redhat.com>
> > > 
> > > Clang static analysis reports this issue
> > > livepatch-shadow-fix1.c:113:2: warning: Use of
> > >    memory after it is freed
> > >    pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> > >    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > 
> > > The pointer is freed in the previous statement.
> > > Reorder the pr_info to report before the free.
> > > 
> > > Similar issue in livepatch-shadow-fix2.c
> > > 
> > > Signed-off-by: Tom Rix <trix@redhat.com>
> > > ---
> > > v2: Fix similar issue in livepatch-shadow-fix2.c
> > > 
> > >   samples/livepatch/livepatch-shadow-fix1.c | 2 +-
> > >   samples/livepatch/livepatch-shadow-fix2.c | 2 +-
> > >   2 files changed, 2 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
> > > index 918ce17b43fda..6701641bf12d4 100644
> > > --- a/samples/livepatch/livepatch-shadow-fix1.c
> > > +++ b/samples/livepatch/livepatch-shadow-fix1.c
> > > @@ -109,9 +109,9 @@ static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)
> > >   	void *d = obj;
> > >   	int **shadow_leak = shadow_data;
> > > -	kfree(*shadow_leak);
> > >   	pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> > >   			 __func__, d, *shadow_leak);
> > > +	kfree(*shadow_leak);
> > >   }
> > >   static void livepatch_fix1_dummy_free(struct dummy *d)
> > > diff --git a/samples/livepatch/livepatch-shadow-fix2.c b/samples/livepatch/livepatch-shadow-fix2.c
> > > index 29fe5cd420472..361046a4f10cf 100644
> > > --- a/samples/livepatch/livepatch-shadow-fix2.c
> > > +++ b/samples/livepatch/livepatch-shadow-fix2.c
> > > @@ -61,9 +61,9 @@ static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
> > >   	void *d = obj;
> > >   	int **shadow_leak = shadow_data;
> > > -	kfree(*shadow_leak);
> > >   	pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> > >   			 __func__, d, *shadow_leak);
> > > +	kfree(*shadow_leak);
> > >   }
> > >   static void livepatch_fix2_dummy_free(struct dummy *d)

Acked-by: David Vernet <void@manifault.com>

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] livepatch: Reorder to use before freeing a pointer
  2022-03-20  1:51 [PATCH v2] livepatch: Reorder to use before freeing a pointer trix
  2022-03-21 13:24 ` Petr Mladek
  2022-03-21 13:39 ` Joe Lawrence
@ 2022-03-23 15:53 ` Petr Mladek
  2022-03-23 16:17   ` Tom Rix
  2 siblings, 1 reply; 7+ messages in thread
From: Petr Mladek @ 2022-03-23 15:53 UTC (permalink / raw)
  To: trix
  Cc: jpoimboe, jikos, mbenes, joe.lawrence, nathan, ndesaulniers,
	live-patching, linux-kernel, llvm

On Sat 2022-03-19 18:51:43, trix@redhat.com wrote:
> From: Tom Rix <trix@redhat.com>
> 
> Clang static analysis reports this issue
> livepatch-shadow-fix1.c:113:2: warning: Use of
>   memory after it is freed
>   pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> The pointer is freed in the previous statement.
> Reorder the pr_info to report before the free.
> 
> Similar issue in livepatch-shadow-fix2.c

I have added the following paragraph:

<snip>
Note that it is a false positive. pr_info() just prints the address.
The freed memory is not accessed. Well, the static analyzer could not
know this easily.
</snip>

> Signed-off-by: Tom Rix <trix@redhat.com>

and pushed the patch into livepatching/livepatching.git,
branch for-5.18/selftests-fixes.

IMHO, the patch is so trivial and can be added even in this merge
window. There is no need to create more dances around it ;-)

Let me know if you disagree. I am going to send the pull request
on Friday or Monday.

Best Regards,
Petr

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] livepatch: Reorder to use before freeing a pointer
  2022-03-23 15:53 ` Petr Mladek
@ 2022-03-23 16:17   ` Tom Rix
  0 siblings, 0 replies; 7+ messages in thread
From: Tom Rix @ 2022-03-23 16:17 UTC (permalink / raw)
  To: Petr Mladek
  Cc: jpoimboe, jikos, mbenes, joe.lawrence, nathan, ndesaulniers,
	live-patching, linux-kernel, llvm


On 3/23/22 8:53 AM, Petr Mladek wrote:
> On Sat 2022-03-19 18:51:43, trix@redhat.com wrote:
>> From: Tom Rix <trix@redhat.com>
>>
>> Clang static analysis reports this issue
>> livepatch-shadow-fix1.c:113:2: warning: Use of
>>    memory after it is freed
>>    pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>>    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> The pointer is freed in the previous statement.
>> Reorder the pr_info to report before the free.
>>
>> Similar issue in livepatch-shadow-fix2.c
> I have added the following paragraph:
>
> <snip>
> Note that it is a false positive. pr_info() just prints the address.
> The freed memory is not accessed. Well, the static analyzer could not
> know this easily.
> </snip>
>
>> Signed-off-by: Tom Rix <trix@redhat.com>
> and pushed the patch into livepatching/livepatching.git,
> branch for-5.18/selftests-fixes.
>
> IMHO, the patch is so trivial and can be added even in this merge
> window. There is no need to create more dances around it ;-)
>
> Let me know if you disagree. I am going to send the pull request
> on Friday or Monday.

Do whatever is easier for you.  The addition to the commit log is fine.

Thanks

Tom

>
> Best Regards,
> Petr
>


^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-03-23 16:17 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-20  1:51 [PATCH v2] livepatch: Reorder to use before freeing a pointer trix
2022-03-21 13:24 ` Petr Mladek
2022-03-21 13:39 ` Joe Lawrence
2022-03-21 14:05   ` Tom Rix
2022-03-23  3:21     ` David Vernet
2022-03-23 15:53 ` Petr Mladek
2022-03-23 16:17   ` Tom Rix

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.