* [ceph-client:testing 77/77] fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false
@ 2023-04-17 15:49 kernel test robot
2023-04-18 0:52 ` Xiubo Li
0 siblings, 1 reply; 2+ messages in thread
From: kernel test robot @ 2023-04-17 15:49 UTC (permalink / raw)
To: Xiubo Li; +Cc: llvm, oe-kbuild-all, ceph-devel
tree: https://github.com/ceph/ceph-client.git testing
head: 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
commit: 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d [77/77] ceph: fix potential use-after-free bug when trimming caps
config: x86_64-randconfig-a011-20230417 (https://download.01.org/0day-ci/archive/20230417/202304172343.2ToBO5ag-lkp@intel.com/config)
compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/ceph/ceph-client/commit/3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
git remote add ceph-client https://github.com/ceph/ceph-client.git
git fetch --no-tags ceph-client testing
git checkout 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 olddefconfig
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash fs/ceph/
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202304172343.2ToBO5ag-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
if (cap) {
^~~
fs/ceph/mds_client.c:1877:9: note: uninitialized use occurs here
while (iputs--)
^~~~~
fs/ceph/mds_client.c:1866:2: note: remove the 'if' if its condition is always true
if (cap) {
^~~~~~~~~
fs/ceph/mds_client.c:1862:11: note: initialize the variable 'iputs' to silence this warning
int iputs;
^
= 0
>> fs/ceph/mds_client.c:1957:7: warning: variable 'cap' is uninitialized when used here [-Wuninitialized]
if (cap->cap_gen < atomic_read(&cap->session->s_cap_gen)) {
^~~
fs/ceph/mds_client.c:1949:22: note: initialize the variable 'cap' to silence this warning
struct ceph_cap *cap;
^
= NULL
2 warnings generated.
vim +1866 fs/ceph/mds_client.c
1855
1856 static int remove_session_caps_cb(struct inode *inode, struct rb_node *ci_node,
1857 void *arg)
1858 {
1859 struct ceph_inode_info *ci = ceph_inode(inode);
1860 bool invalidate = false;
1861 struct ceph_cap *cap;
1862 int iputs;
1863
1864 spin_lock(&ci->i_ceph_lock);
1865 cap = rb_entry(ci_node, struct ceph_cap, ci_node);
> 1866 if (cap) {
1867 dout(" removing cap %p, ci is %p, inode is %p\n",
1868 cap, ci, &ci->netfs.inode);
1869
1870 iputs = ceph_purge_inode_cap(inode, cap, &invalidate);
1871 }
1872 spin_unlock(&ci->i_ceph_lock);
1873
1874 wake_up_all(&ci->i_cap_wq);
1875 if (invalidate)
1876 ceph_queue_invalidate(inode);
1877 while (iputs--)
1878 iput(inode);
1879 return 0;
1880 }
1881
1882 /*
1883 * caller must hold session s_mutex
1884 */
1885 static void remove_session_caps(struct ceph_mds_session *session)
1886 {
1887 struct ceph_fs_client *fsc = session->s_mdsc->fsc;
1888 struct super_block *sb = fsc->sb;
1889 LIST_HEAD(dispose);
1890
1891 dout("remove_session_caps on %p\n", session);
1892 ceph_iterate_session_caps(session, remove_session_caps_cb, fsc);
1893
1894 wake_up_all(&fsc->mdsc->cap_flushing_wq);
1895
1896 spin_lock(&session->s_cap_lock);
1897 if (session->s_nr_caps > 0) {
1898 struct inode *inode;
1899 struct ceph_cap *cap, *prev = NULL;
1900 struct ceph_vino vino;
1901 /*
1902 * iterate_session_caps() skips inodes that are being
1903 * deleted, we need to wait until deletions are complete.
1904 * __wait_on_freeing_inode() is designed for the job,
1905 * but it is not exported, so use lookup inode function
1906 * to access it.
1907 */
1908 while (!list_empty(&session->s_caps)) {
1909 cap = list_entry(session->s_caps.next,
1910 struct ceph_cap, session_caps);
1911 if (cap == prev)
1912 break;
1913 prev = cap;
1914 vino = cap->ci->i_vino;
1915 spin_unlock(&session->s_cap_lock);
1916
1917 inode = ceph_find_inode(sb, vino);
1918 iput(inode);
1919
1920 spin_lock(&session->s_cap_lock);
1921 }
1922 }
1923
1924 // drop cap expires and unlock s_cap_lock
1925 detach_cap_releases(session, &dispose);
1926
1927 BUG_ON(session->s_nr_caps > 0);
1928 BUG_ON(!list_empty(&session->s_cap_flushing));
1929 spin_unlock(&session->s_cap_lock);
1930 dispose_cap_releases(session->s_mdsc, &dispose);
1931 }
1932
1933 enum {
1934 RECONNECT,
1935 RENEWCAPS,
1936 FORCE_RO,
1937 };
1938
1939 /*
1940 * wake up any threads waiting on this session's caps. if the cap is
1941 * old (didn't get renewed on the client reconnect), remove it now.
1942 *
1943 * caller must hold s_mutex.
1944 */
1945 static int wake_up_session_cb(struct inode *inode, struct rb_node *ci_node, void *arg)
1946 {
1947 struct ceph_inode_info *ci = ceph_inode(inode);
1948 unsigned long ev = (unsigned long)arg;
1949 struct ceph_cap *cap;
1950
1951 if (ev == RECONNECT) {
1952 spin_lock(&ci->i_ceph_lock);
1953 ci->i_wanted_max_size = 0;
1954 ci->i_requested_max_size = 0;
1955 spin_unlock(&ci->i_ceph_lock);
1956 } else if (ev == RENEWCAPS) {
> 1957 if (cap->cap_gen < atomic_read(&cap->session->s_cap_gen)) {
1958 /* mds did not re-issue stale cap */
1959 spin_lock(&ci->i_ceph_lock);
1960 cap = rb_entry(ci_node, struct ceph_cap, ci_node);
1961 if (cap)
1962 cap->issued = cap->implemented = CEPH_CAP_PIN;
1963 spin_unlock(&ci->i_ceph_lock);
1964 }
1965 } else if (ev == FORCE_RO) {
1966 }
1967 wake_up_all(&ci->i_cap_wq);
1968 return 0;
1969 }
1970
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ceph-client:testing 77/77] fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false
2023-04-17 15:49 [ceph-client:testing 77/77] fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false kernel test robot
@ 2023-04-18 0:52 ` Xiubo Li
0 siblings, 0 replies; 2+ messages in thread
From: Xiubo Li @ 2023-04-18 0:52 UTC (permalink / raw)
To: kernel test robot; +Cc: llvm, oe-kbuild-all, ceph-devel
On 4/17/23 23:49, kernel test robot wrote:
> tree: https://github.com/ceph/ceph-client.git testing
> head: 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
> commit: 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d [77/77] ceph: fix potential use-after-free bug when trimming caps
> config: x86_64-randconfig-a011-20230417 (https://download.01.org/0day-ci/archive/20230417/202304172343.2ToBO5ag-lkp@intel.com/config)
> compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
> reproduce (this is a W=1 build):
> wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> chmod +x ~/bin/make.cross
> # https://github.com/ceph/ceph-client/commit/3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
> git remote add ceph-client https://github.com/ceph/ceph-client.git
> git fetch --no-tags ceph-client testing
> git checkout 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
> # save the config file
> mkdir build_dir && cp config build_dir/.config
> COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 olddefconfig
> COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash fs/ceph/
>
> If you fix the issue, kindly add following tag where applicable
> | Reported-by: kernel test robot <lkp@intel.com>
> | Link: https://lore.kernel.org/oe-kbuild-all/202304172343.2ToBO5ag-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
>>> fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
> if (cap) {
> ^~~
> fs/ceph/mds_client.c:1877:9: note: uninitialized use occurs here
> while (iputs--)
> ^~~~~
> fs/ceph/mds_client.c:1866:2: note: remove the 'if' if its condition is always true
> if (cap) {
> ^~~~~~~~~
> fs/ceph/mds_client.c:1862:11: note: initialize the variable 'iputs' to silence this warning
> int iputs;
> ^
> = 0
>>> fs/ceph/mds_client.c:1957:7: warning: variable 'cap' is uninitialized when used here [-Wuninitialized]
> if (cap->cap_gen < atomic_read(&cap->session->s_cap_gen)) {
> ^~~
> fs/ceph/mds_client.c:1949:22: note: initialize the variable 'cap' to silence this warning
> struct ceph_cap *cap;
> ^
> = NULL
> 2 warnings generated.
>
>
> vim +1866 fs/ceph/mds_client.c
Thanks for reporting this.
As Luis mentioned in another thread, I will fix this in the testing branch.
- Xiubo
>
> 1855
> 1856 static int remove_session_caps_cb(struct inode *inode, struct rb_node *ci_node,
> 1857 void *arg)
> 1858 {
> 1859 struct ceph_inode_info *ci = ceph_inode(inode);
> 1860 bool invalidate = false;
> 1861 struct ceph_cap *cap;
> 1862 int iputs;
> 1863
> 1864 spin_lock(&ci->i_ceph_lock);
> 1865 cap = rb_entry(ci_node, struct ceph_cap, ci_node);
>> 1866 if (cap) {
> 1867 dout(" removing cap %p, ci is %p, inode is %p\n",
> 1868 cap, ci, &ci->netfs.inode);
> 1869
> 1870 iputs = ceph_purge_inode_cap(inode, cap, &invalidate);
> 1871 }
> 1872 spin_unlock(&ci->i_ceph_lock);
> 1873
> 1874 wake_up_all(&ci->i_cap_wq);
> 1875 if (invalidate)
> 1876 ceph_queue_invalidate(inode);
> 1877 while (iputs--)
> 1878 iput(inode);
> 1879 return 0;
> 1880 }
> 1881
> 1882 /*
> 1883 * caller must hold session s_mutex
> 1884 */
> 1885 static void remove_session_caps(struct ceph_mds_session *session)
> 1886 {
> 1887 struct ceph_fs_client *fsc = session->s_mdsc->fsc;
> 1888 struct super_block *sb = fsc->sb;
> 1889 LIST_HEAD(dispose);
> 1890
> 1891 dout("remove_session_caps on %p\n", session);
> 1892 ceph_iterate_session_caps(session, remove_session_caps_cb, fsc);
> 1893
> 1894 wake_up_all(&fsc->mdsc->cap_flushing_wq);
> 1895
> 1896 spin_lock(&session->s_cap_lock);
> 1897 if (session->s_nr_caps > 0) {
> 1898 struct inode *inode;
> 1899 struct ceph_cap *cap, *prev = NULL;
> 1900 struct ceph_vino vino;
> 1901 /*
> 1902 * iterate_session_caps() skips inodes that are being
> 1903 * deleted, we need to wait until deletions are complete.
> 1904 * __wait_on_freeing_inode() is designed for the job,
> 1905 * but it is not exported, so use lookup inode function
> 1906 * to access it.
> 1907 */
> 1908 while (!list_empty(&session->s_caps)) {
> 1909 cap = list_entry(session->s_caps.next,
> 1910 struct ceph_cap, session_caps);
> 1911 if (cap == prev)
> 1912 break;
> 1913 prev = cap;
> 1914 vino = cap->ci->i_vino;
> 1915 spin_unlock(&session->s_cap_lock);
> 1916
> 1917 inode = ceph_find_inode(sb, vino);
> 1918 iput(inode);
> 1919
> 1920 spin_lock(&session->s_cap_lock);
> 1921 }
> 1922 }
> 1923
> 1924 // drop cap expires and unlock s_cap_lock
> 1925 detach_cap_releases(session, &dispose);
> 1926
> 1927 BUG_ON(session->s_nr_caps > 0);
> 1928 BUG_ON(!list_empty(&session->s_cap_flushing));
> 1929 spin_unlock(&session->s_cap_lock);
> 1930 dispose_cap_releases(session->s_mdsc, &dispose);
> 1931 }
> 1932
> 1933 enum {
> 1934 RECONNECT,
> 1935 RENEWCAPS,
> 1936 FORCE_RO,
> 1937 };
> 1938
> 1939 /*
> 1940 * wake up any threads waiting on this session's caps. if the cap is
> 1941 * old (didn't get renewed on the client reconnect), remove it now.
> 1942 *
> 1943 * caller must hold s_mutex.
> 1944 */
> 1945 static int wake_up_session_cb(struct inode *inode, struct rb_node *ci_node, void *arg)
> 1946 {
> 1947 struct ceph_inode_info *ci = ceph_inode(inode);
> 1948 unsigned long ev = (unsigned long)arg;
> 1949 struct ceph_cap *cap;
> 1950
> 1951 if (ev == RECONNECT) {
> 1952 spin_lock(&ci->i_ceph_lock);
> 1953 ci->i_wanted_max_size = 0;
> 1954 ci->i_requested_max_size = 0;
> 1955 spin_unlock(&ci->i_ceph_lock);
> 1956 } else if (ev == RENEWCAPS) {
>> 1957 if (cap->cap_gen < atomic_read(&cap->session->s_cap_gen)) {
> 1958 /* mds did not re-issue stale cap */
> 1959 spin_lock(&ci->i_ceph_lock);
> 1960 cap = rb_entry(ci_node, struct ceph_cap, ci_node);
> 1961 if (cap)
> 1962 cap->issued = cap->implemented = CEPH_CAP_PIN;
> 1963 spin_unlock(&ci->i_ceph_lock);
> 1964 }
> 1965 } else if (ev == FORCE_RO) {
> 1966 }
> 1967 wake_up_all(&ci->i_cap_wq);
> 1968 return 0;
> 1969 }
> 1970
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-04-18 0:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-17 15:49 [ceph-client:testing 77/77] fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false kernel test robot
2023-04-18 0:52 ` Xiubo Li
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.