All of lore.kernel.org
 help / color / mirror / Atom feed
From: Arnd Bergmann <arnd@arndb.de>
To: Uladzislau Rezki <urezki@gmail.com>
Cc: Roman Gushchin <guro@fb.com>, Michal Hocko <mhocko@suse.com>,
	Matthew Wilcox <willy@infradead.org>,
	Thomas Garnier <thgarnie@google.com>,
	Oleksiy Avramchenko <oleksiy.avramchenko@sonymobile.com>,
	Steven Rostedt <rostedt@goodmis.org>,
	Joel Fernandes <joelaf@google.com>,
	Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@elte.hu>,
	Tejun Heo <tj@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Stephen Rothwell <sfr@canb.auug.org.au>,
	Roman Penyaev <rpenyaev@suse.de>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	Andrey Ryabinin <aryabinin@virtuozzo.com>,
	Mike Rapoport <rppt@linux.ibm.com>, Linux-MM <linux-mm@kvack.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [BUG]: mm/vmalloc: uninitialized variable access in pcpu_get_vm_areas
Date: Mon, 17 Jun 2019 21:29:08 +0200	[thread overview]
Message-ID: <CAK8P3a1Ab2MVVgSh4EW0Yef_BsxcRbkxarknMzV7tOA+s79qsA@mail.gmail.com> (raw)
In-Reply-To: <20190617165730.5l7z47n3vg73q7mp@pc636>

On Mon, Jun 17, 2019 at 6:57 PM Uladzislau Rezki <urezki@gmail.com> wrote:
> > diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> > index a9213fc3802d..5b7e50de008b 100644
> > --- a/mm/vmalloc.c
> > +++ b/mm/vmalloc.c
> > @@ -915,7 +915,8 @@ adjust_va_to_fit_type(struct vmap_area *va,
> >  {
> >         struct vmap_area *lva;
> >
> > -       if (type == FL_FIT_TYPE) {
> > +       switch (type) {
> > +       case FL_FIT_TYPE:
> >                 /*
> >                  * No need to split VA, it fully fits.
> >                  *
> > @@ -925,7 +926,8 @@ adjust_va_to_fit_type(struct vmap_area *va,
> >                  */
> >                 unlink_va(va, &free_vmap_area_root);
> >                 kmem_cache_free(vmap_area_cachep, va);
> > -       } else if (type == LE_FIT_TYPE) {
> > +               break;
> > +       case LE_FIT_TYPE:
> >                 /*
> >                  * Split left edge of fit VA.
> >                  *
> > @@ -934,7 +936,8 @@ adjust_va_to_fit_type(struct vmap_area *va,
> >                  * |-------|-------|
> >                  */
> >                 va->va_start += size;
> > -       } else if (type == RE_FIT_TYPE) {
> > +               break;
> > +       case RE_FIT_TYPE:
> >                 /*
> >                  * Split right edge of fit VA.
> >                  *
> > @@ -943,7 +946,8 @@ adjust_va_to_fit_type(struct vmap_area *va,
> >                  * |-------|-------|
> >                  */
> >                 va->va_end = nva_start_addr;
> > -       } else if (type == NE_FIT_TYPE) {
> > +               break;
> > +       case NE_FIT_TYPE:
> >                 /*
> >                  * Split no edge of fit VA.
> >                  *
> > @@ -980,7 +984,8 @@ adjust_va_to_fit_type(struct vmap_area *va,
> >                  * Shrink this VA to remaining size.
> >                  */
> >                 va->va_start = nva_start_addr + size;
> > -       } else {
> > +               break;
> > +       default:
> >                 return -1;
> >         }
> >
> To me it is not clear how it would solve the warning. It sounds like
> your GCC after this change is able to keep track of that variable
> probably because of less generated code. But i am not sure about
> other versions. For example i have:
>
> gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1)
>
> and it totally OK, i.e. it does not emit any related warning.

To provide some background here, I'm doing randconfig tests, and
this warning might be one that only shows up with a specific combination
of options that add complexity to the build.

I do run into a lot -Wmaybe-uninitialized warnings, and most of the time
can figure out to change the code to be more readable by both
humans and compilers in a way that shuts up the warning. The
underlying algorithm in the compiler is NP-complete, so it can't
ever get it right 100%, but it is a valuable warning in general.

Using switch/case makes it easier for the compiler because it
seems to turn this into a single conditional instead of a set of
conditions. It also seems to be the much more common style
in the kernel.

> Another thing is that, if we add mode code there or change the function
> prototype, we might run into the same warning. Therefore i proposed that
> we just set the variable to NULL, i.e. Initialize it.

The problem with adding explicit NULL initializations is that this is
more likely to hide actual bugs if the code changes again, and the
compiler no longer notices the problem, so I try to avoid ever
initializing a variable to something that would cause a runtime
bug in place of a compile time warning later.

       Arnd

  reply	other threads:[~2019-06-17 19:29 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-17 12:14 [BUG]: mm/vmalloc: uninitialized variable access in pcpu_get_vm_areas Arnd Bergmann
2019-06-17 12:14 ` Arnd Bergmann
2019-06-17 13:49 ` Roman Penyaev
2019-06-17 14:04   ` Arnd Bergmann
2019-06-17 14:04     ` Arnd Bergmann
2019-06-17 14:40     ` Roman Penyaev
2019-06-17 14:12 ` Uladzislau Rezki
2019-06-17 14:44   ` Arnd Bergmann
2019-06-17 14:44     ` Arnd Bergmann
2019-06-17 14:50     ` Roman Penyaev
2019-06-17 14:50     ` Arnd Bergmann
2019-06-17 14:50       ` Arnd Bergmann
2019-06-17 16:57       ` Uladzislau Rezki
2019-06-17 19:29         ` Arnd Bergmann [this message]
2019-06-17 19:29           ` Arnd Bergmann
2019-06-18  8:01           ` Arnd Bergmann
2019-06-18  8:01             ` Arnd Bergmann
2019-06-18  8:53             ` Uladzislau Rezki

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAK8P3a1Ab2MVVgSh4EW0Yef_BsxcRbkxarknMzV7tOA+s79qsA@mail.gmail.com \
    --to=arnd@arndb.de \
    --cc=akpm@linux-foundation.org \
    --cc=aryabinin@virtuozzo.com \
    --cc=guro@fb.com \
    --cc=joelaf@google.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mhocko@suse.com \
    --cc=mingo@elte.hu \
    --cc=oleksiy.avramchenko@sonymobile.com \
    --cc=rick.p.edgecombe@intel.com \
    --cc=rostedt@goodmis.org \
    --cc=rpenyaev@suse.de \
    --cc=rppt@linux.ibm.com \
    --cc=sfr@canb.auug.org.au \
    --cc=tglx@linutronix.de \
    --cc=thgarnie@google.com \
    --cc=tj@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=urezki@gmail.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.