From: Joe Lawrence <joe.lawrence@redhat.com>
To: Dan Carpenter <dan.carpenter@oracle.com>, pmladek@suse.com
Cc: live-patching@vger.kernel.org
Subject: Re: [bug report] livepatch: Initialize shadow variables safely by a custom callback
Date: Tue, 7 Jan 2020 10:06:21 -0500 [thread overview]
Message-ID: <4affb6d1-699e-af7e-9a1d-364393adc3a8@redhat.com> (raw)
In-Reply-To: <20200107132929.ficffmrm5ntpzcqa@kili.mountain>
On 1/7/20 8:29 AM, Dan Carpenter wrote:
> Hello Petr Mladek,
>
> The patch e91c2518a5d2: "livepatch: Initialize shadow variables
> safely by a custom callback" from Apr 16, 2018, leads to the
> following static checker warning:
>
> samples/livepatch/livepatch-shadow-fix1.c:86 livepatch_fix1_dummy_alloc()
> error: 'klp_shadow_alloc()' 'leak' too small (4 vs 8)
>
> samples/livepatch/livepatch-shadow-fix1.c
> 53 static int shadow_leak_ctor(void *obj, void *shadow_data, void *ctor_data)
> 54 {
> 55 void **shadow_leak = shadow_data;
> 56 void *leak = ctor_data;
> 57
> 58 *shadow_leak = leak;
> 59 return 0;
> 60 }
> 61
> 62 static struct dummy *livepatch_fix1_dummy_alloc(void)
> 63 {
> 64 struct dummy *d;
> 65 void *leak;
> 66
> 67 d = kzalloc(sizeof(*d), GFP_KERNEL);
> 68 if (!d)
> 69 return NULL;
> 70
> 71 d->jiffies_expire = jiffies +
> 72 msecs_to_jiffies(1000 * EXPIRE_PERIOD);
> 73
> 74 /*
> 75 * Patch: save the extra memory location into a SV_LEAK shadow
> 76 * variable. A patched dummy_free routine can later fetch this
> 77 * pointer to handle resource release.
> 78 */
> 79 leak = kzalloc(sizeof(int), GFP_KERNEL);
> 80 if (!leak) {
> 81 kfree(d);
> 82 return NULL;
> 83 }
> 84
> 85 klp_shadow_alloc(d, SV_LEAK, sizeof(leak), GFP_KERNEL,
> ^^^^^^^^^^^^
> This doesn't seem right at all? Leak is a pointer. Why is leak a void
> pointer instead of an int pointer?
>
Hi Dan,
If I remember this code correctly, the shadow variable is tracking the
pointer value itself and not its contents, so sizeof(leak) should be
correct for the shadow variable data size.
(For kernel/livepatch/shadow.c :: __klp_shadow_get_or_alloc() creates
new struct klp_shadow with .data[size] to accommodate its meta-data plus
the desired data).
Why isn't leak an int pointer? I don't remember why, according to git
history it's been that way since the beginning. I think it was coded to
say, "Give me some storage, any size an int will do. I'm not going to
touch it, but I want to demonstrate a memory leak".
Would modifying the pointer type satisfy the static code complaint?
Since the warning is about a size mismatch, what are the parameters that
it is keying on? Does it expect to see the typical allocation pattern like:
int *foo = alloc(sizeof(*foo))
and not:
int *foo = alloc(sizeof(foo))
Thanks,
-- Joe
> 86 shadow_leak_ctor, leak);
> 87
> 88 pr_info("%s: dummy @ %p, expires @ %lx\n",
> 89 __func__, d, d->jiffies_expire);
> 90
> 91 return d;
> 92 }
>
> regards,
> dan carpenter
>
next prev parent reply other threads:[~2020-01-07 15:06 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-07 13:29 [bug report] livepatch: Initialize shadow variables safely by a custom callback Dan Carpenter
2020-01-07 15:06 ` Joe Lawrence [this message]
2020-01-07 15:23 ` Dan Carpenter
2020-01-07 15:43 ` Joe Lawrence
2020-01-09 9:29 ` Petr Mladek
2020-01-13 15:11 ` Joe Lawrence
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4affb6d1-699e-af7e-9a1d-364393adc3a8@redhat.com \
--to=joe.lawrence@redhat.com \
--cc=dan.carpenter@oracle.com \
--cc=live-patching@vger.kernel.org \
--cc=pmladek@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).