* problematic rc9 futex changes.
@ 2018-01-23 5:34 Dave Jones
2018-01-23 8:33 ` Peter Zijlstra
0 siblings, 1 reply; 2+ messages in thread
From: Dave Jones @ 2018-01-23 5:34 UTC (permalink / raw)
To: Peter Zijlstra; +Cc: Linux Kernel
c1e2f0eaf015fb: "futex: Avoid violating the 10th rule of futex" seems to
make up a few new rules to violate.
Coverity picked up these two problems in the same code:
First it or's a value with stack garbage.
_______________________________________________________________________________________________________
*** CID 1427826: Uninitialized variables (UNINIT)
/kernel/futex.c: 2316 in fixup_pi_state_owner()
2310
2311 raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
2312
2313 oldowner = pi_state->owner;
2314 /* Owner died? */
2315 if (!pi_state->owner)
>>> CID 1427826: Uninitialized variables (UNINIT)
>>> Using uninitialized value "newtid".
2316 newtid |= FUTEX_OWNER_DIED;
2317
2318 /*
2319 * We are here because either:
2320 *
2321 * - we stole the lock and pi_state->owner needs updating to reflect
Then it notices that value is never read from before it's written
anyway.
*** CID 1427824: Code maintainability issues (UNUSED_VALUE)
/kernel/futex.c: 2316 in fixup_pi_state_owner()
2310
2311 raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock);
2312
2313 oldowner = pi_state->owner;
2314 /* Owner died? */
2315 if (!pi_state->owner)
>>> CID 1427824: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "newtid | 0x40000000U" to "newtid" here, but that stored value is overwritten before it can be used.
2316 newtid |= FUTEX_OWNER_DIED;
2317
2318 /*
2319 * We are here because either:
2320 *
2321 * - we stole the lock and pi_state->owner needs updating to reflect
(The next reference of newtid being..
2369 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS;
Dave
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: problematic rc9 futex changes.
2018-01-23 5:34 problematic rc9 futex changes Dave Jones
@ 2018-01-23 8:33 ` Peter Zijlstra
0 siblings, 0 replies; 2+ messages in thread
From: Peter Zijlstra @ 2018-01-23 8:33 UTC (permalink / raw)
To: Dave Jones, Linux Kernel
On Tue, Jan 23, 2018 at 12:34:46AM -0500, Dave Jones wrote:
> c1e2f0eaf015fb: "futex: Avoid violating the 10th rule of futex" seems to
> make up a few new rules to violate.
>
> Coverity picked up these two problems in the same code:
>
Yeah, Geert also spotted it:
https://lkml.kernel.org/r/20180122103947.GD2228@hirez.programming.kicks-ass.net
I've been running the robustpi tests from glibc but have so far failed
to actually trigger the bug. I think I'll just write up a Changelog and
post the fix from the above link.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-01-23 8:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-23 5:34 problematic rc9 futex changes Dave Jones
2018-01-23 8:33 ` Peter Zijlstra
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).