* net/sunrpc/xprtrdma/frwr_ops.c:647 frwr_unmap_async() error: potentially dereferencing uninitialized 'last'.
@ 2021-06-23 10:07 Dan Carpenter
2021-06-23 12:20 ` Chuck Lever III
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2021-06-23 10:07 UTC (permalink / raw)
To: kbuild, Chuck Lever; +Cc: lkp, kbuild-all, linux-kernel, Trond Myklebust
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 0c18f29aae7ce3dadd26d8ee3505d07cc982df75
commit: e10fa96d347488d1fd278e84f52ba7b25067cc71 xprtrdma: Move cqe to struct rpcrdma_mr
config: x86_64-randconfig-m001-20210622 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
net/sunrpc/xprtrdma/frwr_ops.c:647 frwr_unmap_async() error: potentially dereferencing uninitialized 'last'.
Old smatch warnings:
net/sunrpc/xprtrdma/frwr_ops.c:546 frwr_unmap_sync() error: potentially dereferencing uninitialized 'last'.
vim +/last +647 net/sunrpc/xprtrdma/frwr_ops.c
d8099feda4833b Chuck Lever 2019-06-19 608 void frwr_unmap_async(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req)
d8099feda4833b Chuck Lever 2019-06-19 609 {
d8099feda4833b Chuck Lever 2019-06-19 610 struct ib_send_wr *first, *last, **prev;
5ecef9c8436695 Chuck Lever 2020-11-09 611 struct rpcrdma_ep *ep = r_xprt->rx_ep;
d8099feda4833b Chuck Lever 2019-06-19 612 struct rpcrdma_frwr *frwr;
d8099feda4833b Chuck Lever 2019-06-19 613 struct rpcrdma_mr *mr;
d8099feda4833b Chuck Lever 2019-06-19 614 int rc;
d8099feda4833b Chuck Lever 2019-06-19 615
d8099feda4833b Chuck Lever 2019-06-19 616 /* Chain the LOCAL_INV Work Requests and post them with
d8099feda4833b Chuck Lever 2019-06-19 617 * a single ib_post_send() call.
d8099feda4833b Chuck Lever 2019-06-19 618 */
d8099feda4833b Chuck Lever 2019-06-19 619 frwr = NULL;
d8099feda4833b Chuck Lever 2019-06-19 620 prev = &first;
265a38d4611360 Chuck Lever 2019-08-19 621 while ((mr = rpcrdma_mr_pop(&req->rl_registered))) {
Is it possible for the ->rl_registered list to be empty? If not, then
just ignore this email.
d8099feda4833b Chuck Lever 2019-06-19 622
d8099feda4833b Chuck Lever 2019-06-19 623 trace_xprtrdma_mr_localinv(mr);
d8099feda4833b Chuck Lever 2019-06-19 624 r_xprt->rx_stats.local_inv_needed++;
d8099feda4833b Chuck Lever 2019-06-19 625
d8099feda4833b Chuck Lever 2019-06-19 626 frwr = &mr->frwr;
d8099feda4833b Chuck Lever 2019-06-19 627 last = &frwr->fr_invwr;
d8099feda4833b Chuck Lever 2019-06-19 628 last->next = NULL;
e10fa96d347488 Chuck Lever 2021-04-19 629 last->wr_cqe = &mr->mr_cqe;
d8099feda4833b Chuck Lever 2019-06-19 630 last->sg_list = NULL;
d8099feda4833b Chuck Lever 2019-06-19 631 last->num_sge = 0;
d8099feda4833b Chuck Lever 2019-06-19 632 last->opcode = IB_WR_LOCAL_INV;
d8099feda4833b Chuck Lever 2019-06-19 633 last->send_flags = IB_SEND_SIGNALED;
d8099feda4833b Chuck Lever 2019-06-19 634 last->ex.invalidate_rkey = mr->mr_handle;
d8099feda4833b Chuck Lever 2019-06-19 635
e10fa96d347488 Chuck Lever 2021-04-19 636 last->wr_cqe->done = frwr_wc_localinv;
e10fa96d347488 Chuck Lever 2021-04-19 637
d8099feda4833b Chuck Lever 2019-06-19 638 *prev = last;
d8099feda4833b Chuck Lever 2019-06-19 639 prev = &last->next;
d8099feda4833b Chuck Lever 2019-06-19 640 }
d8099feda4833b Chuck Lever 2019-06-19 641
d8099feda4833b Chuck Lever 2019-06-19 642 /* Strong send queue ordering guarantees that when the
d8099feda4833b Chuck Lever 2019-06-19 643 * last WR in the chain completes, all WRs in the chain
d8099feda4833b Chuck Lever 2019-06-19 644 * are complete. The last completion will wake up the
d8099feda4833b Chuck Lever 2019-06-19 645 * RPC waiter.
d8099feda4833b Chuck Lever 2019-06-19 646 */
e10fa96d347488 Chuck Lever 2021-04-19 @647 last->wr_cqe->done = frwr_wc_localinv_done;
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: net/sunrpc/xprtrdma/frwr_ops.c:647 frwr_unmap_async() error: potentially dereferencing uninitialized 'last'.
2021-06-23 10:07 net/sunrpc/xprtrdma/frwr_ops.c:647 frwr_unmap_async() error: potentially dereferencing uninitialized 'last' Dan Carpenter
@ 2021-06-23 12:20 ` Chuck Lever III
2021-06-23 12:27 ` Dan Carpenter
0 siblings, 1 reply; 3+ messages in thread
From: Chuck Lever III @ 2021-06-23 12:20 UTC (permalink / raw)
To: Dan Carpenter
Cc: kbuild, kernel test robot, kbuild-all, linux-kernel, Trond Myklebust
Howdy Dan!
> On Jun 23, 2021, at 6:07 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: 0c18f29aae7ce3dadd26d8ee3505d07cc982df75
> commit: e10fa96d347488d1fd278e84f52ba7b25067cc71 xprtrdma: Move cqe to struct rpcrdma_mr
> config: x86_64-randconfig-m001-20210622 (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> New smatch warnings:
> net/sunrpc/xprtrdma/frwr_ops.c:647 frwr_unmap_async() error: potentially dereferencing uninitialized 'last'.
>
> Old smatch warnings:
> net/sunrpc/xprtrdma/frwr_ops.c:546 frwr_unmap_sync() error: potentially dereferencing uninitialized 'last'.
>
> vim +/last +647 net/sunrpc/xprtrdma/frwr_ops.c
>
> d8099feda4833b Chuck Lever 2019-06-19 608 void frwr_unmap_async(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req)
> d8099feda4833b Chuck Lever 2019-06-19 609 {
> d8099feda4833b Chuck Lever 2019-06-19 610 struct ib_send_wr *first, *last, **prev;
> 5ecef9c8436695 Chuck Lever 2020-11-09 611 struct rpcrdma_ep *ep = r_xprt->rx_ep;
> d8099feda4833b Chuck Lever 2019-06-19 612 struct rpcrdma_frwr *frwr;
> d8099feda4833b Chuck Lever 2019-06-19 613 struct rpcrdma_mr *mr;
> d8099feda4833b Chuck Lever 2019-06-19 614 int rc;
> d8099feda4833b Chuck Lever 2019-06-19 615
> d8099feda4833b Chuck Lever 2019-06-19 616 /* Chain the LOCAL_INV Work Requests and post them with
> d8099feda4833b Chuck Lever 2019-06-19 617 * a single ib_post_send() call.
> d8099feda4833b Chuck Lever 2019-06-19 618 */
> d8099feda4833b Chuck Lever 2019-06-19 619 frwr = NULL;
> d8099feda4833b Chuck Lever 2019-06-19 620 prev = &first;
> 265a38d4611360 Chuck Lever 2019-08-19 621 while ((mr = rpcrdma_mr_pop(&req->rl_registered))) {
>
> Is it possible for the ->rl_registered list to be empty?
The one and only call site for frwr_unmap_async() in in rpcrdma_reply_handler():
1483 if (!list_empty(&req->rl_registered))
1484 frwr_unmap_async(r_xprt, req);
1485 /* LocalInv completion will complete the RPC */
1486 else
1487 kref_put(&req->rl_kref, rpcrdma_reply_done);
> If not, then just ignore this email.
I seem to recall smatch catching this problem before. Is there a way
to annotate frwr_unmap_async() to calm smatch's nerves?
> d8099feda4833b Chuck Lever 2019-06-19 622
> d8099feda4833b Chuck Lever 2019-06-19 623 trace_xprtrdma_mr_localinv(mr);
> d8099feda4833b Chuck Lever 2019-06-19 624 r_xprt->rx_stats.local_inv_needed++;
> d8099feda4833b Chuck Lever 2019-06-19 625
> d8099feda4833b Chuck Lever 2019-06-19 626 frwr = &mr->frwr;
> d8099feda4833b Chuck Lever 2019-06-19 627 last = &frwr->fr_invwr;
> d8099feda4833b Chuck Lever 2019-06-19 628 last->next = NULL;
> e10fa96d347488 Chuck Lever 2021-04-19 629 last->wr_cqe = &mr->mr_cqe;
> d8099feda4833b Chuck Lever 2019-06-19 630 last->sg_list = NULL;
> d8099feda4833b Chuck Lever 2019-06-19 631 last->num_sge = 0;
> d8099feda4833b Chuck Lever 2019-06-19 632 last->opcode = IB_WR_LOCAL_INV;
> d8099feda4833b Chuck Lever 2019-06-19 633 last->send_flags = IB_SEND_SIGNALED;
> d8099feda4833b Chuck Lever 2019-06-19 634 last->ex.invalidate_rkey = mr->mr_handle;
> d8099feda4833b Chuck Lever 2019-06-19 635
> e10fa96d347488 Chuck Lever 2021-04-19 636 last->wr_cqe->done = frwr_wc_localinv;
> e10fa96d347488 Chuck Lever 2021-04-19 637
> d8099feda4833b Chuck Lever 2019-06-19 638 *prev = last;
> d8099feda4833b Chuck Lever 2019-06-19 639 prev = &last->next;
> d8099feda4833b Chuck Lever 2019-06-19 640 }
> d8099feda4833b Chuck Lever 2019-06-19 641
> d8099feda4833b Chuck Lever 2019-06-19 642 /* Strong send queue ordering guarantees that when the
> d8099feda4833b Chuck Lever 2019-06-19 643 * last WR in the chain completes, all WRs in the chain
> d8099feda4833b Chuck Lever 2019-06-19 644 * are complete. The last completion will wake up the
> d8099feda4833b Chuck Lever 2019-06-19 645 * RPC waiter.
> d8099feda4833b Chuck Lever 2019-06-19 646 */
> e10fa96d347488 Chuck Lever 2021-04-19 @647 last->wr_cqe->done = frwr_wc_localinv_done;
>
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
--
Chuck Lever
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: net/sunrpc/xprtrdma/frwr_ops.c:647 frwr_unmap_async() error: potentially dereferencing uninitialized 'last'.
2021-06-23 12:20 ` Chuck Lever III
@ 2021-06-23 12:27 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2021-06-23 12:27 UTC (permalink / raw)
To: Chuck Lever III
Cc: kbuild, kernel test robot, kbuild-all, linux-kernel, Trond Myklebust
On Wed, Jun 23, 2021 at 03:20:10PM +0300, Chuck Lever III wrote:
> Howdy Dan!
>
> > On Jun 23, 2021, at 6:07 AM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> >
> > tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> > head: 0c18f29aae7ce3dadd26d8ee3505d07cc982df75
> > commit: e10fa96d347488d1fd278e84f52ba7b25067cc71 xprtrdma: Move cqe to struct rpcrdma_mr
> > config: x86_64-randconfig-m001-20210622 (attached as .config)
> > compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > New smatch warnings:
> > net/sunrpc/xprtrdma/frwr_ops.c:647 frwr_unmap_async() error: potentially dereferencing uninitialized 'last'.
> >
> > Old smatch warnings:
> > net/sunrpc/xprtrdma/frwr_ops.c:546 frwr_unmap_sync() error: potentially dereferencing uninitialized 'last'.
> >
> > vim +/last +647 net/sunrpc/xprtrdma/frwr_ops.c
> >
> > d8099feda4833b Chuck Lever 2019-06-19 608 void frwr_unmap_async(struct rpcrdma_xprt *r_xprt, struct rpcrdma_req *req)
> > d8099feda4833b Chuck Lever 2019-06-19 609 {
> > d8099feda4833b Chuck Lever 2019-06-19 610 struct ib_send_wr *first, *last, **prev;
> > 5ecef9c8436695 Chuck Lever 2020-11-09 611 struct rpcrdma_ep *ep = r_xprt->rx_ep;
> > d8099feda4833b Chuck Lever 2019-06-19 612 struct rpcrdma_frwr *frwr;
> > d8099feda4833b Chuck Lever 2019-06-19 613 struct rpcrdma_mr *mr;
> > d8099feda4833b Chuck Lever 2019-06-19 614 int rc;
> > d8099feda4833b Chuck Lever 2019-06-19 615
> > d8099feda4833b Chuck Lever 2019-06-19 616 /* Chain the LOCAL_INV Work Requests and post them with
> > d8099feda4833b Chuck Lever 2019-06-19 617 * a single ib_post_send() call.
> > d8099feda4833b Chuck Lever 2019-06-19 618 */
> > d8099feda4833b Chuck Lever 2019-06-19 619 frwr = NULL;
> > d8099feda4833b Chuck Lever 2019-06-19 620 prev = &first;
> > 265a38d4611360 Chuck Lever 2019-08-19 621 while ((mr = rpcrdma_mr_pop(&req->rl_registered))) {
> >
> > Is it possible for the ->rl_registered list to be empty?
>
> The one and only call site for frwr_unmap_async() in in rpcrdma_reply_handler():
>
> 1483 if (!list_empty(&req->rl_registered))
> 1484 frwr_unmap_async(r_xprt, req);
> 1485 /* LocalInv completion will complete the RPC */
> 1486 else
> 1487 kref_put(&req->rl_kref, rpcrdma_reply_done);
>
>
> > If not, then just ignore this email.
>
> I seem to recall smatch catching this problem before. Is there a way
> to annotate frwr_unmap_async() to calm smatch's nerves?
In theory, if you have the cross function DB built then it's not
supposed to print this warning. But in reality it does. The data is
stored correctly in DB, but it's not used correctly. Huh... I will
investigate.
I don't think the kbuild bot uses the cross function DB, but it only
sends the warning once so who cares.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-23 12:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-23 10:07 net/sunrpc/xprtrdma/frwr_ops.c:647 frwr_unmap_async() error: potentially dereferencing uninitialized 'last' Dan Carpenter
2021-06-23 12:20 ` Chuck Lever III
2021-06-23 12:27 ` Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).