[PATCH] printk: avoid -Wsometimes-uninitialized warning

[PATCH] printk: avoid -Wsometimes-uninitialized warning

[Arnd Bergmann]

From: Arnd Bergmann <arnd@arndb.de>

clang notices that the pi_get_entry() function would use
uninitialized data if it was called with a non-NULL module
pointer on a kernel that does not support modules:

kernel/printk/index.c:32:6: error: variable 'nr_entries' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
        if (!mod) {
            ^~~~
kernel/printk/index.c:38:13: note: uninitialized use occurs here
        if (pos >= nr_entries)
                   ^~~~~~~~~~
kernel/printk/index.c:32:2: note: remove the 'if' if its condition is always true
        if (!mod) {

Rework the condition to make it clear to the compiler that we are always
in the second case. Unfortunately the #ifdef is still required as the
definition of 'struct module' is hidden when modules are disabled.

Fixes: 337015573718 ("printk: Userspace format indexing support")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 kernel/printk/index.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/kernel/printk/index.c b/kernel/printk/index.c
index d3709408debe..b4d90bab6d4d 100644
--- a/kernel/printk/index.c
+++ b/kernel/printk/index.c
@@ -22,14 +22,12 @@ static struct pi_entry *pi_get_entry(const struct module *mod, loff_t pos)
 	struct pi_entry **entries;
 	unsigned int nr_entries;
 
+	if (IS_ENABLED(CONFIG_MODULES) && mod) {
 #ifdef CONFIG_MODULES
-	if (mod) {
 		entries = mod->printk_index_start;
 		nr_entries = mod->printk_index_size;
-	}
 #endif
-
-	if (!mod) {
+	} else {
 		/* vmlinux, comes from linker symbols */
 		entries = __start_printk_index;
 		nr_entries = __stop_printk_index - __start_printk_index;
-- 
2.29.2

Re: [PATCH] printk: avoid -Wsometimes-uninitialized warning

[Chris Down]

Hi Arnd,

Arnd Bergmann writes:
>From: Arnd Bergmann <arnd@arndb.de>
>
>clang notices that the pi_get_entry() function would use
>uninitialized data if it was called with a non-NULL module
>pointer on a kernel that does not support modules:

On a !CONFIG_MODULES kernel, we _never_ pass a non-NULL module pointer. This 
isn't just convention: we don't even have `struct module` fully fleshed out, so 
it technically cannot be so.

>kernel/printk/index.c:32:6: error: variable 'nr_entries' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
>        if (!mod) {
>            ^~~~
>kernel/printk/index.c:38:13: note: uninitialized use occurs here
>        if (pos >= nr_entries)
>                   ^~~~~~~~~~
>kernel/printk/index.c:32:2: note: remove the 'if' if its condition is always true
>        if (!mod) {
>
>Rework the condition to make it clear to the compiler that we are always
>in the second case. Unfortunately the #ifdef is still required as the
>definition of 'struct module' is hidden when modules are disabled.

Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.

>Fixes: 337015573718 ("printk: Userspace format indexing support")

Does this really fix anything, or just clang's ignorance? If the latter, clang 
needs to be smarter here: as far as I can see there are no occasions where 
there's even any opportunity for a non-NULL pointer to come in on a 
!CONFIG_MODULES kernel, since `struct module` isn't even complete.

>Signed-off-by: Arnd Bergmann <arnd@arndb.de>
>---
> kernel/printk/index.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
>diff --git a/kernel/printk/index.c b/kernel/printk/index.c
>index d3709408debe..b4d90bab6d4d 100644
>--- a/kernel/printk/index.c
>+++ b/kernel/printk/index.c
>@@ -22,14 +22,12 @@ static struct pi_entry *pi_get_entry(const struct module *mod, loff_t pos)
> 	struct pi_entry **entries;
> 	unsigned int nr_entries;
>
>+	if (IS_ENABLED(CONFIG_MODULES) && mod) {
> #ifdef CONFIG_MODULES
>-	if (mod) {
> 		entries = mod->printk_index_start;
> 		nr_entries = mod->printk_index_size;
>-	}
> #endif
>-
>-	if (!mod) {
>+	} else {
> 		/* vmlinux, comes from linker symbols */
> 		entries = __start_printk_index;
> 		nr_entries = __stop_printk_index - __start_printk_index;
>-- 
>2.29.2
>

Re: [PATCH] printk: avoid -Wsometimes-uninitialized warning

[Arnd Bergmann]

On Mon, Sep 27, 2021 at 3:20 PM Chris Down <chris@chrisdown.name> wrote:
>
> Hi Arnd,
>
> Arnd Bergmann writes:
> >From: Arnd Bergmann <arnd@arndb.de>
> >
> >clang notices that the pi_get_entry() function would use
> >uninitialized data if it was called with a non-NULL module
> >pointer on a kernel that does not support modules:
>
> On a !CONFIG_MODULES kernel, we _never_ pass a non-NULL module pointer. This
> isn't just convention: we don't even have `struct module` fully fleshed out, so
> it technically cannot be so.

Yes, I understand that part, hence the "if it was called" rather then
"when it is called".

> >kernel/printk/index.c:32:6: error: variable 'nr_entries' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
> >        if (!mod) {
> >            ^~~~
> >kernel/printk/index.c:38:13: note: uninitialized use occurs here
> >        if (pos >= nr_entries)
> >                   ^~~~~~~~~~
> >kernel/printk/index.c:32:2: note: remove the 'if' if its condition is always true
> >        if (!mod) {
> >
> >Rework the condition to make it clear to the compiler that we are always
> >in the second case. Unfortunately the #ifdef is still required as the
> >definition of 'struct module' is hidden when modules are disabled.
>
> Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
>
> >Fixes: 337015573718 ("printk: Userspace format indexing support")
>
> Does this really fix anything, or just clang's ignorance? If the latter, clang
> needs to be smarter here: as far as I can see there are no occasions where
> there's even any opportunity for a non-NULL pointer to come in on a
> !CONFIG_MODULES kernel, since `struct module` isn't even complete.

I don't see how you would expect clang to understand that part. It does
not do cross-function analysis for the purpose of diagnostic output, and
even if it did, then this caller

static void *pi_next(struct seq_file *s, void *v, loff_t *pos)
{
        const struct module *mod = s->file->f_inode->i_private;
        struct pi_entry *entry = pi_get_entry(mod, *pos);
...
}

has no indication that "s->file->f_inode->i_private" is guaranteed to
be a NULL pointer.

         Arnd

Re: [PATCH] printk: avoid -Wsometimes-uninitialized warning

[Chris Down]

Arnd Bergmann writes:
>On Mon, Sep 27, 2021 at 3:20 PM Chris Down <chris@chrisdown.name> wrote:
>>
>> Hi Arnd,
>>
>> Arnd Bergmann writes:
>> >From: Arnd Bergmann <arnd@arndb.de>
>> >
>> >clang notices that the pi_get_entry() function would use
>> >uninitialized data if it was called with a non-NULL module
>> >pointer on a kernel that does not support modules:
>>
>> On a !CONFIG_MODULES kernel, we _never_ pass a non-NULL module pointer. This
>> isn't just convention: we don't even have `struct module` fully fleshed out, so
>> it technically cannot be so.
>
>Yes, I understand that part, hence the "if it was called" rather then
>"when it is called".

But there's no "if", it's simply not possible.

>> >kernel/printk/index.c:32:6: error: variable 'nr_entries' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
>> >        if (!mod) {
>> >            ^~~~
>> >kernel/printk/index.c:38:13: note: uninitialized use occurs here
>> >        if (pos >= nr_entries)
>> >                   ^~~~~~~~~~
>> >kernel/printk/index.c:32:2: note: remove the 'if' if its condition is always true
>> >        if (!mod) {
>> >
>> >Rework the condition to make it clear to the compiler that we are always
>> >in the second case. Unfortunately the #ifdef is still required as the
>> >definition of 'struct module' is hidden when modules are disabled.
>>
>> Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
>>
>> >Fixes: 337015573718 ("printk: Userspace format indexing support")
>>
>> Does this really fix anything, or just clang's ignorance? If the latter, clang
>> needs to be smarter here: as far as I can see there are no occasions where
>> there's even any opportunity for a non-NULL pointer to come in on a
>> !CONFIG_MODULES kernel, since `struct module` isn't even complete.
>
>I don't see how you would expect clang to understand that part. It does
>not do cross-function analysis for the purpose of diagnostic output, and
>even if it did, then this caller
>
>static void *pi_next(struct seq_file *s, void *v, loff_t *pos)
>{
>        const struct module *mod = s->file->f_inode->i_private;
>        struct pi_entry *entry = pi_get_entry(mod, *pos);
>...
>}
>
>has no indication that "s->file->f_inode->i_private" is guaranteed to
>be a NULL pointer.

Sure, but it seems unnecessary to me to gum up the code because of clang's 
inability to understand that.

Re: [PATCH] printk: avoid -Wsometimes-uninitialized warning

[Chris Down]

To be clear, I appreciate that some tradeoffs need to be made for the nice 
warnings that clang gives -- and to that extent I'm ambivalent to the patch -- 
but I object to "Fixes:" for something that doesn't fix anything at all.

Re: [PATCH] printk: avoid -Wsometimes-uninitialized warning

[Steven Rostedt]

On Mon, 27 Sep 2021 14:19:18 +0100
Chris Down <chris@chrisdown.name> wrote:

> Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.

I agree.

Would this be a better solution?

-- Steve

diff --git a/kernel/printk/index.c b/kernel/printk/index.c
index d3709408debe..ce3a0c8c5770 100644
--- a/kernel/printk/index.c
+++ b/kernel/printk/index.c
@@ -26,10 +26,10 @@ static struct pi_entry *pi_get_entry(const struct module *mod, loff_t pos)
 	if (mod) {
 		entries = mod->printk_index_start;
 		nr_entries = mod->printk_index_size;
-	}
+	} else
 #endif
+	{
 
-	if (!mod) {
 		/* vmlinux, comes from linker symbols */
 		entries = __start_printk_index;
 		nr_entries = __stop_printk_index - __start_printk_index;

Re: [PATCH] printk: avoid -Wsometimes-uninitialized warning

[Arnd Bergmann]

On Mon, Sep 27, 2021 at 6:21 PM Steven Rostedt <rostedt@goodmis.org> wrote:
>
> On Mon, 27 Sep 2021 14:19:18 +0100
> Chris Down <chris@chrisdown.name> wrote:
>
> > Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
>
> I agree.
>
> Would this be a better solution?

Sounds good, I'll follow up with that version after the next round of randconfig
builds.

Thanks,

      Arnd

Re: [PATCH] printk: avoid -Wsometimes-uninitialized warning

[Steven Rostedt]

On Mon, 27 Sep 2021 20:32:12 +0200
Arnd Bergmann <arnd@kernel.org> wrote:

> On Mon, Sep 27, 2021 at 6:21 PM Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> > On Mon, 27 Sep 2021 14:19:18 +0100
> > Chris Down <chris@chrisdown.name> wrote:
> >  
> > > Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.  
> >
> > I agree.
> >
> > Would this be a better solution?  
> 
> Sounds good, I'll follow up with that version after the next round of randconfig
> builds.

OK, but can you remove the extra line that's between the brace and the
text. I should have deleted it in that patch.

-- Steve