From: Johannes Berg <johannes@sipsolutions.net>
To: Dan Carpenter <dan.carpenter@oracle.com>,
Julian Calaby <julian.calaby@gmail.com>
Cc: Chris Bainbridge <chris.bainbridge@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-wireless <linux-wireless@vger.kernel.org>,
aryabinin@virtuozzo.com, Julia Lawall <Julia.Lawall@lip6.fr>,
kernel-janitors@vger.kernel.org, Joe Perches <joe@perches.com>
Subject: Re: [PATCH] net/mac80211/agg-rx.c: fix use of uninitialised values
Date: Thu, 28 Jan 2016 12:35:12 +0000 [thread overview]
Message-ID: <1453984512.2217.15.camel@sipsolutions.net> (raw)
In-Reply-To: <20160128123022.GB13219@mwanda>
On Thu, 2016-01-28 at 15:30 +0300, Dan Carpenter wrote:
> It's not the return where we should trigger the warning it's at the
>
> rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx);
>
> line. That's for correctness, but also it should be slightly easier.
> Or it should cut down on false positives if we ignored returns and
> only looked global scope type assignements.
That's a good idea! But even that will probably get you a lot of false
positives. For example, in this structure, the rcu_head is never
initialized until we need it for kfree_rcu() or call_rcu(). I'm sure
there are other places like it.
johannes
WARNING: multiple messages have this Message-ID (diff)
From: Johannes Berg <johannes@sipsolutions.net>
To: Dan Carpenter <dan.carpenter@oracle.com>,
Julian Calaby <julian.calaby@gmail.com>
Cc: Chris Bainbridge <chris.bainbridge@gmail.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-wireless <linux-wireless@vger.kernel.org>,
aryabinin@virtuozzo.com, Julia Lawall <Julia.Lawall@lip6.fr>,
kernel-janitors@vger.kernel.org, Joe Perches <joe@perches.com>
Subject: Re: [PATCH] net/mac80211/agg-rx.c: fix use of uninitialised values
Date: Thu, 28 Jan 2016 13:35:12 +0100 [thread overview]
Message-ID: <1453984512.2217.15.camel@sipsolutions.net> (raw)
In-Reply-To: <20160128123022.GB13219@mwanda>
On Thu, 2016-01-28 at 15:30 +0300, Dan Carpenter wrote:
> It's not the return where we should trigger the warning it's at the
>
> rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx);
>
> line. That's for correctness, but also it should be slightly easier.
> Or it should cut down on false positives if we ignored returns and
> only looked global scope type assignements.
That's a good idea! But even that will probably get you a lot of false
positives. For example, in this structure, the rcu_head is never
initialized until we need it for kfree_rcu() or call_rcu(). I'm sure
there are other places like it.
johannes
next prev parent reply other threads:[~2016-01-28 12:35 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-26 11:17 UBSAN: Undefined behaviour in net/mac80211/rx.c:924:18 Chris Bainbridge
2016-01-26 11:17 ` Chris Bainbridge
2016-01-27 15:46 ` [PATCH] net/mac80211/agg-rx.c: fix use of uninitialised values Chris Bainbridge
2016-01-27 23:27 ` Julian Calaby
2016-01-27 23:27 ` Julian Calaby
2016-01-28 9:48 ` Johannes Berg
2016-01-28 9:48 ` Johannes Berg
2016-01-28 10:11 ` Julian Calaby
2016-01-28 10:11 ` Julian Calaby
2016-01-28 10:24 ` Julia Lawall
2016-01-28 10:24 ` Julia Lawall
2016-01-28 12:30 ` Dan Carpenter
2016-01-28 12:30 ` Dan Carpenter
2016-01-28 12:35 ` Johannes Berg [this message]
2016-01-28 12:35 ` Johannes Berg
2016-01-28 9:47 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453984512.2217.15.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=Julia.Lawall@lip6.fr \
--cc=aryabinin@virtuozzo.com \
--cc=chris.bainbridge@gmail.com \
--cc=dan.carpenter@oracle.com \
--cc=joe@perches.com \
--cc=julian.calaby@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.