[axboe-block:for-5.18/block 125/127] block/blk-throttle.c:1188 throtl_pending_timer_fn() error: we previously assumed 'tg' could be null (see line 1146)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: [axboe-block:for-5.18/block 125/127] block/blk-throttle.c:1188 throtl_pending_timer_fn() error: we previously assumed 'tg' could be null (see line 1146)
Date: Sat, 19 Mar 2022 12:50:39 +0800	[thread overview]
Message-ID: <202203191245.PiGwwAAl-lkp@intel.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 8393 bytes --]

CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: linux-kernel(a)vger.kernel.org
TO: Ming Lei <ming.lei@redhat.com>
CC: Jens Axboe <axboe@kernel.dk>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-5.18/block
head:   8f9e7b65f833cb9a4b2e2f54a049d74df394d906
commit: ee37eddbfa9e0401f13a01691cf4bbbacd2d16c9 [125/127] block: avoid use-after-free on throttle data
:::::: branch date: 13 hours ago
:::::: commit date: 13 hours ago
config: openrisc-randconfig-m031-20220318 (https://download.01.org/0day-ci/archive/20220319/202203191245.PiGwwAAl-lkp(a)intel.com/config)
compiler: or1k-linux-gcc (GCC) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>

smatch warnings:
block/blk-throttle.c:1188 throtl_pending_timer_fn() error: we previously assumed 'tg' could be null (see line 1146)

vim +/tg +1188 block/blk-throttle.c

e43473b7f223ec Vivek Goyal       2010-09-15  1117  
c79892c5576163 Shaohua Li        2017-03-27  1118  static bool throtl_can_upgrade(struct throtl_data *td,
c79892c5576163 Shaohua Li        2017-03-27  1119  	struct throtl_grp *this_tg);
6e1a5704cbbd24 Tejun Heo         2013-05-14  1120  /**
6e1a5704cbbd24 Tejun Heo         2013-05-14  1121   * throtl_pending_timer_fn - timer function for service_queue->pending_timer
216382dccb2e0c Bart Van Assche   2019-05-30  1122   * @t: the pending_timer member of the throtl_service_queue being serviced
6e1a5704cbbd24 Tejun Heo         2013-05-14  1123   *
6e1a5704cbbd24 Tejun Heo         2013-05-14  1124   * This timer is armed when a child throtl_grp with active bio's become
6e1a5704cbbd24 Tejun Heo         2013-05-14  1125   * pending and queued on the service_queue's pending_tree and expires when
6e1a5704cbbd24 Tejun Heo         2013-05-14  1126   * the first child throtl_grp should be dispatched.  This function
2e48a530a3a7da Tejun Heo         2013-05-14  1127   * dispatches bio's from the children throtl_grps to the parent
2e48a530a3a7da Tejun Heo         2013-05-14  1128   * service_queue.
2e48a530a3a7da Tejun Heo         2013-05-14  1129   *
2e48a530a3a7da Tejun Heo         2013-05-14  1130   * If the parent's parent is another throtl_grp, dispatching is propagated
2e48a530a3a7da Tejun Heo         2013-05-14  1131   * by either arming its pending_timer or repeating dispatch directly.  If
2e48a530a3a7da Tejun Heo         2013-05-14  1132   * the top-level service_tree is reached, throtl_data->dispatch_work is
2e48a530a3a7da Tejun Heo         2013-05-14  1133   * kicked so that the ready bio's are issued.
6e1a5704cbbd24 Tejun Heo         2013-05-14  1134   */
e99e88a9d2b067 Kees Cook         2017-10-16  1135  static void throtl_pending_timer_fn(struct timer_list *t)
69df0ab030c94e Tejun Heo         2013-05-14  1136  {
e99e88a9d2b067 Kees Cook         2017-10-16  1137  	struct throtl_service_queue *sq = from_timer(sq, t, pending_timer);
2e48a530a3a7da Tejun Heo         2013-05-14  1138  	struct throtl_grp *tg = sq_to_tg(sq);
69df0ab030c94e Tejun Heo         2013-05-14  1139  	struct throtl_data *td = sq_to_td(sq);
2e48a530a3a7da Tejun Heo         2013-05-14  1140  	struct throtl_service_queue *parent_sq;
ee37eddbfa9e04 Ming Lei          2022-03-18  1141  	struct request_queue *q;
2e48a530a3a7da Tejun Heo         2013-05-14  1142  	bool dispatched;
6e1a5704cbbd24 Tejun Heo         2013-05-14  1143  	int ret;
e43473b7f223ec Vivek Goyal       2010-09-15  1144  
ee37eddbfa9e04 Ming Lei          2022-03-18  1145  	/* throtl_data may be gone, so figure out request queue by blkg */
ee37eddbfa9e04 Ming Lei          2022-03-18 @1146  	if (tg)
ee37eddbfa9e04 Ming Lei          2022-03-18  1147  		q = tg->pd.blkg->q;
ee37eddbfa9e04 Ming Lei          2022-03-18  1148  	else
ee37eddbfa9e04 Ming Lei          2022-03-18  1149  		q = td->queue;
ee37eddbfa9e04 Ming Lei          2022-03-18  1150  
0d945c1f966b2b Christoph Hellwig 2018-11-15  1151  	spin_lock_irq(&q->queue_lock);
ee37eddbfa9e04 Ming Lei          2022-03-18  1152  
ee37eddbfa9e04 Ming Lei          2022-03-18  1153  	if (!q->root_blkg)
ee37eddbfa9e04 Ming Lei          2022-03-18  1154  		goto out_unlock;
ee37eddbfa9e04 Ming Lei          2022-03-18  1155  
c79892c5576163 Shaohua Li        2017-03-27  1156  	if (throtl_can_upgrade(td, NULL))
c79892c5576163 Shaohua Li        2017-03-27  1157  		throtl_upgrade_state(td);
c79892c5576163 Shaohua Li        2017-03-27  1158  
2e48a530a3a7da Tejun Heo         2013-05-14  1159  again:
2e48a530a3a7da Tejun Heo         2013-05-14  1160  	parent_sq = sq->parent_sq;
2e48a530a3a7da Tejun Heo         2013-05-14  1161  	dispatched = false;
e43473b7f223ec Vivek Goyal       2010-09-15  1162  
7f52f98c2a8333 Tejun Heo         2013-05-14  1163  	while (true) {
fda6f272c77a7a Tejun Heo         2013-05-14  1164  		throtl_log(sq, "dispatch nr_queued=%u read=%u write=%u",
2e48a530a3a7da Tejun Heo         2013-05-14  1165  			   sq->nr_queued[READ] + sq->nr_queued[WRITE],
2e48a530a3a7da Tejun Heo         2013-05-14  1166  			   sq->nr_queued[READ], sq->nr_queued[WRITE]);
e43473b7f223ec Vivek Goyal       2010-09-15  1167  
7f52f98c2a8333 Tejun Heo         2013-05-14  1168  		ret = throtl_select_dispatch(sq);
7f52f98c2a8333 Tejun Heo         2013-05-14  1169  		if (ret) {
7f52f98c2a8333 Tejun Heo         2013-05-14  1170  			throtl_log(sq, "bios disp=%u", ret);
7f52f98c2a8333 Tejun Heo         2013-05-14  1171  			dispatched = true;
651930bc1c2a25 Tejun Heo         2013-05-14  1172  		}
e43473b7f223ec Vivek Goyal       2010-09-15  1173  
7f52f98c2a8333 Tejun Heo         2013-05-14  1174  		if (throtl_schedule_next_dispatch(sq, false))
7f52f98c2a8333 Tejun Heo         2013-05-14  1175  			break;
7f52f98c2a8333 Tejun Heo         2013-05-14  1176  
7f52f98c2a8333 Tejun Heo         2013-05-14  1177  		/* this dispatch windows is still open, relax and repeat */
0d945c1f966b2b Christoph Hellwig 2018-11-15  1178  		spin_unlock_irq(&q->queue_lock);
7f52f98c2a8333 Tejun Heo         2013-05-14  1179  		cpu_relax();
0d945c1f966b2b Christoph Hellwig 2018-11-15  1180  		spin_lock_irq(&q->queue_lock);
7f52f98c2a8333 Tejun Heo         2013-05-14  1181  	}
6a525600ffeb9e Tejun Heo         2013-05-14  1182  
2e48a530a3a7da Tejun Heo         2013-05-14  1183  	if (!dispatched)
2e48a530a3a7da Tejun Heo         2013-05-14  1184  		goto out_unlock;
6e1a5704cbbd24 Tejun Heo         2013-05-14  1185  
2e48a530a3a7da Tejun Heo         2013-05-14  1186  	if (parent_sq) {
2e48a530a3a7da Tejun Heo         2013-05-14  1187  		/* @parent_sq is another throl_grp, propagate dispatch */
2e48a530a3a7da Tejun Heo         2013-05-14 @1188  		if (tg->flags & THROTL_TG_WAS_EMPTY) {
2e48a530a3a7da Tejun Heo         2013-05-14  1189  			tg_update_disptime(tg);
2e48a530a3a7da Tejun Heo         2013-05-14  1190  			if (!throtl_schedule_next_dispatch(parent_sq, false)) {
2e48a530a3a7da Tejun Heo         2013-05-14  1191  				/* window is already open, repeat dispatching */
2e48a530a3a7da Tejun Heo         2013-05-14  1192  				sq = parent_sq;
2e48a530a3a7da Tejun Heo         2013-05-14  1193  				tg = sq_to_tg(sq);
2e48a530a3a7da Tejun Heo         2013-05-14  1194  				goto again;
2e48a530a3a7da Tejun Heo         2013-05-14  1195  			}
2e48a530a3a7da Tejun Heo         2013-05-14  1196  		}
2e48a530a3a7da Tejun Heo         2013-05-14  1197  	} else {
b53b072c4bb579 Baolin Wang       2020-09-07  1198  		/* reached the top-level, queue issuing */
2e48a530a3a7da Tejun Heo         2013-05-14  1199  		queue_work(kthrotld_workqueue, &td->dispatch_work);
2e48a530a3a7da Tejun Heo         2013-05-14  1200  	}
2e48a530a3a7da Tejun Heo         2013-05-14  1201  out_unlock:
0d945c1f966b2b Christoph Hellwig 2018-11-15  1202  	spin_unlock_irq(&q->queue_lock);
6e1a5704cbbd24 Tejun Heo         2013-05-14  1203  }
e43473b7f223ec Vivek Goyal       2010-09-15  1204  

:::::: The code at line 1188 was first introduced by commit
:::::: 2e48a530a3a7daebd0cc17866304a36d39b611de blk-throttle: make throtl_pending_timer_fn() ready for hierarchy

:::::: TO: Tejun Heo <tj@kernel.org>
:::::: CC: Tejun Heo <tj@kernel.org>

---
0-DAY CI Kernel Test Service
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

                 reply	other threads:[~2022-03-19  4:50 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202203191245.PiGwwAAl-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=kbuild@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.