[axboe-block:for-6.15/block 75/76] drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [axboe-block:for-6.15/block 75/76] drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395.
@ 2025-03-23 22:52 kernel test robot
  2025-03-24  0:36 ` Ming Lei
  0 siblings, 1 reply; 3+ messages in thread
From: kernel test robot @ 2025-03-23 22:52 UTC (permalink / raw)
  To: Ming Lei; +Cc: oe-kbuild-all, Jens Axboe

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-6.15/block
head:   4c3f4bad7a6e9022489a9f8392f7147ed3ce74b1
commit: dfc77a934a3acdb13dadf237b7417c6a31b19da8 [75/76] loop: try to handle loop aio command via NOWAIT IO first
config: i386-randconfig-052-20250323 (https://download.01.org/0day-ci/archive/20250324/202503240625.LfSMQqA2-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202503240625.LfSMQqA2-lkp@intel.com/

cocci warnings: (new ones prefixed by >>)
>> drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395.

vim +388 drivers/block/loop.c

bc07c10a3603a5 Ming Lei          2015-08-17  383  
92d773324b7edb Shaohua Li        2017-09-01  384  static void lo_rw_aio_do_completion(struct loop_cmd *cmd)
92d773324b7edb Shaohua Li        2017-09-01  385  {
1894e916546df0 Jens Axboe        2018-04-13  386  	struct request *rq = blk_mq_rq_from_pdu(cmd);
1894e916546df0 Jens Axboe        2018-04-13  387  
92d773324b7edb Shaohua Li        2017-09-01 @388  	if (!atomic_dec_and_test(&cmd->ref))
92d773324b7edb Shaohua Li        2017-09-01  389  		return;
dfc77a934a3acd Ming Lei          2025-03-22  390  
dfc77a934a3acd Ming Lei          2025-03-22  391  	/* -EAGAIN could be returned from bdev's ->ki_complete */
dfc77a934a3acd Ming Lei          2025-03-22  392  	if (cmd->ret == -EAGAIN) {
dfc77a934a3acd Ming Lei          2025-03-22  393  		struct loop_device *lo = rq->q->queuedata;
dfc77a934a3acd Ming Lei          2025-03-22  394  
dfc77a934a3acd Ming Lei          2025-03-22 @395  		loop_queue_work(lo, cmd);
dfc77a934a3acd Ming Lei          2025-03-22  396  		return;
dfc77a934a3acd Ming Lei          2025-03-22  397  	}
dfc77a934a3acd Ming Lei          2025-03-22  398  
92d773324b7edb Shaohua Li        2017-09-01  399  	kfree(cmd->bvec);
15f73f5b3e5958 Christoph Hellwig 2020-06-11  400  	if (likely(!blk_should_fake_timeout(rq->q)))
1894e916546df0 Jens Axboe        2018-04-13  401  		blk_mq_complete_request(rq);
92d773324b7edb Shaohua Li        2017-09-01  402  }
92d773324b7edb Shaohua Li        2017-09-01  403  

:::::: The code at line 388 was first introduced by commit
:::::: 92d773324b7edbd36bf0c28c1e0157763aeccc92 block/loop: fix use after free

:::::: TO: Shaohua Li <shli@fb.com>
:::::: CC: Jens Axboe <axboe@kernel.dk>

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [axboe-block:for-6.15/block 75/76] drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395.
  2025-03-23 22:52 [axboe-block:for-6.15/block 75/76] drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395 kernel test robot
@ 2025-03-24  0:36 ` Ming Lei
  2025-03-24 11:46   ` Jens Axboe
  0 siblings, 1 reply; 3+ messages in thread
From: Ming Lei @ 2025-03-24  0:36 UTC (permalink / raw)
  To: kernel test robot; +Cc: oe-kbuild-all, Jens Axboe

On Mon, Mar 24, 2025 at 06:52:22AM +0800, kernel test robot wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-6.15/block
> head:   4c3f4bad7a6e9022489a9f8392f7147ed3ce74b1
> commit: dfc77a934a3acdb13dadf237b7417c6a31b19da8 [75/76] loop: try to handle loop aio command via NOWAIT IO first
> config: i386-randconfig-052-20250323 (https://download.01.org/0day-ci/archive/20250324/202503240625.LfSMQqA2-lkp@intel.com/config)
> compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202503240625.LfSMQqA2-lkp@intel.com/
> 
> cocci warnings: (new ones prefixed by >>)
> >> drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395.

The code itself is safe. Event through the atomic counter drops to zero,
the object isn't freed, and the counter can be re-initialized & requeued
internally.

This cocci rule should be 'wrong', or anyone can explain the exact risk
here?


Thanks,
Ming


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [axboe-block:for-6.15/block 75/76] drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395.
  2025-03-24  0:36 ` Ming Lei
@ 2025-03-24 11:46   ` Jens Axboe
  0 siblings, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2025-03-24 11:46 UTC (permalink / raw)
  To: Ming Lei, kernel test robot; +Cc: oe-kbuild-all

On 3/23/25 6:36 PM, Ming Lei wrote:
> On Mon, Mar 24, 2025 at 06:52:22AM +0800, kernel test robot wrote:
>> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-6.15/block
>> head:   4c3f4bad7a6e9022489a9f8392f7147ed3ce74b1
>> commit: dfc77a934a3acdb13dadf237b7417c6a31b19da8 [75/76] loop: try to handle loop aio command via NOWAIT IO first
>> config: i386-randconfig-052-20250323 (https://download.01.org/0day-ci/archive/20250324/202503240625.LfSMQqA2-lkp@intel.com/config)
>> compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
>>
>> If you fix the issue in a separate patch/commit (i.e. not just a new version of
>> the same patch/commit), kindly add following tags
>> | Reported-by: kernel test robot <lkp@intel.com>
>> | Closes: https://lore.kernel.org/oe-kbuild-all/202503240625.LfSMQqA2-lkp@intel.com/
>>
>> cocci warnings: (new ones prefixed by >>)
>>>> drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395.
> 
> The code itself is safe. Event through the atomic counter drops to zero,
> the object isn't freed, and the counter can be re-initialized & requeued
> internally.
> 
> This cocci rule should be 'wrong', or anyone can explain the exact risk
> here?

It's just a generic thing that it always reports, in case atomic_t is
used where a refcount_t would be "safer". You can just ignore it.

-- 
Jens Axboe

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-03-24 11:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-23 22:52 [axboe-block:for-6.15/block 75/76] drivers/block/loop.c:388:6-25: WARNING: atomic_dec_and_test variation before object free at line 395 kernel test robot
2025-03-24  0:36 ` Ming Lei
2025-03-24 11:46   ` Jens Axboe

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.