From: Xiubo Li <xiubli@redhat.com>
To: kernel test robot <lkp@intel.com>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev,
ceph-devel@vger.kernel.org
Subject: Re: [ceph-client:testing 77/77] fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false
Date: Tue, 18 Apr 2023 08:52:42 +0800 [thread overview]
Message-ID: <e3bc12ad-4e38-9206-bc75-e394bb2e600c@redhat.com> (raw)
In-Reply-To: <202304172343.2ToBO5ag-lkp@intel.com>
On 4/17/23 23:49, kernel test robot wrote:
> tree: https://github.com/ceph/ceph-client.git testing
> head: 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
> commit: 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d [77/77] ceph: fix potential use-after-free bug when trimming caps
> config: x86_64-randconfig-a011-20230417 (https://download.01.org/0day-ci/archive/20230417/202304172343.2ToBO5ag-lkp@intel.com/config)
> compiler: clang version 14.0.6 (https://github.com/llvm/llvm-project f28c006a5895fc0e329fe15fead81e37457cb1d1)
> reproduce (this is a W=1 build):
> wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> chmod +x ~/bin/make.cross
> # https://github.com/ceph/ceph-client/commit/3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
> git remote add ceph-client https://github.com/ceph/ceph-client.git
> git fetch --no-tags ceph-client testing
> git checkout 3fef7c3fd10c5f078e0f6ec8c683f2d1e14eb05d
> # save the config file
> mkdir build_dir && cp config build_dir/.config
> COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 olddefconfig
> COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash fs/ceph/
>
> If you fix the issue, kindly add following tag where applicable
> | Reported-by: kernel test robot <lkp@intel.com>
> | Link: https://lore.kernel.org/oe-kbuild-all/202304172343.2ToBO5ag-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
>>> fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
> if (cap) {
> ^~~
> fs/ceph/mds_client.c:1877:9: note: uninitialized use occurs here
> while (iputs--)
> ^~~~~
> fs/ceph/mds_client.c:1866:2: note: remove the 'if' if its condition is always true
> if (cap) {
> ^~~~~~~~~
> fs/ceph/mds_client.c:1862:11: note: initialize the variable 'iputs' to silence this warning
> int iputs;
> ^
> = 0
>>> fs/ceph/mds_client.c:1957:7: warning: variable 'cap' is uninitialized when used here [-Wuninitialized]
> if (cap->cap_gen < atomic_read(&cap->session->s_cap_gen)) {
> ^~~
> fs/ceph/mds_client.c:1949:22: note: initialize the variable 'cap' to silence this warning
> struct ceph_cap *cap;
> ^
> = NULL
> 2 warnings generated.
>
>
> vim +1866 fs/ceph/mds_client.c
Thanks for reporting this.
As Luis mentioned in another thread, I will fix this in the testing branch.
- Xiubo
>
> 1855
> 1856 static int remove_session_caps_cb(struct inode *inode, struct rb_node *ci_node,
> 1857 void *arg)
> 1858 {
> 1859 struct ceph_inode_info *ci = ceph_inode(inode);
> 1860 bool invalidate = false;
> 1861 struct ceph_cap *cap;
> 1862 int iputs;
> 1863
> 1864 spin_lock(&ci->i_ceph_lock);
> 1865 cap = rb_entry(ci_node, struct ceph_cap, ci_node);
>> 1866 if (cap) {
> 1867 dout(" removing cap %p, ci is %p, inode is %p\n",
> 1868 cap, ci, &ci->netfs.inode);
> 1869
> 1870 iputs = ceph_purge_inode_cap(inode, cap, &invalidate);
> 1871 }
> 1872 spin_unlock(&ci->i_ceph_lock);
> 1873
> 1874 wake_up_all(&ci->i_cap_wq);
> 1875 if (invalidate)
> 1876 ceph_queue_invalidate(inode);
> 1877 while (iputs--)
> 1878 iput(inode);
> 1879 return 0;
> 1880 }
> 1881
> 1882 /*
> 1883 * caller must hold session s_mutex
> 1884 */
> 1885 static void remove_session_caps(struct ceph_mds_session *session)
> 1886 {
> 1887 struct ceph_fs_client *fsc = session->s_mdsc->fsc;
> 1888 struct super_block *sb = fsc->sb;
> 1889 LIST_HEAD(dispose);
> 1890
> 1891 dout("remove_session_caps on %p\n", session);
> 1892 ceph_iterate_session_caps(session, remove_session_caps_cb, fsc);
> 1893
> 1894 wake_up_all(&fsc->mdsc->cap_flushing_wq);
> 1895
> 1896 spin_lock(&session->s_cap_lock);
> 1897 if (session->s_nr_caps > 0) {
> 1898 struct inode *inode;
> 1899 struct ceph_cap *cap, *prev = NULL;
> 1900 struct ceph_vino vino;
> 1901 /*
> 1902 * iterate_session_caps() skips inodes that are being
> 1903 * deleted, we need to wait until deletions are complete.
> 1904 * __wait_on_freeing_inode() is designed for the job,
> 1905 * but it is not exported, so use lookup inode function
> 1906 * to access it.
> 1907 */
> 1908 while (!list_empty(&session->s_caps)) {
> 1909 cap = list_entry(session->s_caps.next,
> 1910 struct ceph_cap, session_caps);
> 1911 if (cap == prev)
> 1912 break;
> 1913 prev = cap;
> 1914 vino = cap->ci->i_vino;
> 1915 spin_unlock(&session->s_cap_lock);
> 1916
> 1917 inode = ceph_find_inode(sb, vino);
> 1918 iput(inode);
> 1919
> 1920 spin_lock(&session->s_cap_lock);
> 1921 }
> 1922 }
> 1923
> 1924 // drop cap expires and unlock s_cap_lock
> 1925 detach_cap_releases(session, &dispose);
> 1926
> 1927 BUG_ON(session->s_nr_caps > 0);
> 1928 BUG_ON(!list_empty(&session->s_cap_flushing));
> 1929 spin_unlock(&session->s_cap_lock);
> 1930 dispose_cap_releases(session->s_mdsc, &dispose);
> 1931 }
> 1932
> 1933 enum {
> 1934 RECONNECT,
> 1935 RENEWCAPS,
> 1936 FORCE_RO,
> 1937 };
> 1938
> 1939 /*
> 1940 * wake up any threads waiting on this session's caps. if the cap is
> 1941 * old (didn't get renewed on the client reconnect), remove it now.
> 1942 *
> 1943 * caller must hold s_mutex.
> 1944 */
> 1945 static int wake_up_session_cb(struct inode *inode, struct rb_node *ci_node, void *arg)
> 1946 {
> 1947 struct ceph_inode_info *ci = ceph_inode(inode);
> 1948 unsigned long ev = (unsigned long)arg;
> 1949 struct ceph_cap *cap;
> 1950
> 1951 if (ev == RECONNECT) {
> 1952 spin_lock(&ci->i_ceph_lock);
> 1953 ci->i_wanted_max_size = 0;
> 1954 ci->i_requested_max_size = 0;
> 1955 spin_unlock(&ci->i_ceph_lock);
> 1956 } else if (ev == RENEWCAPS) {
>> 1957 if (cap->cap_gen < atomic_read(&cap->session->s_cap_gen)) {
> 1958 /* mds did not re-issue stale cap */
> 1959 spin_lock(&ci->i_ceph_lock);
> 1960 cap = rb_entry(ci_node, struct ceph_cap, ci_node);
> 1961 if (cap)
> 1962 cap->issued = cap->implemented = CEPH_CAP_PIN;
> 1963 spin_unlock(&ci->i_ceph_lock);
> 1964 }
> 1965 } else if (ev == FORCE_RO) {
> 1966 }
> 1967 wake_up_all(&ci->i_cap_wq);
> 1968 return 0;
> 1969 }
> 1970
>
prev parent reply other threads:[~2023-04-18 0:53 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-17 15:49 [ceph-client:testing 77/77] fs/ceph/mds_client.c:1866:6: warning: variable 'iputs' is used uninitialized whenever 'if' condition is false kernel test robot
2023-04-18 0:52 ` Xiubo Li [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3bc12ad-4e38-9206-bc75-e394bb2e600c@redhat.com \
--to=xiubli@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=llvm@lists.linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.