[bug report] reimplement IDR and IDA using the radix tree

public inbox for kernel-janitors@vger.kernel.org
 help / color / mirror / Atom feed

* [bug report] reimplement IDR and IDA using the radix tree
@ 2016-12-08 11:56 Dan Carpenter
  2016-12-08 12:02 ` Dan Carpenter
  2016-12-08 12:25 ` Dan Carpenter
  0 siblings, 2 replies; 3+ messages in thread
From: Dan Carpenter @ 2016-12-08 11:56 UTC (permalink / raw)
  To: kernel-janitors

Hello Matthew Wilcox,

This is a semi-automatic email about new static checker warnings.

The patch 755edccbffa1: "reimplement IDR and IDA using the radix 
tree" from Dec 7, 2016, leads to the following Smatch complaint:

lib/radix-tree.c:2380 ida_get_new_above()
	 warn: variable dereferenced before check 'node' (see line 2355)

lib/radix-tree.c
  2354			bit = 0;
  2355		offset = get_slot_offset(node, slot);
                                         ^^^^
Dereferenced inside the function.

  2356	
  2357		bitmap = *slot;
  2358		if (bitmap) {
  2359			bit = find_next_zero_bit(bitmap->bitmap, IDA_BITMAP_BITS, bit);
  2360			index += bit;
  2361			if (index > INT_MAX)
  2362				return -ENOSPC;
  2363			if (bit = IDA_BITMAP_BITS) {
  2364				index /= IDA_BITMAP_BITS;
  2365				goto restart;
  2366			}
  2367			__set_bit(bit, bitmap->bitmap);
  2368			if (bitmap_full(bitmap->bitmap, IDA_BITMAP_BITS))
  2369				node_tag_clear(root, node, IDR_FREE, offset);
  2370			bitmap = xchg(&ida->free_bitmap, NULL);
  2371			kfree(bitmap);
  2372		} else {
  2373			index += bit;
  2374			bitmap = xchg(&ida->free_bitmap, NULL);
  2375			if (!bitmap)
  2376				return -EAGAIN;
  2377			memset(bitmap, 0, sizeof(*bitmap));
  2378			__set_bit(bit, bitmap->bitmap);
  2379			rcu_assign_pointer(*slot, bitmap);
  2380			if (node)
                            ^^^^
Check too late.

  2381				node->count++;
  2382		}

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [bug report] reimplement IDR and IDA using the radix tree
  2016-12-08 11:56 [bug report] reimplement IDR and IDA using the radix tree Dan Carpenter
@ 2016-12-08 12:02 ` Dan Carpenter
  2016-12-08 12:25 ` Dan Carpenter
  1 sibling, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2016-12-08 12:02 UTC (permalink / raw)
  To: kernel-janitors

Hello Matthew Wilcox,

This is a semi-automatic email about new static checker warnings.

The patch 755edccbffa1: "reimplement IDR and IDA using the radix 
tree" from Dec 7, 2016, leads to the following Smatch complaint:

lib/radix-tree.c:2413 ida_remove()
	 warn: variable dereferenced before check 'node' (see line 2409)

lib/radix-tree.c
  2408		__clear_bit(offset, bitmap->bitmap);
  2409		node_tag_set(&ida->ida_rt, node, IDR_FREE, get_slot_offset(node, slot));
                                                                           ^^^^
Dereference.

  2410		if (bitmap_empty(bitmap->bitmap, IDA_BITMAP_BITS)) {
  2411			*slot = NULL;
  2412			kfree(bitmap);
  2413			if (node) {
                            ^^^^
Check.

  2414				node->count--;
  2415				__radix_tree_delete_node(&ida->ida_rt, node);

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [bug report] reimplement IDR and IDA using the radix tree
  2016-12-08 11:56 [bug report] reimplement IDR and IDA using the radix tree Dan Carpenter
  2016-12-08 12:02 ` Dan Carpenter
@ 2016-12-08 12:25 ` Dan Carpenter
  1 sibling, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2016-12-08 12:25 UTC (permalink / raw)
  To: kernel-janitors

@linux.intel.com is bouncing my emails again...  This happened some
years back as well.

On Thu, Dec 08, 2016 at 02:56:51PM +0300, Dan Carpenter wrote:
> Hello Matthew Wilcox,
> 
> This is a semi-automatic email about new static checker warnings.
> 
> The patch 755edccbffa1: "reimplement IDR and IDA using the radix 
> tree" from Dec 7, 2016, leads to the following Smatch complaint:
> 
> lib/radix-tree.c:2380 ida_get_new_above()
> 	 warn: variable dereferenced before check 'node' (see line 2355)
> 
> lib/radix-tree.c
>   2354			bit = 0;
>   2355		offset = get_slot_offset(node, slot);
>                                          ^^^^
> Dereferenced inside the function.
> 
>   2356	
>   2357		bitmap = *slot;
>   2358		if (bitmap) {
>   2359			bit = find_next_zero_bit(bitmap->bitmap, IDA_BITMAP_BITS, bit);
>   2360			index += bit;
>   2361			if (index > INT_MAX)
>   2362				return -ENOSPC;
>   2363			if (bit = IDA_BITMAP_BITS) {
>   2364				index /= IDA_BITMAP_BITS;
>   2365				goto restart;
>   2366			}
>   2367			__set_bit(bit, bitmap->bitmap);
>   2368			if (bitmap_full(bitmap->bitmap, IDA_BITMAP_BITS))
>   2369				node_tag_clear(root, node, IDR_FREE, offset);
>   2370			bitmap = xchg(&ida->free_bitmap, NULL);
>   2371			kfree(bitmap);
>   2372		} else {
>   2373			index += bit;
>   2374			bitmap = xchg(&ida->free_bitmap, NULL);
>   2375			if (!bitmap)
>   2376				return -EAGAIN;
>   2377			memset(bitmap, 0, sizeof(*bitmap));
>   2378			__set_bit(bit, bitmap->bitmap);
>   2379			rcu_assign_pointer(*slot, bitmap);
>   2380			if (node)
>                             ^^^^
> Check too late.
> 
>   2381				node->count++;
>   2382		}
> 
> regards,
> dan carpenter

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-12-08 12:25 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-12-08 11:56 [bug report] reimplement IDR and IDA using the radix tree Dan Carpenter
2016-12-08 12:02 ` Dan Carpenter
2016-12-08 12:25 ` Dan Carpenter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox