From: Johannes Weiner <hannes@cmpxchg.org>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: linux-mm@kvack.org
Subject: Re: mm: keep page cache radix tree nodes in check
Date: Thu, 10 Mar 2016 11:12:00 -0500 [thread overview]
Message-ID: <20160310161200.GA11651@cmpxchg.org> (raw)
In-Reply-To: <20160310125922.GA15269@mwanda>
Hello Dan,
On Thu, Mar 10, 2016 at 03:59:23PM +0300, Dan Carpenter wrote:
> Hello Johannes Weiner,
>
> The patch 449dd6984d0e: "mm: keep page cache radix tree nodes in
> check" from Apr 3, 2014, leads to the following static checker
> warning:
>
> mm/filemap.c:138 page_cache_tree_delete()
> error: potentially using uninitialized 'node'.
>
> mm/filemap.c
> 113 static void page_cache_tree_delete(struct address_space *mapping,
> 114 struct page *page, void *shadow)
> 115 {
> 116 struct radix_tree_node *node;
> ^^^^
> 117 unsigned long index;
> 118 unsigned int offset;
> 119 unsigned int tag;
> 120 void **slot;
> 121
> 122 VM_BUG_ON(!PageLocked(page));
> 123
> 124 __radix_tree_lookup(&mapping->page_tree, page->index, &node, &slot);
> ^^^^
> 125
> 126 if (shadow) {
> 127 mapping->nrexceptional++;
> 128 /*
> 129 * Make sure the nrexceptional update is committed before
> 130 * the nrpages update so that final truncate racing
> 131 * with reclaim does not see both counters 0 at the
> 132 * same time and miss a shadow entry.
> 133 */
> 134 smp_wmb();
> 135 }
> 136 mapping->nrpages--;
> 137
> 138 if (!node) {
> ^^^^
>
> 139 /* Clear direct pointer tags in root node */
> 140 mapping->page_tree.gfp_mask &= __GFP_BITS_MASK;
> 141 radix_tree_replace_slot(slot, shadow);
> 142 return;
> 143 }
>
> It's obviously simple enough for me to initialize "node" to NULL but I
> suspect there is a reason that it can't be uninitialized... I'm trying
> to get some feedback for some new Smatch stuff I'm working on.
We know that page->tree[page->index] is present and the tree is
locked, so __radix_tree_lookup() will always return with an entry, as
well as &node and &slot set. I'm not sure how you would annotate this.
Is it also warning about slot? Or can it know that they are always set
together? Could it maybe be linked to the function's return value? I
would prefer not setting node and slot to NULL to suppress the false
positive. However, what we could do is add a BUG_ON() if the function
call returns NULL. Would that be enough of a hint to the checker that
we expect the function to be always successful and set node and slot?
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2016-03-10 16:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-10 12:59 mm: keep page cache radix tree nodes in check Dan Carpenter
2016-03-10 16:12 ` Johannes Weiner [this message]
2016-03-10 19:35 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160310161200.GA11651@cmpxchg.org \
--to=hannes@cmpxchg.org \
--cc=dan.carpenter@oracle.com \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).