[PATCH 1/1] scheduler: access to variable out of scope in sched_slice()

[PATCH 1/1] scheduler: access to variable out of scope in sched_slice()

[Christian Engelmayer]

From: Christian Engelmayer <christian.engelmayer@frequentis.com>

Access to local variable lw is aliased by usage of pointer load. Access to
pointer load in calc_delta_mine() happens when lw is already out of scope.

Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
--
Reported by static code analysis. 

--- linux-2.6.30/kernel/sched_fair.c.orig	2009-06-16 10:01:50.000000000 +0200
+++ linux-2.6.30/kernel/sched_fair.c	2009-06-16 10:02:39.000000000 +0200
@@ -430,12 +430,13 @@ static u64 sched_slice(struct cfs_rq *cf
 
 	for_each_sched_entity(se) {
 		struct load_weight *load;
+		struct load_weight lw;
 
 		cfs_rq = cfs_rq_of(se);
 		load = &cfs_rq->load;
 
 		if (unlikely(!se->on_rq)) {
-			struct load_weight lw = cfs_rq->load;
+			lw = cfs_rq->load;
 
 			update_load_add(&lw, se->load.weight);
 			load = &lw;

Re: [PATCH 1/1] scheduler: access to variable out of scope in sched_slice()

[Ingo Molnar]

* Christian Engelmayer <christian.engelmayer@frequentis.com> wrote:

> From: Christian Engelmayer <christian.engelmayer@frequentis.com>
> 
> Access to local variable lw is aliased by usage of pointer load. Access to
> pointer load in calc_delta_mine() happens when lw is already out of scope.
> 
> Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
> --
> Reported by static code analysis. 
> 
> --- linux-2.6.30/kernel/sched_fair.c.orig	2009-06-16 10:01:50.000000000 +0200
> +++ linux-2.6.30/kernel/sched_fair.c	2009-06-16 10:02:39.000000000 +0200
> @@ -430,12 +430,13 @@ static u64 sched_slice(struct cfs_rq *cf
>  
>  	for_each_sched_entity(se) {
>  		struct load_weight *load;
> +		struct load_weight lw;
>  
>  		cfs_rq = cfs_rq_of(se);
>  		load = &cfs_rq->load;
>  
>  		if (unlikely(!se->on_rq)) {
> -			struct load_weight lw = cfs_rq->load;
> +			lw = cfs_rq->load;
>  
>  			update_load_add(&lw, se->load.weight);
>  			load = &lw;

Good one!

I suspect it doesnt matter in practice because GCC will just have 
them all on the same stack frame?

	Ingo

[tip:sched/urgent] sched: Fix out of scope variable access in sched_slice()

[tip-bot for Christian Engelmayer]

Commit-ID:  3104bf03a923c72043a9c5009d9cd56724304916
Gitweb:     http://git.kernel.org/tip/3104bf03a923c72043a9c5009d9cd56724304916
Author:     Christian Engelmayer <christian.engelmayer@frequentis.com>
AuthorDate: Tue, 16 Jun 2009 10:35:12 +0200
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Wed, 17 Jun 2009 18:37:54 +0200

sched: Fix out of scope variable access in sched_slice()

Access to local variable lw is aliased by usage of pointer load.
Access to pointer load in calc_delta_mine() happens when lw is
already out of scope.

[ Reported by static code analysis. ]

Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
LKML-Reference: <20090616103512.0c846e51@frequentis.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>


---
 kernel/sched_fair.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c
index 5f9650e..ba7fd6e 100644
--- a/kernel/sched_fair.c
+++ b/kernel/sched_fair.c
@@ -430,12 +430,13 @@ static u64 sched_slice(struct cfs_rq *cfs_rq, struct sched_entity *se)
 
 	for_each_sched_entity(se) {
 		struct load_weight *load;
+		struct load_weight lw;
 
 		cfs_rq = cfs_rq_of(se);
 		load = &cfs_rq->load;
 
 		if (unlikely(!se->on_rq)) {
-			struct load_weight lw = cfs_rq->load;
+			lw = cfs_rq->load;
 
 			update_load_add(&lw, se->load.weight);
 			load = &lw;