From: Al Viro <viro@zeniv.linux.org.uk>
To: Chunjie Zhu <chunjie.zhu@cloud.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] CA-392151: fix nfs gup uninitialized iov_offset defect
Date: Mon, 5 Aug 2024 15:13:30 +0100 [thread overview]
Message-ID: <20240805141330.GG5334@ZenIV> (raw)
In-Reply-To: <20240805075814.10103-1-chunjie.zhu@cloud.com>
On Mon, Aug 05, 2024 at 07:58:14AM +0000, Chunjie Zhu wrote:
> nfs aio code path, iov_offset is not initialized before used
>
> nfs aio function call graph,
> io_submit
> aio_read
> aio_setup_rw
> import_single_range
> iov_iter_ubuf # do not initialize iov_offset
Which compiler it is? Compound literals initialize *ALL* struct
members.
> diff --git a/include/linux/uio.h b/include/linux/uio.h
> index 42bce38a8e87..2121424204c2 100644
> --- a/include/linux/uio.h
> +++ b/include/linux/uio.h
> @@ -386,6 +386,7 @@ static inline void iov_iter_ubuf(struct iov_iter *i, unsigned int direction,
> .user_backed = true,
> .data_source = direction,
> .ubuf = buf,
> + .iov_offset = 0,
> .count = count,
> .nr_segs = 1
> };
NAK. If you really get an uninitialized value, report it to compiler
authors - it's a bug. Relevant parts of C99, if you need to quote
it at them:
6.5.2.6[6] The value of the compound literal is that of an unnamed
object initialized by the initializer list. If the compound literal
occurs outside the body of a function, the object has static storage
duration; otherwise, it has automatic storage duration associated with
the enclosing block.
6.5.2.6[7] All the semantic rules and constraints for initializer lists
in 6.7.8 are applicable to compound literals.
6.7.8[21] If there are fewer initializers in a brace-enclosed list than
there are elements or members of an aggregate, or fewer characters in a
string literal used to initialize an array of known size than there are
elements in the array, the remainder of the aggregate shall be initialized
implicitly the same as objects that have static storage duration.
6.7.8[10] If an object that has automatic storage duration is not initialized
explicitly, its value is indeterminate. If an object that has static storage
duration is not initialized explicitly, then:
— if it has pointer type, it is initialized to a null pointer;
— if it has arithmetic type, it is initialized to (positive or unsigned) zero;
— if it is an aggregate, every member is initialized (recursively) according
to these rules;
— if it is a union, the first named member is initialized (recursively) according
to these rules.
Now, it might or might not make sense to spell the initializer for that
member out explicitly on the stylistic grounds, but it is not uninitialized.
Compound literals initialize all (named) members; the only thing left
uninitialized is padding. If something in your toolchain assumes otherwise,
it needs to be fixed.
prev parent reply other threads:[~2024-08-05 14:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-05 7:58 [PATCH] CA-392151: fix nfs gup uninitialized iov_offset defect Chunjie Zhu
2024-08-05 14:13 ` Al Viro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240805141330.GG5334@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=chunjie.zhu@cloud.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox