* [RFC PATCH]: Fix a warning in the niu driver
@ 2010-07-07 23:59 Prarit Bhargava
2010-07-08 0:08 ` David Miller
0 siblings, 1 reply; 5+ messages in thread
From: Prarit Bhargava @ 2010-07-07 23:59 UTC (permalink / raw)
To: netdev; +Cc: davem
This is an RFC to fix the mismatch compile warning in the niu driver.
drivers/net/niu.c: In function 'niu_process_rx_pkt':
drivers/net/niu.c:3490: warning: 'link' may be used uninitialized in this function
AFAICT, link is unused. It is set in several places but never consumed by
any code. Additionally, the value of page is unchecked in the functions that
call niu_find_rx_page(). This could lead to a NULL pointer. However, in
both cases it seems like if !page then the rx ring is corrupt. I *think* a
BUG() is appropriate, but one of you may have a better suggestion as to
what to do in that case. Maybe leaving the while loops with a break?
Checking for !page is probably overkill -- maybe the fix is to just remove
link?
Any suggestions or advice is appreciated,
P.
diff --git a/drivers/net/niu.c b/drivers/net/niu.c
index 961b9ea..8f2251d 100644
--- a/drivers/net/niu.c
+++ b/drivers/net/niu.c
@@ -3353,19 +3353,17 @@ static unsigned int niu_hash_rxaddr(struct rx_ring_info *rp, u64 a)
return (a & (MAX_RBR_RING_SIZE - 1));
}
-static struct page *niu_find_rxpage(struct rx_ring_info *rp, u64 addr,
- struct page ***link)
+static struct page *niu_find_rxpage(struct rx_ring_info *rp, u64 addr)
{
unsigned int h = niu_hash_rxaddr(rp, addr);
- struct page *p, **pp;
+ struct page *p = NULL;
+ struct page **pp;
addr &= PAGE_MASK;
pp = &rp->rxhash[h];
for (; (p = *pp) != NULL; pp = (struct page **) &p->mapping) {
- if (p->index == addr) {
- *link = pp;
+ if (p->index == addr)
break;
- }
}
return p;
@@ -3441,7 +3439,7 @@ static int niu_rx_pkt_ignore(struct niu *np, struct rx_ring_info *rp)
rp->rx_dropped++;
while (1) {
- struct page *page, **link;
+ struct page *page;
u64 addr, val;
u32 rcr_size;
@@ -3450,12 +3448,12 @@ static int niu_rx_pkt_ignore(struct niu *np, struct rx_ring_info *rp)
val = le64_to_cpup(&rp->rcr[index]);
addr = (val & RCR_ENTRY_PKT_BUF_ADDR) <<
RCR_ENTRY_PKT_BUF_ADDR_SHIFT;
- page = niu_find_rxpage(rp, addr, &link);
+ page = niu_find_rxpage(rp, addr);
+ BUG_ON(!page); /* page cannot be NULL, rx_ring is corrupt */
rcr_size = rp->rbr_sizes[(val & RCR_ENTRY_PKTBUFSZ) >>
RCR_ENTRY_PKTBUFSZ_SHIFT];
if ((page->index + PAGE_SIZE) - rcr_size == addr) {
- *link = (struct page *) page->mapping;
np->ops->unmap_page(np->device, page->index,
PAGE_SIZE, DMA_FROM_DEVICE);
page->index = 0;
@@ -3487,7 +3485,7 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np,
num_rcr = 0;
while (1) {
- struct page *page, **link = NULL;
+ struct page *page;
u32 rcr_size, append_size;
u64 addr, val, off;
@@ -3501,7 +3499,8 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np,
addr = (val & RCR_ENTRY_PKT_BUF_ADDR) <<
RCR_ENTRY_PKT_BUF_ADDR_SHIFT;
- page = niu_find_rxpage(rp, addr, &link);
+ page = niu_find_rxpage(rp, addr);
+ BUG_ON(!page); /* page cannot be NULL, rx_ring is corrupt */
rcr_size = rp->rbr_sizes[(val & RCR_ENTRY_PKTBUFSZ) >>
RCR_ENTRY_PKTBUFSZ_SHIFT];
@@ -3528,7 +3527,6 @@ static int niu_process_rx_pkt(struct napi_struct *napi, struct niu *np,
niu_rx_skb_append(skb, page, off, append_size);
if ((page->index + rp->rbr_block_size) - rcr_size == addr) {
- *link = (struct page *) page->mapping;
np->ops->unmap_page(np->device, page->index,
PAGE_SIZE, DMA_FROM_DEVICE);
page->index = 0;
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [RFC PATCH]: Fix a warning in the niu driver
2010-07-07 23:59 [RFC PATCH]: Fix a warning in the niu driver Prarit Bhargava
@ 2010-07-08 0:08 ` David Miller
2010-07-14 13:18 ` Prarit Bhargava
0 siblings, 1 reply; 5+ messages in thread
From: David Miller @ 2010-07-08 0:08 UTC (permalink / raw)
To: prarit; +Cc: netdev
From: Prarit Bhargava <prarit@redhat.com>
Date: Wed, 07 Jul 2010 19:59:41 -0400
> This is an RFC to fix the mismatch compile warning in the niu driver.
>
> drivers/net/niu.c: In function 'niu_process_rx_pkt':
> drivers/net/niu.c:3490: warning: 'link' may be used uninitialized in this function
>
> AFAICT, link is unused. It is set in several places but never consumed by
> any code. Additionally, the value of page is unchecked in the functions that
> call niu_find_rx_page(). This could lead to a NULL pointer. However, in
> both cases it seems like if !page then the rx ring is corrupt. I *think* a
> BUG() is appropriate, but one of you may have a better suggestion as to
> what to do in that case. Maybe leaving the while loops with a break?
>
> Checking for !page is probably overkill -- maybe the fix is to just remove
> link?
>
> Any suggestions or advice is appreciated,
You completely removed the unlinking of the page from the hash chain
list.
That's the side effect you're missing.
niu_rx_pkt_ignore() {
...
page = niu_find_rxpage(rp, addr, &link);
...
*link = (struct page *) page->mapping;
...
}
niu_process_rx_pkt() {
...
page = niu_find_rxpage(rp, addr, &link);
...
*link = (struct page *) page->mapping;
...
}
Your patch would corrupt the list state, since we'd leave
pages in the rx page hash which have only externally references
and thus will be freed up.
Just BUG() if the loop terminates without finding a page.
--------------------
niu: BUG on inability to find page in rx page hashes.
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/drivers/net/niu.c b/drivers/net/niu.c
index 3d523cb..5d36531 100644
--- a/drivers/net/niu.c
+++ b/drivers/net/niu.c
@@ -3330,10 +3330,12 @@ static struct page *niu_find_rxpage(struct rx_ring_info *rp, u64 addr,
for (; (p = *pp) != NULL; pp = (struct page **) &p->mapping) {
if (p->index == addr) {
*link = pp;
- break;
+ goto found;
}
}
+ BUG();
+found:
return p;
}
@@ -3417,7 +3419,6 @@ static int niu_rx_pkt_ignore(struct niu *np, struct rx_ring_info *rp)
addr = (val & RCR_ENTRY_PKT_BUF_ADDR) <<
RCR_ENTRY_PKT_BUF_ADDR_SHIFT;
page = niu_find_rxpage(rp, addr, &link);
-
rcr_size = rp->rbr_sizes[(val & RCR_ENTRY_PKTBUFSZ) >>
RCR_ENTRY_PKTBUFSZ_SHIFT];
if ((page->index + PAGE_SIZE) - rcr_size == addr) {
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [RFC PATCH]: Fix a warning in the niu driver
2010-07-08 0:08 ` David Miller
@ 2010-07-14 13:18 ` Prarit Bhargava
2010-07-14 18:28 ` David Miller
0 siblings, 1 reply; 5+ messages in thread
From: Prarit Bhargava @ 2010-07-14 13:18 UTC (permalink / raw)
To: David Miller; +Cc: netdev
> Your patch would corrupt the list state, since we'd leave
> pages in the rx page hash which have only externally references
> and thus will be freed up.
>
>
Ah ... I totally missed that. Thanks for clarifying that Dave.
> Just BUG() if the loop terminates without finding a page.
>
> --------------------
> niu: BUG on inability to find page in rx page hashes.
>
> Signed-off-by: David S. Miller <davem@davemloft.net>
>
> diff --git a/drivers/net/niu.c b/drivers/net/niu.c
> index 3d523cb..5d36531 100644
> --- a/drivers/net/niu.c
> +++ b/drivers/net/niu.c
> @@ -3330,10 +3330,12 @@ static struct page *niu_find_rxpage(struct rx_ring_info *rp, u64 addr,
> for (; (p = *pp) != NULL; pp = (struct page **) &p->mapping) {
> if (p->index == addr) {
> *link = pp;
> - break;
> + goto found;
> }
> }
> + BUG();
>
> +found:
> return p;
> }
>
Dave, would it be acceptable if I then wrapped link in
uninitialized_var() to get rid of the warning I'm trying to resolve? It
seems that your patch then checks for a valid page value so it should be
okay.
P.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC PATCH]: Fix a warning in the niu driver
2010-07-14 18:28 ` David Miller
@ 2010-07-14 18:26 ` Prarit Bhargava
0 siblings, 0 replies; 5+ messages in thread
From: Prarit Bhargava @ 2010-07-14 18:26 UTC (permalink / raw)
To: David Miller; +Cc: netdev
On 07/14/2010 02:28 PM, David Miller wrote:
> From: Prarit Bhargava <prarit@redhat.com>
> Date: Wed, 14 Jul 2010 09:18:31 -0400
>
>
>> Dave, would it be acceptable if I then wrapped link in
>> uninitialized_var() to get rid of the warning I'm trying to resolve? It
>> seems that your patch then checks for a valid page value so it should be
>> okay.
>>
> If the patch I posted doesn't fix your warning, the compiler is broken.
>
>
Oops -- my bad. I think I fat fingered something. Your patch
absolutely fixes the warning. Thanks Dave.
P.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC PATCH]: Fix a warning in the niu driver
2010-07-14 13:18 ` Prarit Bhargava
@ 2010-07-14 18:28 ` David Miller
2010-07-14 18:26 ` Prarit Bhargava
0 siblings, 1 reply; 5+ messages in thread
From: David Miller @ 2010-07-14 18:28 UTC (permalink / raw)
To: prarit; +Cc: netdev
From: Prarit Bhargava <prarit@redhat.com>
Date: Wed, 14 Jul 2010 09:18:31 -0400
> Dave, would it be acceptable if I then wrapped link in
> uninitialized_var() to get rid of the warning I'm trying to resolve? It
> seems that your patch then checks for a valid page value so it should be
> okay.
If the patch I posted doesn't fix your warning, the compiler is broken.
Any code path that would not initialize the variable, hits the BUG()
therefore making return from the function completely unreachable,
therefore the uses of the initialized variable are completely unreachable.
I'm not adding workarounds for compiler warning bugs. They aren't real
bugs, and such efforts tend to _add_ bugs to the tree rather than fix
real problems.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-07-14 18:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-07 23:59 [RFC PATCH]: Fix a warning in the niu driver Prarit Bhargava
2010-07-08 0:08 ` David Miller
2010-07-14 13:18 ` Prarit Bhargava
2010-07-14 18:28 ` David Miller
2010-07-14 18:26 ` Prarit Bhargava
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).