From: Dan Carpenter <dan.carpenter@oracle.com>
To: smatch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Pavel Skripkin <paskripkin@gmail.com>,
Harshvardhan Jha <harshvardhanjha1@gmail.com>
Subject: Smatch v1.72 released
Date: Wed, 1 Sep 2021 18:23:49 +0300 [thread overview]
Message-ID: <20210901152349.GC2151@kadam> (raw)
Smatch is a C static checker with a lot of kernel specific checks. You
can download it from: http://repo.or.cz/w/smatch.git. Or if you prefer
a github mirror, then you can download it from
https://github.com/error27/smatch I'm trying to do more regular
releases (two per year).
Special shout out to Pavel Skripkin who wrote a check for use after
frees releated to free_netdev() and to Harshvardhan Jha who wrote some
new code and fixes for how Smatch handles bit tests.
With this release, internally the param/key API has been fleshed out and
improved. The check_unwind.c is an example of that where the
return_param_release() is used by hard coded data in the func_table[]
array and it is also used by the DB. It just removes a lot of boiler
plate code and it makes working with the database easier.
The other thing that's new is the SSA module which is also used in
check_unwind.c. It's so that if you have:
ret = alloc();
if (IS_ERR(ret))
return;
p->foo = ret;
Now if you "p->foo" that's the same as freeing "ret". The param/key API
and the SSA module are going to be important going forward and I'll
probably end up re-writing a lot of code to take advantage of them.
The exciting new check in this release is the scheduling in atomic
check. It requires the cross function DB to be useful. And the
warnings that it prints require cross function analysis to understand.
net/sctp/socket.c:480 sctp_send_asconf() warn: sleeping in atomic context
The line 480 calls sctp_primitive_ASCONF() which uses a GFP_KERNEL flag
so presumably it sleeps. Use the `smatch_data/db/smdb.py preempt`
command to print the call tree and find out where the spin lock is held.
$ smdb.py preempt sctp_send_asconf
sctp_addr_wq_timeout_handler() <- disables preempt
-> sctp_asconf_mgmt()
-> sctp_send_asconf_add_ip()
sctp_asconf_mgmt() <duplicate>
-> sctp_send_asconf_del_ip()
-> sctp_send_asconf()
$
When the call tree is so long like this there is a lot of chance for
false positives but really it's surprising how high quality these
warnings are.
Please test and let me know if you find any issues!
regards,
dan carpenter
reply other threads:[~2021-09-01 15:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210901152349.GC2151@kadam \
--to=dan.carpenter@oracle.com \
--cc=harshvardhanjha1@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paskripkin@gmail.com \
--cc=smatch@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox