[bug report] scftorture: Use a lock-less list to free memory.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Sebastian Andrzej Siewior,

Commit 4788c861ad7e ("scftorture: Use a lock-less list to free
memory.") from Nov 8, 2024 (linux-next), leads to the following
Smatch static checker warning:

	kernel/scftorture.c:393 scftorture_invoke_one()
	error: we previously assumed 'scfcp' could be null (see line 382)

kernel/scftorture.c
    342 static void scftorture_invoke_one(struct scf_statistics *scfp, struct torture_random_state *trsp)
    343 {
    344         bool allocfail = false;
    345         uintptr_t cpu;
    346         int ret = 0;
    347         struct scf_check *scfcp = NULL;
    348         struct scf_selector *scfsp = scf_sel_rand(trsp);
    349 
    350         if (scfsp->scfs_prim == SCF_PRIM_SINGLE || scfsp->scfs_wait) {
    351                 scfcp = kmalloc(sizeof(*scfcp), GFP_ATOMIC);
    352                 if (!scfcp) {
    353                         WARN_ON_ONCE(!IS_ENABLED(CONFIG_KASAN));
    354                         atomic_inc(&n_alloc_errs);
    355                         allocfail = true;
    356                 } else {
    357                         scfcp->scfc_cpu = -1;
    358                         scfcp->scfc_wait = scfsp->scfs_wait;
    359                         scfcp->scfc_out = false;
    360                         scfcp->scfc_rpc = false;
    361                 }
    362         }
    363         if (use_cpus_read_lock)
    364                 cpus_read_lock();
    365         else
    366                 preempt_disable();
    367         switch (scfsp->scfs_prim) {
    368         case SCF_PRIM_RESCHED:
    369                 if (IS_BUILTIN(CONFIG_SCF_TORTURE_TEST)) {
    370                         cpu = torture_random(trsp) % nr_cpu_ids;
    371                         scfp->n_resched++;
    372                         resched_cpu(cpu);
    373                         this_cpu_inc(scf_invoked_count);
    374                 }
    375                 break;
    376         case SCF_PRIM_SINGLE:
    377                 cpu = torture_random(trsp) % nr_cpu_ids;
    378                 if (scfsp->scfs_wait)
    379                         scfp->n_single_wait++;
    380                 else
    381                         scfp->n_single++;
    382                 if (scfcp) {

This code assumes that scfcp can be NULL.

    383                         scfcp->scfc_cpu = cpu;
    384                         barrier(); // Prevent race-reduction compiler optimizations.
    385                         scfcp->scfc_in = true;
    386                 }
    387                 ret = smp_call_function_single(cpu, scf_handler_1, (void *)scfcp, scfsp->scfs_wait);
    388                 if (ret) {
    389                         if (scfsp->scfs_wait)
    390                                 scfp->n_single_wait_ofl++;
    391                         else
    392                                 scfp->n_single_ofl++;
--> 393                         scf_add_to_free_list(scfcp);

Originally this was a kfree(scfcp) which can accept a NULL, but
scf_add_to_free_list() can't handle a NULL parameter.

    394                         scfcp = NULL;
    395                 }
    396                 break;
    397         case SCF_PRIM_SINGLE_RPC:

regards,
dan carpenter
[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux