On Tue, 8 Sep 2015, Joseph Qi wrote:
> On 2015/9/8 15:22, Julia Lawall wrote:
> > On Tue, 8 Sep 2015, Joseph Qi wrote:
> >
> >> Hi Julia,
> >>
> >> On 2015/9/7 22:01, Julia Lawall wrote:
> >>> It looks like a serious problem, because the loop update does a
> >>> dereference of the first argument of list_for_each via list_entry.
> >>>
> >> Could you give more details about this? IMO, it doesn't make any
> >> difference in functional logic.
> >
> > Do you expect that setting lock to NULL will cause a break out of the
> > loop? Because it does not. The expansion of list_for_each_entry is:
> >
> > #define list_for_each_entry(pos, head, member) \
> > for (pos = list_first_entry(head, typeof(*pos), member); \
> > &pos->member != (head); \
> > pos = list_next_entry(pos, member))
> >
> > Since pos is NULL, &pos->member != (head), so we will take the loop
> > update. List_next_entry is:
> >
> My understanding is, pos is an address rather than NULL, which is
> calculated from head's address with an offset.
> In case of an empty head, &pos->member will compensate the offset again
> and makes it evaluated the same head. Then it breaks out the loop.
Your code contains:
list_for_each_entry(lock, tmpq, list)
In the body of the loop, there is an assignment of lock to NULL. So now
pos will be NULL.
julia
>
> Joseph
>
> > #define list_next_entry(pos, member) \
> > list_entry((pos)->member.next, typeof(*(pos)), member)
> >
> > list_entry is container_of, which does
> >
> > const typeof( ((type *)0)->member ) *__mptr = (ptr);
> >
> > This causes (pos)->member.next to be evaluated, which since pos is NULL
> > will crash.
> >
> > julia
> >
> >>
> >>> julia
> >>>
> >>> On Mon, 7 Sep 2015, kbuild test robot wrote:
> >>>
> >>>> TO: Joseph Qi <joseph.qi@xxxxxxxxxx>
> >>>> CC: kbuild-all@xxxxxx
> >>>> CC: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> >>>> CC: Linux Memory Management List <linux-mm@xxxxxxxxx>
> >>>>
> >>>> tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> >>>> head: 7d9071a095023cd1db8fa18fa0d648dc1a5210e0
> >>>> commit: f83c7b5e9fd633fe91128af116e6472a8c4d29a5 ocfs2/dlm: use list_for_each_entry instead of list_for_each
> >>>> date: 3 days ago
> >>>> :::::: branch date: 33 hours ago
> >>>> :::::: commit date: 3 days ago
> >>>>
> >>>>>> fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
> >>>>
> >>>> git remote add linus git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> >>>> git remote update linus
> >>>> git checkout f83c7b5e9fd633fe91128af116e6472a8c4d29a5
> >>>> vim +1824 fs/ocfs2/dlm/dlmrecovery.c
> >>>>
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1818 BUG_ON(!(mres->flags & DLM_MRES_MIGRATION));
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1819
> >>>> 34aa8dac Junxiao Bi 2014-04-03 1820 lock = NULL;
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1821 spin_lock(&res->spinlock);
> >>>> e17e75ec Kurt Hackel 2007-01-05 1822 for (j = DLM_GRANTED_LIST; j <= DLM_BLOCKED_LIST; j++) {
> >>>> e17e75ec Kurt Hackel 2007-01-05 1823 tmpq = dlm_list_idx_to_ptr(res, j);
> >>>> f83c7b5e Joseph Qi 2015-09-04 @1824 list_for_each_entry(lock, tmpq, list) {
> >>>> 34aa8dac Junxiao Bi 2014-04-03 1825 if (lock->ml.cookie == ml->cookie)
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1826 break;
> >>>> 34aa8dac Junxiao Bi 2014-04-03 @1827 lock = NULL;
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1828 }
> >>>> e17e75ec Kurt Hackel 2007-01-05 1829 if (lock)
> >>>> e17e75ec Kurt Hackel 2007-01-05 1830 break;
> >>>>
> >>>> ---
> >>>> 0-DAY kernel test infrastructure Open Source Technology Center
> >>>> https://lists.01.org/pipermail/kbuild-all Intel Corporation
> >>>>
> >>>
> >>> .
> >>>
> >>
> >>
> >>
> >
> > --
> > To unsubscribe, send a message with 'unsubscribe linux-mm' in
> > the body to majordomo@xxxxxxxxx. For more info on Linux MM,
> > see: http://www.linux-mm.org/ .
> > Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
> >
> > .
> >
>
>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>