On Wed, Apr 29, 2020 at 08:43:07PM +0300, Dan Carpenter wrote:
> On Wed, Apr 29, 2020 at 08:44:21AM -0700, Paul E. McKenney wrote:
> > On Wed, Apr 29, 2020 at 04:24:02PM +0300, Dan Carpenter wrote:
> > > Hello Paul E. McKenney,
> > >
> > > The patch e02882cd57e3: "rcutorture: Add races with task-exit
> > > processing" from Apr 24, 2020, leads to the following static checker
> > > warning:
> > >
> > > kernel/rcu/rcutorture.c:2429 rcu_torture_read_exit()
> > > warn: 'rep' was already freed.
> >
> > Ah, good catch, will fix!
> >
> > > kernel/rcu/rcutorture.c
> > > 2369 static int rcu_torture_read_exit(void *unused)
> > > 2370 {
> > > 2371 int count = 0;
> > > 2372 bool errexit = false;
> > > 2373 int i;
> > > 2374 struct task_struct **rep;
> > > 2375 struct torture_random_state *trsp;
> > > 2376
> > > 2377 // Allocate and initialize.
> > > 2378 set_user_nice(current, MAX_NICE);
> > > 2379 rep = kcalloc(read_exit, sizeof(*rep), GFP_KERNEL);
> > > 2380 trsp = kcalloc(read_exit, sizeof(*trsp), GFP_KERNEL);
> > > 2381 if (rep && trsp) {
> > > 2382 for (i = 0; i < read_exit; i++)
> > > 2383 torture_random_init(&trsp[i]);
> > > 2384 VERBOSE_TOROUT_STRING("rcu_torture_read_exit: Start of test");
> > > 2385 } else {
> > > 2386 kfree(rep);
> > > ^^^
> > > 2387 kfree(trsp);
> > > ^^^^
> > > Freed.
> >
> > And setting both rep and trsp to NULL here takes care of this, correct?
> > As in kfree(NULL) is a no-op. Or is your tool more strict?
>
> Yes, yes. Setting it to NULL works. I thought about that, or returning
> and I wasn't sure which was prefered.
Ironically, what is likely to happen is restructuring the code to
eliminate the need for memory allocation. The idea being to minimize
the time between RCU reader and kthread exit.
Thanx, Paul
