From: Tom Rix <[email protected]>
Clang static analysis reports this issue
livepatch-shadow-fix1.c:113:2: warning: Use of
memory after it is freed
pr_info("%s: dummy @ %p, prevented leak @ %p\n",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The pointer is freed in the previous statement.
Reorder the pr_info to report before the free.
Similar issue in livepatch-shadow-fix2.c
Signed-off-by: Tom Rix <[email protected]>
---
v2: Fix similar issue in livepatch-shadow-fix2.c
samples/livepatch/livepatch-shadow-fix1.c | 2 +-
samples/livepatch/livepatch-shadow-fix2.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
index 918ce17b43fda..6701641bf12d4 100644
--- a/samples/livepatch/livepatch-shadow-fix1.c
+++ b/samples/livepatch/livepatch-shadow-fix1.c
@@ -109,9 +109,9 @@ static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)
void *d = obj;
int **shadow_leak = shadow_data;
- kfree(*shadow_leak);
pr_info("%s: dummy @ %p, prevented leak @ %p\n",
__func__, d, *shadow_leak);
+ kfree(*shadow_leak);
}
static void livepatch_fix1_dummy_free(struct dummy *d)
diff --git a/samples/livepatch/livepatch-shadow-fix2.c b/samples/livepatch/livepatch-shadow-fix2.c
index 29fe5cd420472..361046a4f10cf 100644
--- a/samples/livepatch/livepatch-shadow-fix2.c
+++ b/samples/livepatch/livepatch-shadow-fix2.c
@@ -61,9 +61,9 @@ static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
void *d = obj;
int **shadow_leak = shadow_data;
- kfree(*shadow_leak);
pr_info("%s: dummy @ %p, prevented leak @ %p\n",
__func__, d, *shadow_leak);
+ kfree(*shadow_leak);
}
static void livepatch_fix2_dummy_free(struct dummy *d)
--
2.26.3
On 3/21/22 6:39 AM, Joe Lawrence wrote:
> On 3/19/22 9:51 PM, [email protected] wrote:
>> From: Tom Rix <[email protected]>
>>
>> Clang static analysis reports this issue
>> livepatch-shadow-fix1.c:113:2: warning: Use of
>> memory after it is freed
>> pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> The pointer is freed in the previous statement.
>> Reorder the pr_info to report before the free.
>>
>> Similar issue in livepatch-shadow-fix2.c
>>
>> Signed-off-by: Tom Rix <[email protected]>
>> ---
>> v2: Fix similar issue in livepatch-shadow-fix2.c
>>
>> samples/livepatch/livepatch-shadow-fix1.c | 2 +-
>> samples/livepatch/livepatch-shadow-fix2.c | 2 +-
>> 2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
>> index 918ce17b43fda..6701641bf12d4 100644
>> --- a/samples/livepatch/livepatch-shadow-fix1.c
>> +++ b/samples/livepatch/livepatch-shadow-fix1.c
>> @@ -109,9 +109,9 @@ static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)
>> void *d = obj;
>> int **shadow_leak = shadow_data;
>>
>> - kfree(*shadow_leak);
>> pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>> __func__, d, *shadow_leak);
>> + kfree(*shadow_leak);
>> }
>>
>> static void livepatch_fix1_dummy_free(struct dummy *d)
>> diff --git a/samples/livepatch/livepatch-shadow-fix2.c b/samples/livepatch/livepatch-shadow-fix2.c
>> index 29fe5cd420472..361046a4f10cf 100644
>> --- a/samples/livepatch/livepatch-shadow-fix2.c
>> +++ b/samples/livepatch/livepatch-shadow-fix2.c
>> @@ -61,9 +61,9 @@ static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
>> void *d = obj;
>> int **shadow_leak = shadow_data;
>>
>> - kfree(*shadow_leak);
>> pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>> __func__, d, *shadow_leak);
>> + kfree(*shadow_leak);
>> }
>>
>> static void livepatch_fix2_dummy_free(struct dummy *d)
>>
> Hi Tom,
>
> Ordering doesn't matter for the example, so let's clean up the static
> analysis.
>
> Acked-by: Joe Lawrence <[email protected]>
>
> But for my sanity, isn't this a false positive? There shouldn't be harm
> in printing the pointer itself, even after what it points to has been
> freed, i.e.
>
> int *i = malloc(sizeof(*i));
> free(i);
> printf("%p\n", i); << ok
> printf("%d\n", *i); << NOT ok
>
> But I suppose clang doesn't know that the passed pointer isn't getting
> dereferenced by the function, so it throws up a warning? Just curious
> what your experience has been with respect to these reports.
The analysis it good for static functions, for extern functions it has
nothing to analyze so a worst case is assumed.
I agree this is likely a false positive.
Tom
>
> Thanks,
On 3/19/22 9:51 PM, [email protected] wrote:
> From: Tom Rix <[email protected]>
>
> Clang static analysis reports this issue
> livepatch-shadow-fix1.c:113:2: warning: Use of
> memory after it is freed
> pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> The pointer is freed in the previous statement.
> Reorder the pr_info to report before the free.
>
> Similar issue in livepatch-shadow-fix2.c
>
> Signed-off-by: Tom Rix <[email protected]>
> ---
> v2: Fix similar issue in livepatch-shadow-fix2.c
>
> samples/livepatch/livepatch-shadow-fix1.c | 2 +-
> samples/livepatch/livepatch-shadow-fix2.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
> index 918ce17b43fda..6701641bf12d4 100644
> --- a/samples/livepatch/livepatch-shadow-fix1.c
> +++ b/samples/livepatch/livepatch-shadow-fix1.c
> @@ -109,9 +109,9 @@ static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)
> void *d = obj;
> int **shadow_leak = shadow_data;
>
> - kfree(*shadow_leak);
> pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> __func__, d, *shadow_leak);
> + kfree(*shadow_leak);
> }
>
> static void livepatch_fix1_dummy_free(struct dummy *d)
> diff --git a/samples/livepatch/livepatch-shadow-fix2.c b/samples/livepatch/livepatch-shadow-fix2.c
> index 29fe5cd420472..361046a4f10cf 100644
> --- a/samples/livepatch/livepatch-shadow-fix2.c
> +++ b/samples/livepatch/livepatch-shadow-fix2.c
> @@ -61,9 +61,9 @@ static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
> void *d = obj;
> int **shadow_leak = shadow_data;
>
> - kfree(*shadow_leak);
> pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> __func__, d, *shadow_leak);
> + kfree(*shadow_leak);
> }
>
> static void livepatch_fix2_dummy_free(struct dummy *d)
>
Hi Tom,
Ordering doesn't matter for the example, so let's clean up the static
analysis.
Acked-by: Joe Lawrence <[email protected]>
But for my sanity, isn't this a false positive? There shouldn't be harm
in printing the pointer itself, even after what it points to has been
freed, i.e.
int *i = malloc(sizeof(*i));
free(i);
printf("%p\n", i); << ok
printf("%d\n", *i); << NOT ok
But I suppose clang doesn't know that the passed pointer isn't getting
dereferenced by the function, so it throws up a warning? Just curious
what your experience has been with respect to these reports.
Thanks,
--
Joe
> > On 3/19/22 9:51 PM, [email protected] wrote:
> > > From: Tom Rix <[email protected]>
> > >
> > > Clang static analysis reports this issue
> > > livepatch-shadow-fix1.c:113:2: warning: Use of
> > > memory after it is freed
> > > pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> > > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >
> > > The pointer is freed in the previous statement.
> > > Reorder the pr_info to report before the free.
> > >
> > > Similar issue in livepatch-shadow-fix2.c
> > >
> > > Signed-off-by: Tom Rix <[email protected]>
> > > ---
> > > v2: Fix similar issue in livepatch-shadow-fix2.c
> > >
> > > samples/livepatch/livepatch-shadow-fix1.c | 2 +-
> > > samples/livepatch/livepatch-shadow-fix2.c | 2 +-
> > > 2 files changed, 2 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
> > > index 918ce17b43fda..6701641bf12d4 100644
> > > --- a/samples/livepatch/livepatch-shadow-fix1.c
> > > +++ b/samples/livepatch/livepatch-shadow-fix1.c
> > > @@ -109,9 +109,9 @@ static void livepatch_fix1_dummy_leak_dtor(void *obj, void *shadow_data)
> > > void *d = obj;
> > > int **shadow_leak = shadow_data;
> > > - kfree(*shadow_leak);
> > > pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> > > __func__, d, *shadow_leak);
> > > + kfree(*shadow_leak);
> > > }
> > > static void livepatch_fix1_dummy_free(struct dummy *d)
> > > diff --git a/samples/livepatch/livepatch-shadow-fix2.c b/samples/livepatch/livepatch-shadow-fix2.c
> > > index 29fe5cd420472..361046a4f10cf 100644
> > > --- a/samples/livepatch/livepatch-shadow-fix2.c
> > > +++ b/samples/livepatch/livepatch-shadow-fix2.c
> > > @@ -61,9 +61,9 @@ static void livepatch_fix2_dummy_leak_dtor(void *obj, void *shadow_data)
> > > void *d = obj;
> > > int **shadow_leak = shadow_data;
> > > - kfree(*shadow_leak);
> > > pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> > > __func__, d, *shadow_leak);
> > > + kfree(*shadow_leak);
> > > }
> > > static void livepatch_fix2_dummy_free(struct dummy *d)
Acked-by: David Vernet <[email protected]>
On Sat 2022-03-19 18:51:43, [email protected] wrote:
> From: Tom Rix <[email protected]>
>
> Clang static analysis reports this issue
> livepatch-shadow-fix1.c:113:2: warning: Use of
> memory after it is freed
> pr_info("%s: dummy @ %p, prevented leak @ %p\n",
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> The pointer is freed in the previous statement.
> Reorder the pr_info to report before the free.
>
> Similar issue in livepatch-shadow-fix2.c
I have added the following paragraph:
<snip>
Note that it is a false positive. pr_info() just prints the address.
The freed memory is not accessed. Well, the static analyzer could not
know this easily.
</snip>
> Signed-off-by: Tom Rix <[email protected]>
and pushed the patch into livepatching/livepatching.git,
branch for-5.18/selftests-fixes.
IMHO, the patch is so trivial and can be added even in this merge
window. There is no need to create more dances around it ;-)
Let me know if you disagree. I am going to send the pull request
on Friday or Monday.
Best Regards,
Petr
On 3/23/22 8:53 AM, Petr Mladek wrote:
> On Sat 2022-03-19 18:51:43, [email protected] wrote:
>> From: Tom Rix <[email protected]>
>>
>> Clang static analysis reports this issue
>> livepatch-shadow-fix1.c:113:2: warning: Use of
>> memory after it is freed
>> pr_info("%s: dummy @ %p, prevented leak @ %p\n",
>> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>> The pointer is freed in the previous statement.
>> Reorder the pr_info to report before the free.
>>
>> Similar issue in livepatch-shadow-fix2.c
> I have added the following paragraph:
>
> <snip>
> Note that it is a false positive. pr_info() just prints the address.
> The freed memory is not accessed. Well, the static analyzer could not
> know this easily.
> </snip>
>
>> Signed-off-by: Tom Rix <[email protected]>
> and pushed the patch into livepatching/livepatching.git,
> branch for-5.18/selftests-fixes.
>
> IMHO, the patch is so trivial and can be added even in this merge
> window. There is no need to create more dances around it ;-)
>
> Let me know if you disagree. I am going to send the pull request
> on Friday or Monday.
Do whatever is easier for you. The addition to the commit log is fine.
Thanks
Tom
>
> Best Regards,
> Petr
>