From: Arnd Bergmann <[email protected]>
clang notices that the pi_get_entry() function would use
uninitialized data if it was called with a non-NULL module
pointer on a kernel that does not support modules:
kernel/printk/index.c:32:6: error: variable 'nr_entries' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
if (!mod) {
^~~~
kernel/printk/index.c:38:13: note: uninitialized use occurs here
if (pos >= nr_entries)
^~~~~~~~~~
kernel/printk/index.c:32:2: note: remove the 'if' if its condition is always true
if (!mod) {
Rework the condition to make it clear to the compiler that we are always
in the second case. Unfortunately the #ifdef is still required as the
definition of 'struct module' is hidden when modules are disabled.
Fixes: 337015573718 ("printk: Userspace format indexing support")
Signed-off-by: Arnd Bergmann <[email protected]>
---
kernel/printk/index.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/kernel/printk/index.c b/kernel/printk/index.c
index d3709408debe..b4d90bab6d4d 100644
--- a/kernel/printk/index.c
+++ b/kernel/printk/index.c
@@ -22,14 +22,12 @@ static struct pi_entry *pi_get_entry(const struct module *mod, loff_t pos)
struct pi_entry **entries;
unsigned int nr_entries;
+ if (IS_ENABLED(CONFIG_MODULES) && mod) {
#ifdef CONFIG_MODULES
- if (mod) {
entries = mod->printk_index_start;
nr_entries = mod->printk_index_size;
- }
#endif
-
- if (!mod) {
+ } else {
/* vmlinux, comes from linker symbols */
entries = __start_printk_index;
nr_entries = __stop_printk_index - __start_printk_index;
--
2.29.2
Hi Arnd,
Arnd Bergmann writes:
>From: Arnd Bergmann <[email protected]>
>
>clang notices that the pi_get_entry() function would use
>uninitialized data if it was called with a non-NULL module
>pointer on a kernel that does not support modules:
On a !CONFIG_MODULES kernel, we _never_ pass a non-NULL module pointer. This
isn't just convention: we don't even have `struct module` fully fleshed out, so
it technically cannot be so.
>kernel/printk/index.c:32:6: error: variable 'nr_entries' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
> if (!mod) {
> ^~~~
>kernel/printk/index.c:38:13: note: uninitialized use occurs here
> if (pos >= nr_entries)
> ^~~~~~~~~~
>kernel/printk/index.c:32:2: note: remove the 'if' if its condition is always true
> if (!mod) {
>
>Rework the condition to make it clear to the compiler that we are always
>in the second case. Unfortunately the #ifdef is still required as the
>definition of 'struct module' is hidden when modules are disabled.
Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
>Fixes: 337015573718 ("printk: Userspace format indexing support")
Does this really fix anything, or just clang's ignorance? If the latter, clang
needs to be smarter here: as far as I can see there are no occasions where
there's even any opportunity for a non-NULL pointer to come in on a
!CONFIG_MODULES kernel, since `struct module` isn't even complete.
>Signed-off-by: Arnd Bergmann <[email protected]>
>---
> kernel/printk/index.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
>diff --git a/kernel/printk/index.c b/kernel/printk/index.c
>index d3709408debe..b4d90bab6d4d 100644
>--- a/kernel/printk/index.c
>+++ b/kernel/printk/index.c
>@@ -22,14 +22,12 @@ static struct pi_entry *pi_get_entry(const struct module *mod, loff_t pos)
> struct pi_entry **entries;
> unsigned int nr_entries;
>
>+ if (IS_ENABLED(CONFIG_MODULES) && mod) {
> #ifdef CONFIG_MODULES
>- if (mod) {
> entries = mod->printk_index_start;
> nr_entries = mod->printk_index_size;
>- }
> #endif
>-
>- if (!mod) {
>+ } else {
> /* vmlinux, comes from linker symbols */
> entries = __start_printk_index;
> nr_entries = __stop_printk_index - __start_printk_index;
>--
>2.29.2
>
On Mon, Sep 27, 2021 at 3:20 PM Chris Down <[email protected]> wrote:
>
> Hi Arnd,
>
> Arnd Bergmann writes:
> >From: Arnd Bergmann <[email protected]>
> >
> >clang notices that the pi_get_entry() function would use
> >uninitialized data if it was called with a non-NULL module
> >pointer on a kernel that does not support modules:
>
> On a !CONFIG_MODULES kernel, we _never_ pass a non-NULL module pointer. This
> isn't just convention: we don't even have `struct module` fully fleshed out, so
> it technically cannot be so.
Yes, I understand that part, hence the "if it was called" rather then
"when it is called".
> >kernel/printk/index.c:32:6: error: variable 'nr_entries' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
> > if (!mod) {
> > ^~~~
> >kernel/printk/index.c:38:13: note: uninitialized use occurs here
> > if (pos >= nr_entries)
> > ^~~~~~~~~~
> >kernel/printk/index.c:32:2: note: remove the 'if' if its condition is always true
> > if (!mod) {
> >
> >Rework the condition to make it clear to the compiler that we are always
> >in the second case. Unfortunately the #ifdef is still required as the
> >definition of 'struct module' is hidden when modules are disabled.
>
> Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
>
> >Fixes: 337015573718 ("printk: Userspace format indexing support")
>
> Does this really fix anything, or just clang's ignorance? If the latter, clang
> needs to be smarter here: as far as I can see there are no occasions where
> there's even any opportunity for a non-NULL pointer to come in on a
> !CONFIG_MODULES kernel, since `struct module` isn't even complete.
I don't see how you would expect clang to understand that part. It does
not do cross-function analysis for the purpose of diagnostic output, and
even if it did, then this caller
static void *pi_next(struct seq_file *s, void *v, loff_t *pos)
{
const struct module *mod = s->file->f_inode->i_private;
struct pi_entry *entry = pi_get_entry(mod, *pos);
...
}
has no indication that "s->file->f_inode->i_private" is guaranteed to
be a NULL pointer.
Arnd
Arnd Bergmann writes:
>On Mon, Sep 27, 2021 at 3:20 PM Chris Down <[email protected]> wrote:
>>
>> Hi Arnd,
>>
>> Arnd Bergmann writes:
>> >From: Arnd Bergmann <[email protected]>
>> >
>> >clang notices that the pi_get_entry() function would use
>> >uninitialized data if it was called with a non-NULL module
>> >pointer on a kernel that does not support modules:
>>
>> On a !CONFIG_MODULES kernel, we _never_ pass a non-NULL module pointer. This
>> isn't just convention: we don't even have `struct module` fully fleshed out, so
>> it technically cannot be so.
>
>Yes, I understand that part, hence the "if it was called" rather then
>"when it is called".
But there's no "if", it's simply not possible.
>> >kernel/printk/index.c:32:6: error: variable 'nr_entries' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
>> > if (!mod) {
>> > ^~~~
>> >kernel/printk/index.c:38:13: note: uninitialized use occurs here
>> > if (pos >= nr_entries)
>> > ^~~~~~~~~~
>> >kernel/printk/index.c:32:2: note: remove the 'if' if its condition is always true
>> > if (!mod) {
>> >
>> >Rework the condition to make it clear to the compiler that we are always
>> >in the second case. Unfortunately the #ifdef is still required as the
>> >definition of 'struct module' is hidden when modules are disabled.
>>
>> Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
>>
>> >Fixes: 337015573718 ("printk: Userspace format indexing support")
>>
>> Does this really fix anything, or just clang's ignorance? If the latter, clang
>> needs to be smarter here: as far as I can see there are no occasions where
>> there's even any opportunity for a non-NULL pointer to come in on a
>> !CONFIG_MODULES kernel, since `struct module` isn't even complete.
>
>I don't see how you would expect clang to understand that part. It does
>not do cross-function analysis for the purpose of diagnostic output, and
>even if it did, then this caller
>
>static void *pi_next(struct seq_file *s, void *v, loff_t *pos)
>{
> const struct module *mod = s->file->f_inode->i_private;
> struct pi_entry *entry = pi_get_entry(mod, *pos);
>...
>}
>
>has no indication that "s->file->f_inode->i_private" is guaranteed to
>be a NULL pointer.
Sure, but it seems unnecessary to me to gum up the code because of clang's
inability to understand that.
To be clear, I appreciate that some tradeoffs need to be made for the nice
warnings that clang gives -- and to that extent I'm ambivalent to the patch --
but I object to "Fixes:" for something that doesn't fix anything at all.
On Mon, 27 Sep 2021 14:19:18 +0100
Chris Down <[email protected]> wrote:
> Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
I agree.
Would this be a better solution?
-- Steve
diff --git a/kernel/printk/index.c b/kernel/printk/index.c
index d3709408debe..ce3a0c8c5770 100644
--- a/kernel/printk/index.c
+++ b/kernel/printk/index.c
@@ -26,10 +26,10 @@ static struct pi_entry *pi_get_entry(const struct module *mod, loff_t pos)
if (mod) {
entries = mod->printk_index_start;
nr_entries = mod->printk_index_size;
- }
+ } else
#endif
+ {
- if (!mod) {
/* vmlinux, comes from linker symbols */
entries = __start_printk_index;
nr_entries = __stop_printk_index - __start_printk_index;
On Mon, Sep 27, 2021 at 6:21 PM Steven Rostedt <[email protected]> wrote:
>
> On Mon, 27 Sep 2021 14:19:18 +0100
> Chris Down <[email protected]> wrote:
>
> > Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
>
> I agree.
>
> Would this be a better solution?
Sounds good, I'll follow up with that version after the next round of randconfig
builds.
Thanks,
Arnd
On Mon, 27 Sep 2021 20:32:12 +0200
Arnd Bergmann <[email protected]> wrote:
> On Mon, Sep 27, 2021 at 6:21 PM Steven Rostedt <[email protected]> wrote:
> >
> > On Mon, 27 Sep 2021 14:19:18 +0100
> > Chris Down <[email protected]> wrote:
> >
> > > Having IS_ENABLED and then an #ifdef seems to hurt code readability to me.
> >
> > I agree.
> >
> > Would this be a better solution?
>
> Sounds good, I'll follow up with that version after the next round of randconfig
> builds.
OK, but can you remove the extra line that's between the brace and the
text. I should have deleted it in that patch.
-- Steve