Received: by 2002:a05:6500:1b41:b0:1fb:d597:ff75 with SMTP id cz1csp59377lqb; Tue, 4 Jun 2024 05:13:09 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVf8ep28SdyJ6Dj92M/nGkTh/OmRoRlsN75ncj21piB3jmoLMj/CGh05WPOHb1cP0Bvj98njqibQ+xiTKWLx+W2XB1O9SrQoSQhxKimFA== X-Google-Smtp-Source: AGHT+IFrwX2w7sqbRsLF35njpTtTuE4ARUhdO6tHF6Ti5f0qMw7BEcP77lrPnd8Hpi/2vFar0KoZ X-Received: by 2002:a05:6870:55ce:b0:24c:b963:4a2f with SMTP id 586e51a60fabf-2508b9efa52mr13405946fac.32.1717503189472; Tue, 04 Jun 2024 05:13:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717503189; cv=pass; d=google.com; s=arc-20160816; b=p0rPj+EuBC/KSTwUrrXiHs81SkKvuThs8sODPhio3+NAbKvdBZG5xi6HN+oZMzYmxq uDCPPRSjxt/GUJEthMyL6DOXh/cw3RvsUyOd7L43M5HsHPuj9jljLHBdhaBbfoNCASgw ARvHDlFRLBsVIrSXY7p0zZFM1Qquuv2irF7K/fBAQF3tgbC2uHDa2m19G3hqBc32jxwv VJeqpt/MbKx4DswDppPZp/HnQ4J701B14A03VYT3kGx0J5xTi9vCGQYUnN+OFKEpzg3x /FxehncpOT+QkqunRST4x5DocYOThejninoikuHANUUqGtMKBpBH0KJF9b1C+swQw09J dqJw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from; bh=DjT+YAKoR/lW/vgfD0hsBJFdSL4e/rbbe1SXWb5thXw=; fh=MykIEBirL83Ls0e09wZ2ycsPgcRAfIEDy2AUfG3kFnU=; b=L3cpLFhqy/AO5RgsauE1Artf4z/MBXxUaaPArBsDBWA+vLGiWOCEnvDoUjnkqC6Rlb HHtwUmqkWrgLoA1/uRJmR+wVkGudHKC79Ez6ccyKEoGQSueSivgKAm4MGTUCC/ZNJgpw QE8khRQJjGzwbgb5PgoNdiTGDL8IDwRdNUsFeurkVFcnWMvKr8ZxpLocdxNxW0DH0O/Y bsI7AYMygCfh/8Ia4oJB7OyHZMp4sopiQawKFKrOQdR9cXtjqQ5bXYBQ22MmlBu/VY76 B6yWyn9ViLjdggepzWwQTDgYNQzl9hYokRxZ1gnjKmrekPvSMNOxBkfJghPoPpL/8IQ0 Ma7w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=nfschina.com); spf=pass (google.com: domain of linux-kernel+bounces-200572-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-200572-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id af79cd13be357-794f32b7f42si1035991985a.710.2024.06.04.05.13.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 Jun 2024 05:13:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-200572-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=nfschina.com); spf=pass (google.com: domain of linux-kernel+bounces-200572-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-200572-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 31B9E1C21A1E for ; Tue, 4 Jun 2024 12:13:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E7387145B2D; Tue, 4 Jun 2024 12:13:02 +0000 (UTC) Received: from mail.nfschina.com (unknown [42.101.60.195]) by smtp.subspace.kernel.org (Postfix) with SMTP id D492D145A1D; Tue, 4 Jun 2024 12:12:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=42.101.60.195 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717503182; cv=none; b=VjxglFNHhdR+Q5pgMRjeQe+f9EvDRbUMn4BhtzKl3ZIShjhVhIbWhOuVPR+qSzDiKB16IS56swXjG1U6rTl2aWnl9usec3ourV6PJbTmwDJi88Df+oLShW3WktlzkdoijZOwe8eJIqG4A0a3RYjWW8XueZxaGUW2aI9URb0IFZE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717503182; c=relaxed/simple; bh=es9LQ1eTsN135StDyRCpFPHsqX6uG/7ZNvhFSZOePNM=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=Ixk6axXgjayKOflIFVh7R9XSm5qOu4oybWDpZ+QPVEB5Kr3cPQTbF3QwaFYZGo034NYHl2EFRXBT653/xOzncLBsEntEF1TPBHl/Sj8D3xnm0V1kwI+JP2nhHetJox8sq6r6UFd+3javS7khMHopw5ndMBhgf63RseEOL7DIxUo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nfschina.com; spf=pass smtp.mailfrom=nfschina.com; arc=none smtp.client-ip=42.101.60.195 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nfschina.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nfschina.com Received: from localhost.localdomain (unknown [180.167.10.98]) by mail.nfschina.com (Maildata Gateway V2.8.8) with ESMTPSA id 93B93606EDF49; Tue, 4 Jun 2024 20:12:53 +0800 (CST) X-MD-Sfrom: suhui@nfschina.com X-MD-SrcIP: 180.167.10.98 From: Su Hui To: axboe@kernel.dk, asml.silence@gmail.com, nathan@kernel.org, ndesaulniers@google.com, morbo@google.com, justinstitt@google.com Cc: Su Hui , haoxu@linux.alibaba.com, io-uring@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, kernel-janitors@vger.kernel.org Subject: [PATCH] io_uring/io-wq: avoid garbge value of 'match' in io_wq_enqueue() Date: Tue, 4 Jun 2024 20:12:43 +0800 Message-Id: <20240604121242.2661244-1-suhui@nfschina.com> X-Mailer: git-send-email 2.30.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Clang static checker (scan-build) warning: o_uring/io-wq.c:line 1051, column 3 The expression is an uninitialized value. The computed value will also be garbage. 'match.nr_pending' is used in io_acct_cancel_pending_work(), but it is not initialized. Change the order of assignment for 'match' to fix this problem. Fixes: 42abc95f05bf ("io-wq: decouple work_list protection from the big wqe->lock") Signed-off-by: Su Hui --- io_uring/io-wq.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/io_uring/io-wq.c b/io_uring/io-wq.c index d1c47a9d9215..7d3316fe9bfc 100644 --- a/io_uring/io-wq.c +++ b/io_uring/io-wq.c @@ -927,7 +927,11 @@ void io_wq_enqueue(struct io_wq *wq, struct io_wq_work *work) { struct io_wq_acct *acct = io_work_get_acct(wq, work); unsigned long work_flags = work->flags; - struct io_cb_cancel_data match; + struct io_cb_cancel_data match = { + .fn = io_wq_work_match_item, + .data = work, + .cancel_all = false, + }; bool do_create; /* @@ -965,10 +969,6 @@ void io_wq_enqueue(struct io_wq *wq, struct io_wq_work *work) raw_spin_unlock(&wq->lock); /* fatal condition, failed to create the first worker */ - match.fn = io_wq_work_match_item, - match.data = work, - match.cancel_all = false, - io_acct_cancel_pending_work(wq, acct, &match); } } -- 2.30.2