lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1458143246.17965.10.camel@localhost.localdomain>
Date:	Wed, 16 Mar 2016 11:47:26 -0400
From:	"Ewan D. Milne" <emilne@...hat.com>
To:	Tomas Henzl <thenzl@...hat.com>
Cc:	Arnd Bergmann <arnd@...db.de>, qla2xxx-upstream@...gic.com,
	"James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>,
	"Martin K. Petersen" <martin.petersen@...cle.com>,
	Nicholas Bellinger <nab@...ux-iscsi.org>,
	Himanshu Madhani <himanshu.madhani@...gic.com>,
	Quinn Tran <quinn.tran@...gic.com>,
	Alexei Potashnik <alexei@...estorage.com>,
	Bart Van Assche <bart.vanassche@...disk.com>,
	Swapnil Nagle <swapnil.nagle@...estorage.com>,
	linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] qla2xxx: avoid maybe_uninitialized warning

On Wed, 2016-03-16 at 16:03 +0100, Tomas Henzl wrote:
> On 15.3.2016 22:40, Arnd Bergmann wrote:
> > The qlt_check_reserve_free_req() function produces an incorrect warning
> > when CONFIG_PROFILE_ANNOTATED_BRANCHES is set:
> >
> > drivers/scsi/qla2xxx/qla_target.c: In function 'qlt_check_reserve_free_req':
> > drivers/scsi/qla2xxx/qla_target.c:1887:3: error: 'cnt_in' may be used uninitialized in this function [-Werror=maybe-uninitialized]
> >    ql_dbg(ql_dbg_io, vha, 0x305a,
> >    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >        "qla_target(%d): There is no room in the request ring: vha->req->ring_index=%d, vha->req->cnt=%d, req_cnt=%d Req-out=%d Req-in=%d Req-Length=%d\n",
> >        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >        vha->vp_idx, vha->req->ring_index,
> >        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >        vha->req->cnt, req_cnt, cnt, cnt_in, vha->req->length);
> >        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > drivers/scsi/qla2xxx/qla_target.c:1887:3: error: 'cnt' may be used uninitialized in this function [-Werror=maybe-uninitialized]
> >
> > The problem is that gcc fails to track the state of the condition across
> > an annotated branch.
> >
> > This slightly rearranges the code to move the second if() block
> > into the first one, to avoid the warning while retaining the
> > behavior of the code.
> 
> When the first 'if' is true the vha->req->ring_index gets a new value 
> assigned - so it could be possible that the second 'if' wont be true any more.
> The code should not be merged into that single 'if', or am I missing something?
> 
> tomash

If the first "if" is false, the second "if" will be false also, because
the vha->req->cnt value has not changed.  If the first "if" is true, the
nested second "if" will retest the condition.

The compiler is not at fault, because vha->req->cnt can't be tracked as
it could be modified by another thread/process.  It isn't, it's protected
by the ->hardware_lock, but the compiler doesn't know that.

-Ewan

> >
> > Signed-off-by: Arnd Bergmann <arnd@...db.de>
> > ---
> >  drivers/scsi/qla2xxx/qla_target.c | 16 +++++++++-------
> >  1 file changed, 9 insertions(+), 7 deletions(-)
> >
> > diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
> > index 985231900aca..8a44d1541eb4 100644
> > --- a/drivers/scsi/qla2xxx/qla_target.c
> > +++ b/drivers/scsi/qla2xxx/qla_target.c
> > @@ -1881,15 +1881,17 @@ static int qlt_check_reserve_free_req(struct scsi_qla_host *vha,
> >  		else
> >  			vha->req->cnt = vha->req->length -
> >  			    (vha->req->ring_index - cnt);
> > -	}
> >  
> > -	if (unlikely(vha->req->cnt < (req_cnt + 2))) {
> > -		ql_dbg(ql_dbg_io, vha, 0x305a,
> > -		    "qla_target(%d): There is no room in the request ring: vha->req->ring_index=%d, vha->req->cnt=%d, req_cnt=%d Req-out=%d Req-in=%d Req-Length=%d\n",
> > -		    vha->vp_idx, vha->req->ring_index,
> > -		    vha->req->cnt, req_cnt, cnt, cnt_in, vha->req->length);
> > -		return -EAGAIN;
> > +		if (unlikely(vha->req->cnt < (req_cnt + 2))) {
> > +			ql_dbg(ql_dbg_io, vha, 0x305a,
> > +			    "qla_target(%d): There is no room in the request ring: vha->req->ring_index=%d, vha->req->cnt=%d, req_cnt=%d Req-out=%d Req-in=%d Req-Length=%d\n",
> > +			    vha->vp_idx, vha->req->ring_index,
> > +			    vha->req->cnt, req_cnt, cnt, cnt_in,
> > +			    vha->req->length);
> > +			return -EAGAIN;
> > +		}
> >  	}
> > +
> >  	vha->req->cnt -= req_cnt;
> >  
> >  	return 0;
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ