Re: [patch] nvme-fabrics: correct some printk information
From: Julia Lawall
Date: Sat Dec 10 2016 - 17:07:25 EST
On Sat, 10 Dec 2016, Joe Perches wrote:
> On Sat, 2016-12-10 at 21:06 +0100, Julia Lawall wrote:
> >
> > On Sat, 10 Dec 2016, Dan Carpenter wrote:
> >
> > > On Sat, Dec 10, 2016 at 03:27:50AM -0800, Joe Perches wrote:
> > > > On Sat, 2016-12-10 at 12:06 +0300, Dan Carpenter wrote:
> > > > > We really don't care where "ctrl" is on the stack since we're just
> > > > > returning soon what we want is the actual ctrl pointer itself.
> > > > >
> > > > > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> > > > >
> > > > > diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
> > > >
> > > > []
> > > > > @@ -2402,7 +2402,7 @@ enum blk_eh_timer_return
> > > > >
> > > > > dev_info(ctrl->ctrl.device,
> > > > > "NVME-FC{%d}: new ctrl: NQN \"%s\" (%p)\n",
> > > > > - ctrl->cnum, ctrl->ctrl.opts->subsysnqn, &ctrl);
> > > > > + ctrl->cnum, ctrl->ctrl.opts->subsysnqn, ctrl);
> > > >
> > > > Found by script or inspection?
> > > >
> > > > If by script, it seems unlikely there's only 1 instance
> > > > where an address of an automatic pointer type is used
> > > > incorrectly.
> > >
> > > Script. But it's using a pretty specific heuristic where we kmalloc a
> > > pointer and then pass the address. It prints few warnings. Probably
> > > 40% false positives, but the remaining examples of course are 100% false
> > > positives.
> >
> > I tried anything that looks like a print, ie has a format string argument,
> > and was taking the address of a local variable as another argument. But
> > there are lots of weird format designators in the kernel that Coccinelle
> > doesn't know about for which passing the address of a local variable is
> > reasonable. So for the moment, there are, as far as I can see, just a lot
> > of false positives. I did add improving the support for format strings to
> > my TODO list.
>
> I think there's probably a class of defects that could
> be found something like this in coccinelle:
>
> @@
> type T;
> T *t;
> @@
>
> * \(netdev_emerg\|netdev_crit\|netdev_alert\|netdev_err\|netdev_notice\|netdev_warn\|netdev_warn\|netdev_info\|netdev_dbg\|dev_emerg\|dev_crit\|dev_alert\|dev_err\|dev_notice\|dev_warn\|dev_warn\|dev_info\|dev_dbg\|pr_emerg\|pr_crit\|pr_alert\|pr_err\|pr_notice\|pr_warn\|pr_warning\|pr_warn\|pr_info\|pr_debug\|printk\|vsprintf\|vscnprintf\|vsprintf\)(..., &t, ...);
>
> This finds a few like:
>
> diff -u -p drivers//dma/pxa_dma.c /tmp/nothing//dma/pxa_dma.c
> --- drivers//dma/pxa_dma.c
> +++ /tmp/nothing//dma/pxa_dma.c
> @@ -640,9 +640,6 @@ static unsigned int clear_chan_irq(struc
> dcsr = phy_readl_relaxed(phy, DCSR);
> phy_writel(phy, dcsr, DCSR);
> if ((dcsr & PXA_DCSR_BUSERR) && (phy->vchan))
> - dev_warn(&phy->vchan->vc.chan.dev->device,
> - "%s(chan=%p): PXA_DCSR_BUSERR\n",
> - __func__, &phy->vchan);
>
> return dcsr & ~PXA_DCSR_RUN;
> }
>
> btw: It'd be nice if coccinelle could use multiple nested "\("
What exactly didn't work? It should be possible.
My rule was:
@@
format d;
local idexpression l;
identifier f != {sscanf,fscanf};
@@
f(...,"...%@d@...",...,
*&l
,...)
But there are many false positives, with things like %pV.
julia