Re: [PATCH] tmpfs: fix uninitialized return value in shmem_link

From: Qian Cai
Date: Wed Feb 27 2019 - 09:09:46 EST

Next message: Ulf Hansson: "Re: [PATCH v2 1/2] mmc: cqhci: fix space allocated for transfer descriptor"
Previous message: Peter Zijlstra: "Re: [PATCH 5/6] objtool: Add UACCESS validation"
In reply to: Darrick J. Wong: "Re: [PATCH] tmpfs: fix uninitialized return value in shmem_link"
Next in thread: Qian Cai: "Re: [PATCH] tmpfs: fix uninitialized return value in shmem_link"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2019-02-25 at 16:07 -0800, Linus Torvalds wrote:
> On Mon, Feb 25, 2019 at 4:03 PM Qian Cai <cai@xxxxxx> wrote:
> > >
> > > Of course, that's just gcc. I have no idea what llvm ends up doing.
> >
> > Clang 7.0:
> >
> > # clangÂÂ-O2 -S -Wall /tmp/test.c
> > /tmp/test.c:46:6: warning: variable 'ret' is used uninitialized whenever
> > 'if'
> > condition is false [-Wsometimes-uninitialized]
>
> Ok, good.
>
> Do we have any clang builds in any of the zero-day robot
> infrastructure or something? Should we?
>
> And maybe this was how Dan noticed the problem in the first place? Or
> is it just because of his eagle-eyes?
>

BTW, even clang is able to generate warnings in your sample code, it does not
generate any warnings when compiling the buggy shmem.o via "make CC=clang". Here
is the objdump for arm64 (with KASAN_SW_TAGS inline).

000000000000effc <shmem_link>:
{
ÂÂÂÂeffc:ÂÂÂÂÂÂÂf81c0ff7ÂÂÂÂÂÂÂÂstrÂÂÂÂÂx23, [sp, #-64]!
ÂÂÂÂf000:ÂÂÂÂÂÂÂa90157f6ÂÂÂÂÂÂÂÂstpÂÂÂÂÂx22, x21, [sp, #16]
ÂÂÂÂf004:ÂÂÂÂÂÂÂa9024ff4ÂÂÂÂÂÂÂÂstpÂÂÂÂÂx20, x19, [sp, #32]
ÂÂÂÂf008:ÂÂÂÂÂÂÂa9037bfdÂÂÂÂÂÂÂÂstpÂÂÂÂÂx29, x30, [sp, #48]
ÂÂÂÂf00c:ÂÂÂÂÂÂÂ9100c3fdÂÂÂÂÂÂÂÂaddÂÂÂÂÂx29, sp, #0x30
ÂÂÂÂf010:ÂÂÂÂÂÂÂaa0203f3ÂÂÂÂÂÂÂÂmovÂÂÂÂÂx19, x2
ÂÂÂÂf014:ÂÂÂÂÂÂÂaa0103f5ÂÂÂÂÂÂÂÂmovÂÂÂÂÂx21, x1
ÂÂÂÂf018:ÂÂÂÂÂÂÂaa0003f4ÂÂÂÂÂÂÂÂmovÂÂÂÂÂx20, x0
ÂÂÂÂf01c:ÂÂÂÂÂÂÂ94000000ÂÂÂÂÂÂÂÂblÂÂÂÂÂÂ0 <_mcount>
ÂÂÂÂf020:ÂÂÂÂÂÂÂ91016280ÂÂÂÂÂÂÂÂaddÂÂÂÂÂx0, x20, #0x58
ÂÂÂÂf024:ÂÂÂÂÂÂÂd2c20017ÂÂÂÂÂÂÂÂmovÂÂÂÂÂx23, #0x100000000000ÂÂÂÂÂÂÂÂÂÂÂÂ//
#17592186044416
ÂÂÂÂf028:ÂÂÂÂÂÂÂb2481c08ÂÂÂÂÂÂÂÂorrÂÂÂÂÂx8, x0, #0xff00000000000000
ÂÂÂÂf02c:ÂÂÂÂÂÂÂf2fdfff7ÂÂÂÂÂÂÂÂmovkÂÂÂÂx23, #0xefff, lsl #48
ÂÂÂÂf030:ÂÂÂÂÂÂÂd344fd08ÂÂÂÂÂÂÂÂlsrÂÂÂÂÂx8, x8, #4
ÂÂÂÂf034:ÂÂÂÂÂÂÂ38776909ÂÂÂÂÂÂÂÂldrbÂÂÂÂw9, [x8, x23]
ÂÂÂÂf038:ÂÂÂÂÂÂÂ940017d5ÂÂÂÂÂÂÂÂblÂÂÂÂÂÂ14f8c <OUTLINED_FUNCTION_11>
ÂÂÂÂf03c:ÂÂÂÂÂÂÂ54000060ÂÂÂÂÂÂÂÂb.eqÂÂÂÂf048 <shmem_link+0x4c>ÂÂ// b.none
ÂÂÂÂf040:ÂÂÂÂÂÂÂ7103fd1fÂÂÂÂÂÂÂÂcmpÂÂÂÂÂw8, #0xff
ÂÂÂÂf044:ÂÂÂÂÂÂÂ54000981ÂÂÂÂÂÂÂÂb.neÂÂÂÂf174 <shmem_link+0x178>ÂÂ// b.any
ÂÂÂÂf048:ÂÂÂÂÂÂÂf9400014ÂÂÂÂÂÂÂÂldrÂÂÂÂÂx20, [x0]
ÂÂÂÂÂÂÂÂif (inode->i_nlink) {
ÂÂÂÂf04c:ÂÂÂÂÂÂÂ91010280ÂÂÂÂÂÂÂÂaddÂÂÂÂÂx0, x20, #0x40
ÂÂÂÂf050:ÂÂÂÂÂÂÂb2481c08ÂÂÂÂÂÂÂÂorrÂÂÂÂÂx8, x0, #0xff00000000000000
ÂÂÂÂf054:ÂÂÂÂÂÂÂd344fd08ÂÂÂÂÂÂÂÂlsrÂÂÂÂÂx8, x8, #4
ÂÂÂÂf058:ÂÂÂÂÂÂÂ38776909ÂÂÂÂÂÂÂÂldrbÂÂÂÂw9, [x8, x23]
ÂÂÂÂf05c:ÂÂÂÂÂÂÂ940017ccÂÂÂÂÂÂÂÂblÂÂÂÂÂÂ14f8c <OUTLINED_FUNCTION_11>
ÂÂÂÂf060:ÂÂÂÂÂÂÂ54000060ÂÂÂÂÂÂÂÂb.eqÂÂÂÂf06c <shmem_link+0x70>ÂÂ// b.none
ÂÂÂÂf064:ÂÂÂÂÂÂÂ7103fd1fÂÂÂÂÂÂÂÂcmpÂÂÂÂÂw8, #0xff
ÂÂÂÂf068:ÂÂÂÂÂÂÂ540008a1ÂÂÂÂÂÂÂÂb.neÂÂÂÂf17c <shmem_link+0x180>ÂÂ// b.any
ÂÂÂÂf06c:ÂÂÂÂÂÂÂb9400008ÂÂÂÂÂÂÂÂldrÂÂÂÂÂw8, [x0]
ÂÂÂÂf070:ÂÂÂÂÂÂÂ34000148ÂÂÂÂÂÂÂÂcbzÂÂÂÂÂw8, f098 <shmem_link+0x9c>
ÂÂÂÂf074:ÂÂÂÂÂÂÂ940018fdÂÂÂÂÂÂÂÂblÂÂÂÂÂÂ15468 <OUTLINED_FUNCTION_1124>
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂret = shmem_reserve_inode(inode->i_sb);
ÂÂÂÂf078:ÂÂÂÂÂÂÂ38776909ÂÂÂÂÂÂÂÂldrbÂÂÂÂw9, [x8, x23]
ÂÂÂÂf07c:ÂÂÂÂÂÂÂ940017c4ÂÂÂÂÂÂÂÂblÂÂÂÂÂÂ14f8c <OUTLINED_FUNCTION_11>
ÂÂÂÂf080:ÂÂÂÂÂÂÂ54000060ÂÂÂÂÂÂÂÂb.eqÂÂÂÂf08c <shmem_link+0x90>ÂÂ// b.none
ÂÂÂÂf084:ÂÂÂÂÂÂÂ7103fd1fÂÂÂÂÂÂÂÂcmpÂÂÂÂÂw8, #0xff
ÂÂÂÂf088:ÂÂÂÂÂÂÂ540007e1ÂÂÂÂÂÂÂÂb.neÂÂÂÂf184 <shmem_link+0x188>ÂÂ// b.any
ÂÂÂÂf08c:ÂÂÂÂÂÂÂf9400000ÂÂÂÂÂÂÂÂldrÂÂÂÂÂx0, [x0]
ÂÂÂÂf090:ÂÂÂÂÂÂÂ97fffcf6ÂÂÂÂÂÂÂÂblÂÂÂÂÂÂe468 <shmem_reserve_inode>
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂif (ret)
ÂÂÂÂf094:ÂÂÂÂÂÂÂ35000660ÂÂÂÂÂÂÂÂcbnzÂÂÂÂw0, f160 <shmem_link+0x164>
ÂÂÂÂÂÂÂÂdir->i_size += BOGO_DIRENT_SIZE;
ÂÂÂÂf098:ÂÂÂÂÂÂÂ910122a0ÂÂÂÂÂÂÂÂaddÂÂÂÂÂx0, x21, #0x48
ÂÂÂÂf09c:ÂÂÂÂÂÂÂb2481c08ÂÂÂÂÂÂÂÂorrÂÂÂÂÂx8, x0, #0xff00000000000000
ÂÂÂÂf0a0:ÂÂÂÂÂÂÂd344fd09ÂÂÂÂÂÂÂÂlsrÂÂÂÂÂx9, x8, #4
ÂÂÂÂf0a4:ÂÂÂÂÂÂÂ3877692aÂÂÂÂÂÂÂÂldrbÂÂÂÂw10, [x9, x23]
ÂÂÂÂf0a8:ÂÂÂÂÂÂÂ94001828ÂÂÂÂÂÂÂÂblÂÂÂÂÂÂ15148 <OUTLINED_FUNCTION_193>
ÂÂÂÂf0ac:ÂÂÂÂÂÂÂ54000060ÂÂÂÂÂÂÂÂb.eqÂÂÂÂf0b8 <shmem_link+0xbc>ÂÂ// b.none
ÂÂÂÂf0b0:ÂÂÂÂÂÂÂ7103fd1fÂÂÂÂÂÂÂÂcmpÂÂÂÂÂw8, #0xff
ÂÂÂÂf0b4:ÂÂÂÂÂÂÂ540006c1ÂÂÂÂÂÂÂÂb.neÂÂÂÂf18c <shmem_link+0x190>ÂÂ// b.any
ÂÂÂÂf0b8:ÂÂÂÂÂÂÂ38776929ÂÂÂÂÂÂÂÂldrbÂÂÂÂw9, [x9, x23]
ÂÂÂÂf0bc:ÂÂÂÂÂÂÂ94001a4aÂÂÂÂÂÂÂÂblÂÂÂÂÂÂ159e4 <OUTLINED_FUNCTION_1131>
ÂÂÂÂf0c0:ÂÂÂÂÂÂÂ54000060ÂÂÂÂÂÂÂÂb.eqÂÂÂÂf0cc <shmem_link+0xd0>ÂÂ// b.none
ÂÂÂÂf0c4:ÂÂÂÂÂÂÂ7103fd1fÂÂÂÂÂÂÂÂcmpÂÂÂÂÂw8, #0xff
ÂÂÂÂf0c8:ÂÂÂÂÂÂÂ54000661ÂÂÂÂÂÂÂÂb.neÂÂÂÂf194 <shmem_link+0x198>ÂÂ// b.any
ÂÂÂÂf0cc:ÂÂÂÂÂÂÂf9000009ÂÂÂÂÂÂÂÂstrÂÂÂÂÂx9, [x0]
ÂÂÂÂÂÂÂÂinode->i_ctime = dir->i_ctime = dir->i_mtime = current_time(inode);
ÂÂÂÂf0d0:ÂÂÂÂÂÂÂaa1403e0ÂÂÂÂÂÂÂÂmovÂÂÂÂÂx0, x20
ÂÂÂÂf0d4:ÂÂÂÂÂÂÂ910182b6ÂÂÂÂÂÂÂÂaddÂÂÂÂÂx22, x21, #0x60
ÂÂÂÂf0d8:ÂÂÂÂÂÂÂ94000000ÂÂÂÂÂÂÂÂblÂÂÂÂÂÂ0 <current_time>
ÂÂÂÂf0dc:ÂÂÂÂÂÂÂb2481ec9ÂÂÂÂÂÂÂÂorrÂÂÂÂÂx9, x22, #0xff00000000000000
ÂÂÂÂf0e0:ÂÂÂÂÂÂÂd344fd29ÂÂÂÂÂÂÂÂlsrÂÂÂÂÂx9, x9, #4

Next message: Ulf Hansson: "Re: [PATCH v2 1/2] mmc: cqhci: fix space allocated for transfer descriptor"
Previous message: Peter Zijlstra: "Re: [PATCH 5/6] objtool: Add UACCESS validation"
In reply to: Darrick J. Wong: "Re: [PATCH] tmpfs: fix uninitialized return value in shmem_link"
Next in thread: Qian Cai: "Re: [PATCH] tmpfs: fix uninitialized return value in shmem_link"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]