On 2026/2/1 1:26, kernel test robot wrote:
> Hi Chen,
>
> kernel test robot noticed the following build warnings:
>
> [auto build test WARNING on next-20260130]
>
> url:
> https://github.com/intel-lab-lkp/linux/commits/Chen-Ridong/cgroup-dmem-fix-NULL-pointer-dereference-when-setting-max/20260131-173002
> base: next-20260130
> patch link:
> https://lore.kernel.org/r/20260131091202.344788-2-chenridong%40huaweicloud.com
> patch subject: [PATCH -next 1/3] cgroup/dmem: fix NULL pointer dereference
> when setting max
> config: x86_64-randconfig-161-20260131
> (https://download.01.org/0day-ci/archive/20260201/[email protected]/config)
> compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project
> 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
> smatch version: v0.5.0-8994-gd50c5a4c
> reproduce (this is a W=1 build):
> (https://download.01.org/0day-ci/archive/20260201/[email protected]/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version
> of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <[email protected]>
> | Closes:
> https://lore.kernel.org/oe-kbuild-all/[email protected]/
>
> All warnings (new ones prefixed by >>):
>
>>> kernel/cgroup/dmem.c:703:7: warning: variable 'region' is used
>>> uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
> 703 | if (!options || !*options) {
> | ^~~~~~~~~~~~~~~~~~~~~
> kernel/cgroup/dmem.c:729:13: note: uninitialized use occurs here
> 729 | kref_put(®ion->ref, dmemcg_free_region);
> | ^~~~~~
> kernel/cgroup/dmem.c:703:3: note: remove the 'if' if its condition is
> always false
> 703 | if (!options || !*options) {
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 704 | err = -EINVAL;
> | ~~~~~~~~~~~~~~
> 705 | goto out_put;
> | ~~~~~~~~~~~~~
> 706 | }
> | ~
>>> kernel/cgroup/dmem.c:703:7: warning: variable 'region' is used
>>> uninitialized whenever '||' condition is true [-Wsometimes-uninitialized]
> 703 | if (!options || !*options) {
> | ^~~~~~~~
> kernel/cgroup/dmem.c:729:13: note: uninitialized use occurs here
> 729 | kref_put(®ion->ref, dmemcg_free_region);
> | ^~~~~~
> kernel/cgroup/dmem.c:703:7: note: remove the '||' if its condition is
> always false
> 703 | if (!options || !*options) {
> | ^~~~~~~~~~~
> kernel/cgroup/dmem.c:685:36: note: initialize the variable 'region' to
> silence this warning
> 685 | struct dmem_cgroup_region *region;
> | ^
> | = NULL
> 2 warnings generated.
>
>
> vim +703 kernel/cgroup/dmem.c
>
> 674
> 675 static ssize_t dmemcg_limit_write(struct kernfs_open_file *of,
> 676 char *buf, size_t nbytes,
> loff_t off,
> 677 void (*apply)(struct
> dmem_cgroup_pool_state *, u64))
> 678 {
> 679 struct dmemcg_state *dmemcs = css_to_dmemcs(of_css(of));
> 680 int err = 0;
> 681
> 682 while (buf && !err) {
> 683 struct dmem_cgroup_pool_state *pool = NULL;
> 684 char *options, *region_name;
> 685 struct dmem_cgroup_region *region;
> 686 u64 new_limit;
> 687
> 688 options = buf;
> 689 buf = strchr(buf, '\n');
> 690 if (buf)
> 691 *buf++ = '\0';
> 692
> 693 options = strstrip(options);
> 694
> 695 /* eat empty lines */
> 696 if (!options[0])
> 697 continue;
> 698
> 699 region_name = strsep(&options, " \t");
> 700 if (!region_name[0])
> 701 continue;
> 702
> > 703 if (!options || !*options) {
> 704 err = -EINVAL;
> 705 goto out_put;
> 706 }
> 707
Thanks.
I missed that region is uninitialized. It could just return -EINVAL.
I'll fix it in the next version. If anyone has other opinions, I would like to
update together.
> 708 rcu_read_lock();
> 709 region = dmemcg_get_region_by_name(region_name);
> 710 rcu_read_unlock();
> 711
> 712 if (!region)
> 713 return -EINVAL;
> 714
> 715 err = dmemcg_parse_limit(options, region,
> &new_limit);
> 716 if (err < 0)
> 717 goto out_put;
> 718
> 719 pool = get_cg_pool_unlocked(dmemcs, region);
> 720 if (IS_ERR(pool)) {
> 721 err = PTR_ERR(pool);
> 722 goto out_put;
> 723 }
> 724
> 725 /* And commit */
> 726 apply(pool, new_limit);
> 727
> 728 out_put:
> 729 kref_put(®ion->ref, dmemcg_free_region);
> 730 }
> 731
> 732
> 733 return err ?: nbytes;
> 734 }
> 735
>
--
Best regards,
Ridong
