CC: [email protected] CC: [email protected] TO: Christoph Hellwig <[email protected]>
tree: git://git.infradead.org/users/hch/misc.git i915-mdev head: 3e7e1da34feaeb5473f397c9cab73b4eb7f6a33c commit: f560e86c73f1bfff2ef69bb00b6a66d81f5f2c86 [39/40] vfio: grab a group reference in vfio_group_container_acquire :::::: branch date: 20 hours ago :::::: commit date: 20 hours ago config: x86_64-randconfig-c001-20210725 (attached as .config) compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 3f2c1e99e44d028d5e9dd685f3c568f2661f2f68) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu git remote add hch-misc git://git.infradead.org/users/hch/misc.git git fetch --no-tags hch-misc i915-mdev git checkout f560e86c73f1bfff2ef69bb00b6a66d81f5f2c86 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross clang-analyzer ARCH=x86_64 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) net/netlink/genetlink.c:1453:2: note: Loop condition is false. Exiting loop for_each_net_rcu(net) { ^ include/net/net_namespace.h:337:2: note: expanded from macro 'for_each_net_rcu' list_for_each_entry_rcu(VAR, &net_namespace_list, list) ^ include/linux/rculist.h:392:13: note: expanded from macro 'list_for_each_entry_rcu' pos = list_entry_rcu((head)->next, typeof(*pos), member); \ ^ include/linux/rculist.h:316:2: note: expanded from macro 'list_entry_rcu' container_of(READ_ONCE(ptr), type, member) ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:306:2: note: expanded from macro '__compiletime_assert' do { \ ^ net/netlink/genetlink.c:1453:2: note: Loop condition is false. Execution continues on line 1471 for_each_net_rcu(net) { ^ include/net/net_namespace.h:337:2: note: expanded from macro 'for_each_net_rcu' list_for_each_entry_rcu(VAR, &net_namespace_list, list) ^ include/linux/rculist.h:391:2: note: expanded from macro 'list_for_each_entry_rcu' for (__list_check_rcu(dummy, ## cond, 0), \ ^ net/netlink/genetlink.c:1471:24: note: Access to field 'genl_sock' results in a dereference of a null pointer (loaded from variable 'prev') err = nlmsg_multicast(prev->genl_sock, skb, portid, group, flags); ^~~~ Suppressed 9 warnings (9 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 12 warnings generated. Suppressed 12 warnings (12 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 11 warnings generated. Suppressed 11 warnings (11 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 11 warnings generated. Suppressed 11 warnings (11 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 19 warnings generated. Suppressed 19 warnings (19 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 11 warnings generated. Suppressed 11 warnings (11 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 11 warnings generated. drivers/net/fjes/fjes_hw.c:435:2: warning: Value stored to 'result' is never read [clang-analyzer-deadcode.DeadStores] result = 0; ^ ~ drivers/net/fjes/fjes_hw.c:435:2: note: Value stored to 'result' is never read result = 0; ^ ~ drivers/net/fjes/fjes_hw.c:541:2: warning: Value stored to 'result' is never read [clang-analyzer-deadcode.DeadStores] result = 0; ^ ~ drivers/net/fjes/fjes_hw.c:541:2: note: Value stored to 'result' is never read result = 0; ^ ~ drivers/net/fjes/fjes_hw.c:631:2: warning: Value stored to 'result' is never read [clang-analyzer-deadcode.DeadStores] result = 0; ^ ~ drivers/net/fjes/fjes_hw.c:631:2: note: Value stored to 'result' is never read result = 0; ^ ~ Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 18 warnings generated. Suppressed 18 warnings (18 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 8 warnings generated. Suppressed 8 warnings (8 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. >> drivers/vfio/vfio.c:395:36: warning: Use of memory after it is freed >> [clang-analyzer-unix.Malloc] struct iommu_group *iommu_group = group->iommu_group; ^ drivers/vfio/vfio.c:2159:6: note: Assuming 'dev' is non-null if (!dev || !nb) ^~~~ drivers/vfio/vfio.c:2159:6: note: Left side of '||' is false drivers/vfio/vfio.c:2159:14: note: Assuming 'nb' is non-null if (!dev || !nb) ^~~ drivers/vfio/vfio.c:2159:2: note: Taking false branch if (!dev || !nb) ^ drivers/vfio/vfio.c:2163:7: note: 'group' is non-null if (!group) ^~~~~ drivers/vfio/vfio.c:2163:2: note: Taking false branch if (!group) ^ drivers/vfio/vfio.c:2166:2: note: Control jumps to 'case VFIO_GROUP_NOTIFY:' at line 2170 switch (type) { ^ drivers/vfio/vfio.c:2171:9: note: Calling 'vfio_unregister_group_notifier' ret = vfio_unregister_group_notifier(group, nb); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/vfio/vfio.c:2114:6: note: 'ret' is 0 if (ret) ^~~ drivers/vfio/vfio.c:2114:2: note: Taking false branch if (ret) ^ drivers/vfio/vfio.c:2119:2: note: Calling 'vfio_group_container_release' vfio_group_container_release(group); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/vfio/vfio.c:1354:6: note: Assuming the condition is false if (!atomic_dec_if_positive(&group->container_users)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/vfio/vfio.c:1354:2: note: Taking false branch if (!atomic_dec_if_positive(&group->container_users)) ^ drivers/vfio/vfio.c:1356:2: note: Calling 'vfio_group_put' vfio_group_put(group); ^~~~~~~~~~~~~~~~~~~~~ drivers/vfio/vfio.c:415:2: note: Calling 'kref_put_mutex' kref_put_mutex(&group->kref, vfio_group_release, &vfio.group_lock); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/kref.h:75:6: note: Assuming the condition is true if (refcount_dec_and_mutex_lock(&kref->refcount, lock)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/kref.h:75:2: note: Taking true branch if (refcount_dec_and_mutex_lock(&kref->refcount, lock)) { ^ include/linux/kref.h:76:3: note: Calling 'vfio_group_release' release(kref); ^~~~~~~~~~~~~ drivers/vfio/vfio.c:393:29: note: Left side of '&&' is false struct vfio_group *group = container_of(kref, struct vfio_group, kref); ^ include/linux/kernel.h:495:61: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ drivers/vfio/vfio.c:393:29: note: Taking false branch struct vfio_group *group = container_of(kref, struct vfio_group, kref); ^ include/linux/kernel.h:495:2: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^ include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:308:3: note: expanded from macro '__compiletime_assert' if (!(condition)) \ ^ drivers/vfio/vfio.c:393:29: note: Loop condition is false. Exiting loop struct vfio_group *group = container_of(kref, struct vfio_group, kref); ^ include/linux/kernel.h:495:2: note: expanded from macro 'container_of' BUILD_BUG_ON_MSG(!__same_type(*(ptr), ((type *)0)->member) && \ ^ include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG' #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) ^ include/linux/compiler_types.h:328:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:316:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:306:2: note: expanded from macro '__compiletime_assert' do { \ ^ drivers/vfio/vfio.c:397:2: note: Assuming '__ret_warn_on' is 0 WARN_ON(!list_empty(&group->device_list)); ^ include/asm-generic/bug.h:122:6: note: expanded from macro 'WARN_ON' vim +395 drivers/vfio/vfio.c cba3345cc494ad Alex Williamson 2012-07-31 389 6d2cd3ce815b30 Al Viro 2012-08-17 390 /* called with vfio.group_lock held */ cba3345cc494ad Alex Williamson 2012-07-31 391 static void vfio_group_release(struct kref *kref) cba3345cc494ad Alex Williamson 2012-07-31 392 { cba3345cc494ad Alex Williamson 2012-07-31 393 struct vfio_group *group = container_of(kref, struct vfio_group, kref); 60720a0fc6469e Alex Williamson 2015-02-06 394 struct vfio_unbound_dev *unbound, *tmp; 4a68810dbbb466 Alex Williamson 2015-02-06 @395 struct iommu_group *iommu_group = group->iommu_group; cba3345cc494ad Alex Williamson 2012-07-31 396 cba3345cc494ad Alex Williamson 2012-07-31 397 WARN_ON(!list_empty(&group->device_list)); 65b1adebfe43c6 Alex Williamson 2017-03-21 398 WARN_ON(group->notifier.head); cba3345cc494ad Alex Williamson 2012-07-31 399 60720a0fc6469e Alex Williamson 2015-02-06 400 list_for_each_entry_safe(unbound, tmp, 60720a0fc6469e Alex Williamson 2015-02-06 401 &group->unbound_list, unbound_next) { 60720a0fc6469e Alex Williamson 2015-02-06 402 list_del(&unbound->unbound_next); 60720a0fc6469e Alex Williamson 2015-02-06 403 kfree(unbound); 60720a0fc6469e Alex Williamson 2015-02-06 404 } 60720a0fc6469e Alex Williamson 2015-02-06 405 d10999016f4164 Alex Williamson 2013-12-19 406 device_destroy(vfio.class, MKDEV(MAJOR(vfio.group_devt), group->minor)); cba3345cc494ad Alex Williamson 2012-07-31 407 list_del(&group->vfio_next); cba3345cc494ad Alex Williamson 2012-07-31 408 vfio_free_group_minor(group->minor); 9df7b25ab71cee Jiang Liu 2012-12-07 409 vfio_group_unlock_and_free(group); 4a68810dbbb466 Alex Williamson 2015-02-06 410 iommu_group_put(iommu_group); cba3345cc494ad Alex Williamson 2012-07-31 411 } cba3345cc494ad Alex Williamson 2012-07-31 412 :::::: The code at line 395 was first introduced by commit :::::: 4a68810dbbb4664fe4a9ac1be4d1c0e34a9b58f5 vfio: Tie IOMMU group reference to vfio group :::::: TO: Alex Williamson <[email protected]> :::::: CC: Alex Williamson <[email protected]> --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
