On 10/9/20 7:57 PM, Paul E. McKenney wrote:
> On Fri, Oct 09, 2020 at 05:24:37PM -0700, Tom Rix wrote:
>> On 10/9/20 4:50 PM, Paul E. McKenney wrote:
>>> On Fri, Oct 09, 2020 at 02:18:41PM -0700, Tom Rix wrote:
>>>> On 10/9/20 1:18 PM, Paul E. McKenney wrote:
>>>>> On Fri, Oct 09, 2020 at 12:47:36PM -0700, t...@redhat.com wrote:
>>>>>> From: Tom Rix <t...@redhat.com>
>>>>>>
>>>>>> clang static analysis reports this problem:
>>>>>>
>>>>>> rcutorture.c:1999:2: warning: Called function pointer
>>>>>> is null (null dereference)
>>>>>> cur_ops->sync(); /* Later readers see above write. */
>>>>>> ^~~~~~~~~~~~~~~
>>>>>>
>>>>>> This is a false positive triggered by an earlier, later ignored
>>>>>> NULL check of sync() op. By inspection of the rcu_torture_ops,
>>>>>> the sync() op is never uninitialized. So this earlier check is
>>>>>> not needed.
>>>>> You lost me on this one. This check is at the very beginning of
>>>>> rcu_torture_fwd_prog_nr(). Or are you saying that clang is seeing an
>>>>> earlier check in one of rcu_torture_fwd_prog_nr()'s callers? If so,
>>>>> where exactly is this check?
>>>>>
>>>>> In any case, the check is needed because all three functions are invoked
>>>>> if there is a self-propagating RCU callback that ensures that there is
>>>>> always an RCU grace period outstanding.
>>>>>
>>>>> Ah. Is clang doing local analysis and assuming that because there was
>>>>> a NULL check earlier, then the pointer might be NULL later? That does
>>>>> not seem to me to be a sound check.
>>>>>
>>>>> So please let me know exactly what is causing clang to emit this
>>>>> diagnostic. It might or might not be worth fixing this, but either way
>>>>> I need to understand the situation so as to be able to understand the
>>>>> set of feasible fixes.
>>>>>
>>>>> Thanx, Paul
>>>> In rcu_prog_nr() there is check for for sync.
>>>>
>>>> if ( ... cur_op->sync ...
>>>>
>>>>   do something
>>>>
>>>> This flags in clang's static analyzer as 'could be null'
>>>>
>>>> later in the function, in a reachable block it is used
>>>>
>>>> cur_ops->sync()
>>>>
>>>> I agree this is not a good check that's why i said is was a false positive.
>>>>
>>>> However when looking closer at how cur_ops is set, it is never
>>>> uninitialized.
>>>>
>>>> So the check is not needed.
>>> OK, got it, and thank you for the explanation.
>>>
>>>> This is not a fix, the code works fine. It is a small optimization.
>>> Well, there really is a bug. Yes, right now all ->sync pointers are
>>> non-NULL, but they have not been in the past and might not be in the
>>> future. So if ->sync is NULL, rcu_torture_fwd_prog_nr() either should
>>> not be called or it should return immediately without doing anything.
>>>
>>> My current thought is something like the (untested) patch below, of
>>> course with your Reported-by.
>>>
>>> Thoughts?
>> Yes that would be fine.
>>
>> In in review these other cases need to be been take care of.
> I am having a difficult time interpreting this sentence, but will
> optimistically assume that it means that you are good with this approach.
> If my optimism is unwarranted, please let me know so I can fix whatever
> might be broken.
>
>> Reported-by: Tom Rix <t...@redhat.com>
> How does the commit below look?
Looks fine.
Thanks
Tom
>
> Thanx, Paul
>
> ------------------------------------------------------------------------
>
> commit 75c79a5dd72c1bb59f6bd6c5ec36f3a6516795cd
> Author: Paul E. McKenney <paul...@kernel.org>
> Date: Fri Oct 9 19:51:55 2020 -0700
>
> rcutorture: Don't do need_resched() testing if ->sync is NULL
>
> If cur_ops->sync is NULL, rcu_torture_fwd_prog_nr() will nevertheless
> attempt to call through it. This commit therefore flags cases where
> neither need_resched() nor call_rcu() forward-progress testing
> can be performed due to NULL function pointers, and also causes
> rcu_torture_fwd_prog_nr() to take an early exit if cur_ops->sync()
> is NULL.
>
> Reported-by: Tom Rix <t...@redhat.com>
> Signed-off-by: Paul E. McKenney <paul...@kernel.org>
>
> diff --git a/kernel/rcu/rcutorture.c b/kernel/rcu/rcutorture.c
> index beba9e7..44749be 100644
> --- a/kernel/rcu/rcutorture.c
> +++ b/kernel/rcu/rcutorture.c
> @@ -1989,7 +1989,9 @@ static void rcu_torture_fwd_prog_nr(struct rcu_fwd *rfp,
> unsigned long stopat;
> static DEFINE_TORTURE_RANDOM(trs);
>
> - if (cur_ops->call && cur_ops->sync && cur_ops->cb_barrier) {
> + if (!cur_ops->sync)
> + return; // Cannot do need_resched() forward progress testing
> without ->sync.
> + if (cur_ops->call && cur_ops->cb_barrier) {
> init_rcu_head_on_stack(&fcs.rh);
> selfpropcb = true;
> }
> @@ -2215,8 +2217,8 @@ static int __init rcu_torture_fwd_prog_init(void)
>
> if (!fwd_progress)
> return 0; /* Not requested, so don't do it. */
> - if (!cur_ops->stall_dur || cur_ops->stall_dur() <= 0 ||
> - cur_ops == &rcu_busted_ops) {
> + if ((!cur_ops->sync && !cur_ops->call) ||
> + !cur_ops->stall_dur || cur_ops->stall_dur() <= 0 || cur_ops ==
> &rcu_busted_ops) {
> VERBOSE_TOROUT_STRING("rcu_torture_fwd_prog_init: Disabled,
> unsupported by RCU flavor under test");
> return 0;
> }
>
