* Re: fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
[not found] <201509072033.3vy462XZ%fengguang.wu@intel.com>
@ 2015-09-07 14:01 ` Julia Lawall
2015-09-08 6:13 ` Joseph Qi
0 siblings, 1 reply; 6+ messages in thread
From: Julia Lawall @ 2015-09-07 14:01 UTC (permalink / raw)
To: kbuild test robot, joseph.qi, kbuild-all, akpm, linux-mm; +Cc: kbuild
It looks like a serious problem, because the loop update does a
dereference of the first argument of list_for_each via list_entry.
julia
On Mon, 7 Sep 2015, kbuild test robot wrote:
> TO: Joseph Qi <joseph.qi@huawei.com>
> CC: kbuild-all@01.org
> CC: Andrew Morton <akpm@linux-foundation.org>
> CC: Linux Memory Management List <linux-mm@kvack.org>
>
> tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head: 7d9071a095023cd1db8fa18fa0d648dc1a5210e0
> commit: f83c7b5e9fd633fe91128af116e6472a8c4d29a5 ocfs2/dlm: use list_for_each_entry instead of list_for_each
> date: 3 days ago
> :::::: branch date: 33 hours ago
> :::::: commit date: 3 days ago
>
> >> fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
>
> git remote add linus git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> git remote update linus
> git checkout f83c7b5e9fd633fe91128af116e6472a8c4d29a5
> vim +1824 fs/ocfs2/dlm/dlmrecovery.c
>
> 6714d8e8 Kurt Hackel 2005-12-15 1818 BUG_ON(!(mres->flags & DLM_MRES_MIGRATION));
> 6714d8e8 Kurt Hackel 2005-12-15 1819
> 34aa8dac Junxiao Bi 2014-04-03 1820 lock = NULL;
> 6714d8e8 Kurt Hackel 2005-12-15 1821 spin_lock(&res->spinlock);
> e17e75ec Kurt Hackel 2007-01-05 1822 for (j = DLM_GRANTED_LIST; j <= DLM_BLOCKED_LIST; j++) {
> e17e75ec Kurt Hackel 2007-01-05 1823 tmpq = dlm_list_idx_to_ptr(res, j);
> f83c7b5e Joseph Qi 2015-09-04 @1824 list_for_each_entry(lock, tmpq, list) {
> 34aa8dac Junxiao Bi 2014-04-03 1825 if (lock->ml.cookie == ml->cookie)
> 6714d8e8 Kurt Hackel 2005-12-15 1826 break;
> 34aa8dac Junxiao Bi 2014-04-03 @1827 lock = NULL;
> 6714d8e8 Kurt Hackel 2005-12-15 1828 }
> e17e75ec Kurt Hackel 2007-01-05 1829 if (lock)
> e17e75ec Kurt Hackel 2007-01-05 1830 break;
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
2015-09-07 14:01 ` fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827 Julia Lawall
@ 2015-09-08 6:13 ` Joseph Qi
2015-09-08 7:22 ` Julia Lawall
0 siblings, 1 reply; 6+ messages in thread
From: Joseph Qi @ 2015-09-08 6:13 UTC (permalink / raw)
To: Julia Lawall; +Cc: kbuild test robot, kbuild-all, akpm, linux-mm, kbuild
Hi Julia,
On 2015/9/7 22:01, Julia Lawall wrote:
> It looks like a serious problem, because the loop update does a
> dereference of the first argument of list_for_each via list_entry.
>
Could you give more details about this? IMO, it doesn't make any
difference in functional logic.
> julia
>
> On Mon, 7 Sep 2015, kbuild test robot wrote:
>
>> TO: Joseph Qi <joseph.qi@huawei.com>
>> CC: kbuild-all@01.org
>> CC: Andrew Morton <akpm@linux-foundation.org>
>> CC: Linux Memory Management List <linux-mm@kvack.org>
>>
>> tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
>> head: 7d9071a095023cd1db8fa18fa0d648dc1a5210e0
>> commit: f83c7b5e9fd633fe91128af116e6472a8c4d29a5 ocfs2/dlm: use list_for_each_entry instead of list_for_each
>> date: 3 days ago
>> :::::: branch date: 33 hours ago
>> :::::: commit date: 3 days ago
>>
>>>> fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
>>
>> git remote add linus git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
>> git remote update linus
>> git checkout f83c7b5e9fd633fe91128af116e6472a8c4d29a5
>> vim +1824 fs/ocfs2/dlm/dlmrecovery.c
>>
>> 6714d8e8 Kurt Hackel 2005-12-15 1818 BUG_ON(!(mres->flags & DLM_MRES_MIGRATION));
>> 6714d8e8 Kurt Hackel 2005-12-15 1819
>> 34aa8dac Junxiao Bi 2014-04-03 1820 lock = NULL;
>> 6714d8e8 Kurt Hackel 2005-12-15 1821 spin_lock(&res->spinlock);
>> e17e75ec Kurt Hackel 2007-01-05 1822 for (j = DLM_GRANTED_LIST; j <= DLM_BLOCKED_LIST; j++) {
>> e17e75ec Kurt Hackel 2007-01-05 1823 tmpq = dlm_list_idx_to_ptr(res, j);
>> f83c7b5e Joseph Qi 2015-09-04 @1824 list_for_each_entry(lock, tmpq, list) {
>> 34aa8dac Junxiao Bi 2014-04-03 1825 if (lock->ml.cookie == ml->cookie)
>> 6714d8e8 Kurt Hackel 2005-12-15 1826 break;
>> 34aa8dac Junxiao Bi 2014-04-03 @1827 lock = NULL;
>> 6714d8e8 Kurt Hackel 2005-12-15 1828 }
>> e17e75ec Kurt Hackel 2007-01-05 1829 if (lock)
>> e17e75ec Kurt Hackel 2007-01-05 1830 break;
>>
>> ---
>> 0-DAY kernel test infrastructure Open Source Technology Center
>> https://lists.01.org/pipermail/kbuild-all Intel Corporation
>>
>
> .
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
2015-09-08 6:13 ` Joseph Qi
@ 2015-09-08 7:22 ` Julia Lawall
2015-09-08 8:40 ` Joseph Qi
0 siblings, 1 reply; 6+ messages in thread
From: Julia Lawall @ 2015-09-08 7:22 UTC (permalink / raw)
To: Joseph Qi
Cc: Julia Lawall, kbuild test robot, kbuild-all, akpm, linux-mm, kbuild
On Tue, 8 Sep 2015, Joseph Qi wrote:
> Hi Julia,
>
> On 2015/9/7 22:01, Julia Lawall wrote:
> > It looks like a serious problem, because the loop update does a
> > dereference of the first argument of list_for_each via list_entry.
> >
> Could you give more details about this? IMO, it doesn't make any
> difference in functional logic.
Do you expect that setting lock to NULL will cause a break out of the
loop? Because it does not. The expansion of list_for_each_entry is:
#define list_for_each_entry(pos, head, member) \
for (pos = list_first_entry(head, typeof(*pos), member); \
&pos->member != (head); \
pos = list_next_entry(pos, member))
Since pos is NULL, &pos->member != (head), so we will take the loop
update. List_next_entry is:
#define list_next_entry(pos, member) \
list_entry((pos)->member.next, typeof(*(pos)), member)
list_entry is container_of, which does
const typeof( ((type *)0)->member ) *__mptr = (ptr);
This causes (pos)->member.next to be evaluated, which since pos is NULL
will crash.
julia
>
> > julia
> >
> > On Mon, 7 Sep 2015, kbuild test robot wrote:
> >
> >> TO: Joseph Qi <joseph.qi@huawei.com>
> >> CC: kbuild-all@01.org
> >> CC: Andrew Morton <akpm@linux-foundation.org>
> >> CC: Linux Memory Management List <linux-mm@kvack.org>
> >>
> >> tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> >> head: 7d9071a095023cd1db8fa18fa0d648dc1a5210e0
> >> commit: f83c7b5e9fd633fe91128af116e6472a8c4d29a5 ocfs2/dlm: use list_for_each_entry instead of list_for_each
> >> date: 3 days ago
> >> :::::: branch date: 33 hours ago
> >> :::::: commit date: 3 days ago
> >>
> >>>> fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
> >>
> >> git remote add linus git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> >> git remote update linus
> >> git checkout f83c7b5e9fd633fe91128af116e6472a8c4d29a5
> >> vim +1824 fs/ocfs2/dlm/dlmrecovery.c
> >>
> >> 6714d8e8 Kurt Hackel 2005-12-15 1818 BUG_ON(!(mres->flags & DLM_MRES_MIGRATION));
> >> 6714d8e8 Kurt Hackel 2005-12-15 1819
> >> 34aa8dac Junxiao Bi 2014-04-03 1820 lock = NULL;
> >> 6714d8e8 Kurt Hackel 2005-12-15 1821 spin_lock(&res->spinlock);
> >> e17e75ec Kurt Hackel 2007-01-05 1822 for (j = DLM_GRANTED_LIST; j <= DLM_BLOCKED_LIST; j++) {
> >> e17e75ec Kurt Hackel 2007-01-05 1823 tmpq = dlm_list_idx_to_ptr(res, j);
> >> f83c7b5e Joseph Qi 2015-09-04 @1824 list_for_each_entry(lock, tmpq, list) {
> >> 34aa8dac Junxiao Bi 2014-04-03 1825 if (lock->ml.cookie == ml->cookie)
> >> 6714d8e8 Kurt Hackel 2005-12-15 1826 break;
> >> 34aa8dac Junxiao Bi 2014-04-03 @1827 lock = NULL;
> >> 6714d8e8 Kurt Hackel 2005-12-15 1828 }
> >> e17e75ec Kurt Hackel 2007-01-05 1829 if (lock)
> >> e17e75ec Kurt Hackel 2007-01-05 1830 break;
> >>
> >> ---
> >> 0-DAY kernel test infrastructure Open Source Technology Center
> >> https://lists.01.org/pipermail/kbuild-all Intel Corporation
> >>
> >
> > .
> >
>
>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
2015-09-08 7:22 ` Julia Lawall
@ 2015-09-08 8:40 ` Joseph Qi
2015-09-08 9:00 ` Julia Lawall
0 siblings, 1 reply; 6+ messages in thread
From: Joseph Qi @ 2015-09-08 8:40 UTC (permalink / raw)
To: Julia Lawall; +Cc: kbuild test robot, kbuild-all, akpm, linux-mm, kbuild
On 2015/9/8 15:22, Julia Lawall wrote:
> On Tue, 8 Sep 2015, Joseph Qi wrote:
>
>> Hi Julia,
>>
>> On 2015/9/7 22:01, Julia Lawall wrote:
>>> It looks like a serious problem, because the loop update does a
>>> dereference of the first argument of list_for_each via list_entry.
>>>
>> Could you give more details about this? IMO, it doesn't make any
>> difference in functional logic.
>
> Do you expect that setting lock to NULL will cause a break out of the
> loop? Because it does not. The expansion of list_for_each_entry is:
>
> #define list_for_each_entry(pos, head, member) \
> for (pos = list_first_entry(head, typeof(*pos), member); \
> &pos->member != (head); \
> pos = list_next_entry(pos, member))
>
> Since pos is NULL, &pos->member != (head), so we will take the loop
> update. List_next_entry is:
>
My understanding is, pos is an address rather than NULL, which is
calculated from head's address with an offset.
In case of an empty head, &pos->member will compensate the offset again
and makes it evaluated the same head. Then it breaks out the loop.
Joseph
> #define list_next_entry(pos, member) \
> list_entry((pos)->member.next, typeof(*(pos)), member)
>
> list_entry is container_of, which does
>
> const typeof( ((type *)0)->member ) *__mptr = (ptr);
>
> This causes (pos)->member.next to be evaluated, which since pos is NULL
> will crash.
>
> julia
>
>>
>>> julia
>>>
>>> On Mon, 7 Sep 2015, kbuild test robot wrote:
>>>
>>>> TO: Joseph Qi <joseph.qi@huawei.com>
>>>> CC: kbuild-all@01.org
>>>> CC: Andrew Morton <akpm@linux-foundation.org>
>>>> CC: Linux Memory Management List <linux-mm@kvack.org>
>>>>
>>>> tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
>>>> head: 7d9071a095023cd1db8fa18fa0d648dc1a5210e0
>>>> commit: f83c7b5e9fd633fe91128af116e6472a8c4d29a5 ocfs2/dlm: use list_for_each_entry instead of list_for_each
>>>> date: 3 days ago
>>>> :::::: branch date: 33 hours ago
>>>> :::::: commit date: 3 days ago
>>>>
>>>>>> fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
>>>>
>>>> git remote add linus git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
>>>> git remote update linus
>>>> git checkout f83c7b5e9fd633fe91128af116e6472a8c4d29a5
>>>> vim +1824 fs/ocfs2/dlm/dlmrecovery.c
>>>>
>>>> 6714d8e8 Kurt Hackel 2005-12-15 1818 BUG_ON(!(mres->flags & DLM_MRES_MIGRATION));
>>>> 6714d8e8 Kurt Hackel 2005-12-15 1819
>>>> 34aa8dac Junxiao Bi 2014-04-03 1820 lock = NULL;
>>>> 6714d8e8 Kurt Hackel 2005-12-15 1821 spin_lock(&res->spinlock);
>>>> e17e75ec Kurt Hackel 2007-01-05 1822 for (j = DLM_GRANTED_LIST; j <= DLM_BLOCKED_LIST; j++) {
>>>> e17e75ec Kurt Hackel 2007-01-05 1823 tmpq = dlm_list_idx_to_ptr(res, j);
>>>> f83c7b5e Joseph Qi 2015-09-04 @1824 list_for_each_entry(lock, tmpq, list) {
>>>> 34aa8dac Junxiao Bi 2014-04-03 1825 if (lock->ml.cookie == ml->cookie)
>>>> 6714d8e8 Kurt Hackel 2005-12-15 1826 break;
>>>> 34aa8dac Junxiao Bi 2014-04-03 @1827 lock = NULL;
>>>> 6714d8e8 Kurt Hackel 2005-12-15 1828 }
>>>> e17e75ec Kurt Hackel 2007-01-05 1829 if (lock)
>>>> e17e75ec Kurt Hackel 2007-01-05 1830 break;
>>>>
>>>> ---
>>>> 0-DAY kernel test infrastructure Open Source Technology Center
>>>> https://lists.01.org/pipermail/kbuild-all Intel Corporation
>>>>
>>>
>>> .
>>>
>>
>>
>>
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
> .
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
2015-09-08 8:40 ` Joseph Qi
@ 2015-09-08 9:00 ` Julia Lawall
2015-09-08 9:26 ` Joseph Qi
0 siblings, 1 reply; 6+ messages in thread
From: Julia Lawall @ 2015-09-08 9:00 UTC (permalink / raw)
To: Joseph Qi
Cc: Julia Lawall, kbuild test robot, kbuild-all, akpm, linux-mm, kbuild
On Tue, 8 Sep 2015, Joseph Qi wrote:
> On 2015/9/8 15:22, Julia Lawall wrote:
> > On Tue, 8 Sep 2015, Joseph Qi wrote:
> >
> >> Hi Julia,
> >>
> >> On 2015/9/7 22:01, Julia Lawall wrote:
> >>> It looks like a serious problem, because the loop update does a
> >>> dereference of the first argument of list_for_each via list_entry.
> >>>
> >> Could you give more details about this? IMO, it doesn't make any
> >> difference in functional logic.
> >
> > Do you expect that setting lock to NULL will cause a break out of the
> > loop? Because it does not. The expansion of list_for_each_entry is:
> >
> > #define list_for_each_entry(pos, head, member) \
> > for (pos = list_first_entry(head, typeof(*pos), member); \
> > &pos->member != (head); \
> > pos = list_next_entry(pos, member))
> >
> > Since pos is NULL, &pos->member != (head), so we will take the loop
> > update. List_next_entry is:
> >
> My understanding is, pos is an address rather than NULL, which is
> calculated from head's address with an offset.
> In case of an empty head, &pos->member will compensate the offset again
> and makes it evaluated the same head. Then it breaks out the loop.
Your code contains:
list_for_each_entry(lock, tmpq, list)
In the body of the loop, there is an assignment of lock to NULL. So now
pos will be NULL.
julia
>
> Joseph
>
> > #define list_next_entry(pos, member) \
> > list_entry((pos)->member.next, typeof(*(pos)), member)
> >
> > list_entry is container_of, which does
> >
> > const typeof( ((type *)0)->member ) *__mptr = (ptr);
> >
> > This causes (pos)->member.next to be evaluated, which since pos is NULL
> > will crash.
> >
> > julia
> >
> >>
> >>> julia
> >>>
> >>> On Mon, 7 Sep 2015, kbuild test robot wrote:
> >>>
> >>>> TO: Joseph Qi <joseph.qi@huawei.com>
> >>>> CC: kbuild-all@01.org
> >>>> CC: Andrew Morton <akpm@linux-foundation.org>
> >>>> CC: Linux Memory Management List <linux-mm@kvack.org>
> >>>>
> >>>> tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> >>>> head: 7d9071a095023cd1db8fa18fa0d648dc1a5210e0
> >>>> commit: f83c7b5e9fd633fe91128af116e6472a8c4d29a5 ocfs2/dlm: use list_for_each_entry instead of list_for_each
> >>>> date: 3 days ago
> >>>> :::::: branch date: 33 hours ago
> >>>> :::::: commit date: 3 days ago
> >>>>
> >>>>>> fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
> >>>>
> >>>> git remote add linus git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> >>>> git remote update linus
> >>>> git checkout f83c7b5e9fd633fe91128af116e6472a8c4d29a5
> >>>> vim +1824 fs/ocfs2/dlm/dlmrecovery.c
> >>>>
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1818 BUG_ON(!(mres->flags & DLM_MRES_MIGRATION));
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1819
> >>>> 34aa8dac Junxiao Bi 2014-04-03 1820 lock = NULL;
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1821 spin_lock(&res->spinlock);
> >>>> e17e75ec Kurt Hackel 2007-01-05 1822 for (j = DLM_GRANTED_LIST; j <= DLM_BLOCKED_LIST; j++) {
> >>>> e17e75ec Kurt Hackel 2007-01-05 1823 tmpq = dlm_list_idx_to_ptr(res, j);
> >>>> f83c7b5e Joseph Qi 2015-09-04 @1824 list_for_each_entry(lock, tmpq, list) {
> >>>> 34aa8dac Junxiao Bi 2014-04-03 1825 if (lock->ml.cookie == ml->cookie)
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1826 break;
> >>>> 34aa8dac Junxiao Bi 2014-04-03 @1827 lock = NULL;
> >>>> 6714d8e8 Kurt Hackel 2005-12-15 1828 }
> >>>> e17e75ec Kurt Hackel 2007-01-05 1829 if (lock)
> >>>> e17e75ec Kurt Hackel 2007-01-05 1830 break;
> >>>>
> >>>> ---
> >>>> 0-DAY kernel test infrastructure Open Source Technology Center
> >>>> https://lists.01.org/pipermail/kbuild-all Intel Corporation
> >>>>
> >>>
> >>> .
> >>>
> >>
> >>
> >>
> >
> > --
> > To unsubscribe, send a message with 'unsubscribe linux-mm' in
> > the body to majordomo@kvack.org. For more info on Linux MM,
> > see: http://www.linux-mm.org/ .
> > Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
> >
> > .
> >
>
>
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
2015-09-08 9:00 ` Julia Lawall
@ 2015-09-08 9:26 ` Joseph Qi
0 siblings, 0 replies; 6+ messages in thread
From: Joseph Qi @ 2015-09-08 9:26 UTC (permalink / raw)
To: Julia Lawall, akpm; +Cc: kbuild test robot, kbuild-all, linux-mm, kbuild
On 2015/9/8 17:00, Julia Lawall wrote:
>
>
> On Tue, 8 Sep 2015, Joseph Qi wrote:
>
>> On 2015/9/8 15:22, Julia Lawall wrote:
>>> On Tue, 8 Sep 2015, Joseph Qi wrote:
>>>
>>>> Hi Julia,
>>>>
>>>> On 2015/9/7 22:01, Julia Lawall wrote:
>>>>> It looks like a serious problem, because the loop update does a
>>>>> dereference of the first argument of list_for_each via list_entry.
>>>>>
>>>> Could you give more details about this? IMO, it doesn't make any
>>>> difference in functional logic.
>>>
>>> Do you expect that setting lock to NULL will cause a break out of the
>>> loop? Because it does not. The expansion of list_for_each_entry is:
>>>
>>> #define list_for_each_entry(pos, head, member) \
>>> for (pos = list_first_entry(head, typeof(*pos), member); \
>>> &pos->member != (head); \
>>> pos = list_next_entry(pos, member))
>>>
>>> Since pos is NULL, &pos->member != (head), so we will take the loop
>>> update. List_next_entry is:
>>>
>> My understanding is, pos is an address rather than NULL, which is
>> calculated from head's address with an offset.
>> In case of an empty head, &pos->member will compensate the offset again
>> and makes it evaluated the same head. Then it breaks out the loop.
>
> Your code contains:
>
> list_for_each_entry(lock, tmpq, list)
>
> In the body of the loop, there is an assignment of lock to NULL. So now
> pos will be NULL.
>
I got the problem. Thanks very much.
Andrew, please revert this patch, thanks.
> julia
>
>>
>> Joseph
>>
>>> #define list_next_entry(pos, member) \
>>> list_entry((pos)->member.next, typeof(*(pos)), member)
>>>
>>> list_entry is container_of, which does
>>>
>>> const typeof( ((type *)0)->member ) *__mptr = (ptr);
>>>
>>> This causes (pos)->member.next to be evaluated, which since pos is NULL
>>> will crash.
>>>
>>> julia
>>>
>>>>
>>>>> julia
>>>>>
>>>>> On Mon, 7 Sep 2015, kbuild test robot wrote:
>>>>>
>>>>>> TO: Joseph Qi <joseph.qi@huawei.com>
>>>>>> CC: kbuild-all@01.org
>>>>>> CC: Andrew Morton <akpm@linux-foundation.org>
>>>>>> CC: Linux Memory Management List <linux-mm@kvack.org>
>>>>>>
>>>>>> tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
>>>>>> head: 7d9071a095023cd1db8fa18fa0d648dc1a5210e0
>>>>>> commit: f83c7b5e9fd633fe91128af116e6472a8c4d29a5 ocfs2/dlm: use list_for_each_entry instead of list_for_each
>>>>>> date: 3 days ago
>>>>>> :::::: branch date: 33 hours ago
>>>>>> :::::: commit date: 3 days ago
>>>>>>
>>>>>>>> fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827
>>>>>>
>>>>>> git remote add linus git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
>>>>>> git remote update linus
>>>>>> git checkout f83c7b5e9fd633fe91128af116e6472a8c4d29a5
>>>>>> vim +1824 fs/ocfs2/dlm/dlmrecovery.c
>>>>>>
>>>>>> 6714d8e8 Kurt Hackel 2005-12-15 1818 BUG_ON(!(mres->flags & DLM_MRES_MIGRATION));
>>>>>> 6714d8e8 Kurt Hackel 2005-12-15 1819
>>>>>> 34aa8dac Junxiao Bi 2014-04-03 1820 lock = NULL;
>>>>>> 6714d8e8 Kurt Hackel 2005-12-15 1821 spin_lock(&res->spinlock);
>>>>>> e17e75ec Kurt Hackel 2007-01-05 1822 for (j = DLM_GRANTED_LIST; j <= DLM_BLOCKED_LIST; j++) {
>>>>>> e17e75ec Kurt Hackel 2007-01-05 1823 tmpq = dlm_list_idx_to_ptr(res, j);
>>>>>> f83c7b5e Joseph Qi 2015-09-04 @1824 list_for_each_entry(lock, tmpq, list) {
>>>>>> 34aa8dac Junxiao Bi 2014-04-03 1825 if (lock->ml.cookie == ml->cookie)
>>>>>> 6714d8e8 Kurt Hackel 2005-12-15 1826 break;
>>>>>> 34aa8dac Junxiao Bi 2014-04-03 @1827 lock = NULL;
>>>>>> 6714d8e8 Kurt Hackel 2005-12-15 1828 }
>>>>>> e17e75ec Kurt Hackel 2007-01-05 1829 if (lock)
>>>>>> e17e75ec Kurt Hackel 2007-01-05 1830 break;
>>>>>>
>>>>>> ---
>>>>>> 0-DAY kernel test infrastructure Open Source Technology Center
>>>>>> https://lists.01.org/pipermail/kbuild-all Intel Corporation
>>>>>>
>>>>>
>>>>> .
>>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> To unsubscribe, send a message with 'unsubscribe linux-mm' in
>>> the body to majordomo@kvack.org. For more info on Linux MM,
>>> see: http://www.linux-mm.org/ .
>>> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>>>
>>> .
>>>
>>
>>
>>
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org. For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
>
> .
>
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-09-08 9:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <201509072033.3vy462XZ%fengguang.wu@intel.com>
2015-09-07 14:01 ` fs/ocfs2/dlm/dlmrecovery.c:1824:4-23: iterator with update on line 1827 Julia Lawall
2015-09-08 6:13 ` Joseph Qi
2015-09-08 7:22 ` Julia Lawall
2015-09-08 8:40 ` Joseph Qi
2015-09-08 9:00 ` Julia Lawall
2015-09-08 9:26 ` Joseph Qi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox