From owner-freebsd-bugs@freebsd.org Mon Feb 13 19:34:44 2017 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1811CDDE32 for ; Mon, 13 Feb 2017 19:34:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E08181301 for ; Mon, 13 Feb 2017 19:34:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id v1DJYiOB056178 for ; Mon, 13 Feb 2017 19:34:44 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 217022] [PATCH] To be using an uninitialized variable member of struct cpu_search at function cpu_search Date: Mon, 13 Feb 2017 19:34:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-RELEASE X-Bugzilla-Keywords: patch X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: hisamitu@uranus.dti.ne.jp X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Feb 2017 19:34:45 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D217022 --- Comment #2 from hisamitu@uranus.dti.ne.jp --- (In reply to Andriy Gapon from comment #1) Those are in sys/kern/sched_ule.c. Could you please refer to 2 lines with the comment "<--- here. ..." ? -------- static __always_inline int cpu_search(const struct cpu_group *cg, struct cpu_search *low, struct cpu_search *high, const int match) { struct cpu_search lgroup; struct cpu_search hgroup; cpuset_t cpumask; struct cpu_group *child; struct tdq *tdq; int cpu, i, hload, lload, load, total, rnd; total =3D 0; cpumask =3D cg->cg_mask; if (match & CPU_SEARCH_LOWEST) { lload =3D INT_MAX; lgroup =3D *low; } if (match & CPU_SEARCH_HIGHEST) { hload =3D INT_MIN; hgroup =3D *high; } /* Iterate through the child CPU groups and then remaining CPUs. */ for (i =3D cg->cg_children, cpu =3D mp_maxid; ; ) { if (i =3D=3D 0) { #ifdef HAVE_INLINE_FFSL cpu =3D CPU_FFS(&cpumask) - 1; #else while (cpu >=3D 0 && !CPU_ISSET(cpu, &cpumask)) cpu--; #endif if (cpu < 0) break; child =3D NULL; } else child =3D &cg->cg_child[i - 1]; if (match & CPU_SEARCH_LOWEST) lgroup.cs_cpu =3D -1; if (match & CPU_SEARCH_HIGHEST) hgroup.cs_cpu =3D -1; if (child) { /* Handle child CPU group. */ CPU_NAND(&cpumask, &child->cg_mask); switch (match) { case CPU_SEARCH_LOWEST: load =3D cpu_search_lowest(child, &lgroup); break; case CPU_SEARCH_HIGHEST: load =3D cpu_search_highest(child, &hgroup); break; case CPU_SEARCH_BOTH: load =3D cpu_search_both(child, &lgroup, &hgroup); break; } } else { /* Handle child CPU. */ CPU_CLR(cpu, &cpumask); tdq =3D TDQ_CPU(cpu);=20 load =3D tdq->tdq_load * 256; rnd =3D sched_random() % 32; if (match & CPU_SEARCH_LOWEST) { if (cpu =3D=3D low->cs_prefer) load -=3D 64; /* If that CPU is allowed and get data. */ if (tdq->tdq_lowpri > lgroup.cs_pri && tdq->tdq_load <=3D lgroup.cs_limit && CPU_ISSET(cpu, &lgroup.cs_mask)) { lgroup.cs_cpu =3D cpu;=20 lgroup.cs_load =3D load - rnd; }=20 }=20 if (match & CPU_SEARCH_HIGHEST) if (tdq->tdq_load >=3D hgroup.cs_limit &&=20 tdq->tdq_transferable && CPU_ISSET(cpu, &hgroup.cs_mask)) { hgroup.cs_cpu =3D cpu; hgroup.cs_load =3D load - rnd; } } total +=3D load; /* We have info about child item. Compare it. */ if (match & CPU_SEARCH_LOWEST) { if (lgroup.cs_cpu >=3D 0 && (load < lload || (load =3D=3D lload && lgroup.cs_load < low->cs_load))) { <= --- here. cs_load in "low" is not set value. lload =3D load; low->cs_cpu =3D lgroup.cs_cpu; low->cs_load =3D lgroup.cs_load; } } if (match & CPU_SEARCH_HIGHEST) if (hgroup.cs_cpu >=3D 0 && (load > hload || (load =3D=3D hload && hgroup.cs_load > high->cs_load))) { = <--- here. cs_load in "high" is not set value. hload =3D load; high->cs_cpu =3D hgroup.cs_cpu; high->cs_load =3D hgroup.cs_load; } if (child) { i--; if (i =3D=3D 0 && CPU_EMPTY(&cpumask)) break; } #ifndef HAVE_INLINE_FFSL else cpu--; #endif } return (total); } /* * cpu_search instantiations must pass constants to maintain the inline * optimization. */ int cpu_search_lowest(const struct cpu_group *cg, struct cpu_search *low) { return cpu_search(cg, low, NULL, CPU_SEARCH_LOWEST); } int cpu_search_highest(const struct cpu_group *cg, struct cpu_search *high) { return cpu_search(cg, NULL, high, CPU_SEARCH_HIGHEST); } int cpu_search_both(const struct cpu_group *cg, struct cpu_search *low, struct cpu_search *high) { return cpu_search(cg, low, high, CPU_SEARCH_BOTH); } /* * Find the cpu with the least load via the least loaded path that has a * lowpri greater than pri pri. A pri of -1 indicates any priority is * acceptable. */ static inline int sched_lowest(const struct cpu_group *cg, cpuset_t mask, int pri, int maxloa= d, int prefer) { struct cpu_search low; low.cs_cpu =3D -1; low.cs_prefer =3D prefer; low.cs_mask =3D mask; low.cs_pri =3D pri; low.cs_limit =3D maxload; cpu_search_lowest(cg, &low); <--- cs_load in "low" is not set a va= lue. return low.cs_cpu; } /* * Find the cpu with the highest load via the highest loaded path. */ static inline int sched_highest(const struct cpu_group *cg, cpuset_t mask, int minload) { struct cpu_search high; high.cs_cpu =3D -1; high.cs_mask =3D mask; high.cs_limit =3D minload; cpu_search_highest(cg, &high); <--- cs_load in "high" is not set a value. return high.cs_cpu; } -------- Both variable "low" and variable "high" are arguments of the function cpu_search. And their member variable cs_load do not have a valid value, because any invoker of function cpu_search does not set a valid value. The function sched_lowest that sets an initial value to each member variabl= e of struct cpu_search do not set a valid value to cs_load, too. Function sched_highest is also same for sched_lowest. So, I think that a member variable cs_load of struct cpu_search are used in= an uninitialized state when a value of auto variable "load" equals either an a= uto variable "lload" or an auto variable "hload". --=20 You are receiving this mail because: You are the assignee for the bug.=