io_uring/io-wq: avoid garbage value of 'match' in io_wq_enqueue()

Clang static checker (scan-build) warning:
o_uring/io-wq.c:line 1051, column 3
The expression is an uninitialized value. The computed value will
also be garbage.

'match.nr_pending' is used in io_acct_cancel_pending_work(), but it is
not fully initialized. Change the order of assignment for 'match' to fix
this problem.

Fixes: 42abc95f05bf ("io-wq: decouple work_list protection from the big wqe->lock")
Signed-off-by: Su Hui <suhui@nfschina.com>
Link: https://lore.kernel.org/r/20240604121242.2661244-1-suhui@nfschina.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/io_uring/io-wq.c b/io_uring/io-wq.c
index d1c47a9d921582d3ebd646c0cc46de70333d92fc..7d3316fe9bfc469a9fe3cf316b61807004861252 100644 (file)
--- a/io_uring/io-wq.c
+++ b/io_uring/io-wq.c
@@ -927,7 +927,11 @@ void io_wq_enqueue(struct io_wq *wq, struct io_wq_work *work)
 {
        struct io_wq_acct *acct = io_work_get_acct(wq, work);
        unsigned long work_flags = work->flags;
-       struct io_cb_cancel_data match;
+       struct io_cb_cancel_data match = {
+               .fn             = io_wq_work_match_item,
+               .data           = work,
+               .cancel_all     = false,
+       };
        bool do_create;
 
        /*
@@ -965,10 +969,6 @@ void io_wq_enqueue(struct io_wq *wq, struct io_wq_work *work)
                raw_spin_unlock(&wq->lock);
 
                /* fatal condition, failed to create the first worker */
-               match.fn                = io_wq_work_match_item,
-               match.data              = work,
-               match.cancel_all        = false,
-
                io_acct_cancel_pending_work(wq, acct, &match);
        }
 }