- Kernel - mailweb.openeuler.org

[PATCH OLK-6.6] ext4: Fix race in buffer_head read fault injection
by Long Li 11 Sep '24

11 Sep '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAQ487 CVE: NA -------------------------------- When I enabled ext4 debug for fault injection testing, I encountered the following warning: EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress: Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051 WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0 The root cause of the issue lies in the improper implementation of ext4's buffer_head read fault injection. The actual completion of buffer_head read and the buffer_head fault injection are not atomic, which can lead to the uptodate flag being cleared on normally used buffer_heads in race conditions. [CPU0] [CPU1] [CPU2] ext4_read_inode_bitmap ext4_read_bh() <bh read complete> ext4_read_inode_bitmap if (buffer_uptodate(bh)) return bh jbd2_journal_commit_transaction __jbd2_journal_refile_buffer __jbd2_journal_unfile_buffer __jbd2_journal_temp_unlink_buffer ext4_simulate_fail_bh() clear_buffer_uptodate mark_buffer_dirty <report warning> WARN_ON_ONCE(!buffer_uptodate(bh)) The best approach would be to perform fault injection in the IO completion callback function, rather than after IO completion. However, the IO completion callback function cannot get the fault injection code in sb. Fix it by passing the result of fault injection into the bh read function, we simulate faults within the bh read function itself. This requires adding an extra parameter to the bh read functions that need fault injection. Fixes: 46f870d690fe ("ext4: simulate various I/O and checksum errors when reading metadata") Signed-off-by: Long Li <leo.lilong(a)huawei.com> --- fs/ext4/balloc.c | 4 ++-- fs/ext4/ext4.h | 12 ++---------- fs/ext4/extents.c | 2 +- fs/ext4/ialloc.c | 5 +++-- fs/ext4/indirect.c | 2 +- fs/ext4/inode.c | 4 ++-- fs/ext4/mmp.c | 2 +- fs/ext4/move_extent.c | 2 +- fs/ext4/resize.c | 2 +- fs/ext4/super.c | 23 +++++++++++++++-------- 10 files changed, 29 insertions(+), 29 deletions(-) diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c index 79b20d6ae39e..396474e9e2bf 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -545,7 +545,8 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group, trace_ext4_read_block_bitmap_load(sb, block_group, ignore_locked); ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO | (ignore_locked ? REQ_RAHEAD : 0), - ext4_end_bitmap_read); + ext4_end_bitmap_read, + ext4_simulate_fail(sb, EXT4_SIM_BBITMAP_EIO)); return bh; verify: err = ext4_validate_block_bitmap(sb, desc, block_group, bh); @@ -569,7 +570,6 @@ int ext4_wait_block_bitmap(struct super_block *sb, ext4_group_t block_group, if (!desc) return -EFSCORRUPTED; wait_on_buffer(bh); - ext4_simulate_fail_bh(sb, bh, EXT4_SIM_BBITMAP_EIO); if (!buffer_uptodate(bh)) { ext4_error_err(sb, EIO, "Cannot read block bitmap - " "block_group = %u, block_bitmap = %llu", diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index a6a2981526ef..3f914d4c6d98 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1866,14 +1866,6 @@ static inline bool ext4_simulate_fail(struct super_block *sb, return false; } -static inline void ext4_simulate_fail_bh(struct super_block *sb, - struct buffer_head *bh, - unsigned long code) -{ - if (!IS_ERR(bh) && ext4_simulate_fail(sb, code)) - clear_buffer_uptodate(bh); -} - /* * Error number codes for s_{first,last}_error_errno * @@ -3092,9 +3084,9 @@ extern struct buffer_head *ext4_sb_bread(struct super_block *sb, extern struct buffer_head *ext4_sb_bread_unmovable(struct super_block *sb, sector_t block); extern void ext4_read_bh_nowait(struct buffer_head *bh, blk_opf_t op_flags, - bh_end_io_t *end_io); + bh_end_io_t *end_io, bool simu_fail); extern int ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags, - bh_end_io_t *end_io); + bh_end_io_t *end_io, bool simu_fail); extern int ext4_read_bh_lock(struct buffer_head *bh, blk_opf_t op_flags, bool wait); extern void ext4_sb_breadahead_unmovable(struct super_block *sb, sector_t block); extern int ext4_seq_options_show(struct seq_file *seq, void *offset); diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 2f73c0d9e9e9..d618ff9b6b94 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -564,7 +564,7 @@ __read_extent_tree_block(const char *function, unsigned int line, if (!bh_uptodate_or_lock(bh)) { trace_ext4_ext_load_extent(inode, pblk, _RET_IP_); - err = ext4_read_bh(bh, 0, NULL); + err = ext4_read_bh(bh, 0, NULL, false); if (err < 0) goto errout; } diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index a72c7167c33f..ea0fe973aca0 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -194,8 +194,9 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) * submit the buffer_head for reading */ trace_ext4_load_inode_bitmap(sb, block_group); - ext4_read_bh(bh, REQ_META | REQ_PRIO, ext4_end_bitmap_read); - ext4_simulate_fail_bh(sb, bh, EXT4_SIM_IBITMAP_EIO); + ext4_read_bh(bh, REQ_META | REQ_PRIO, + ext4_end_bitmap_read, + ext4_simulate_fail(sb, EXT4_SIM_IBITMAP_EIO)); if (!buffer_uptodate(bh)) { put_bh(bh); ext4_error_err(sb, EIO, "Cannot read inode bitmap - " diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c index a9f3716119d3..f2c495b745f1 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -170,7 +170,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, } if (!bh_uptodate_or_lock(bh)) { - if (ext4_read_bh(bh, 0, NULL) < 0) { + if (ext4_read_bh(bh, 0, NULL, false) < 0) { put_bh(bh); goto failure; } diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index ef5dfb994f0e..c0b2c6720a66 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -5083,10 +5083,10 @@ static int __ext4_get_inode_loc(struct super_block *sb, unsigned long ino, * Read the block from disk. */ trace_ext4_load_inode(sb, ino); - ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO, NULL); + ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO, NULL, + ext4_simulate_fail(sb, EXT4_SIM_INODE_EIO)); blk_finish_plug(&plug); wait_on_buffer(bh); - ext4_simulate_fail_bh(sb, bh, EXT4_SIM_INODE_EIO); if (!buffer_uptodate(bh)) { if (ret_block) *ret_block = block; diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c index bd946d0c71b7..d64c04ed061a 100644 --- a/fs/ext4/mmp.c +++ b/fs/ext4/mmp.c @@ -94,7 +94,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, } lock_buffer(*bh); - ret = ext4_read_bh(*bh, REQ_META | REQ_PRIO, NULL); + ret = ext4_read_bh(*bh, REQ_META | REQ_PRIO, NULL, false); if (ret) goto warn_exit; diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c index afd7869cae9a..2b6288c2df43 100644 --- a/fs/ext4/move_extent.c +++ b/fs/ext4/move_extent.c @@ -221,7 +221,7 @@ mext_page_mkuptodate(struct folio *folio, unsigned from, unsigned to) for (i = 0; i < nr; i++) { bh = arr[i]; if (!bh_uptodate_or_lock(bh)) { - err = ext4_read_bh(bh, 0, NULL); + err = ext4_read_bh(bh, 0, NULL, false); if (err) return err; } diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c index 5f105171df7b..b34007541e08 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -1301,7 +1301,7 @@ static struct buffer_head *ext4_get_bitmap(struct super_block *sb, __u64 block) if (unlikely(!bh)) return NULL; if (!bh_uptodate_or_lock(bh)) { - if (ext4_read_bh(bh, 0, NULL) < 0) { + if (ext4_read_bh(bh, 0, NULL, false) < 0) { brelse(bh); return NULL; } diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 9f3c7855095d..78a4324178db 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -185,8 +185,14 @@ MODULE_ALIAS("ext3"); static inline void __ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags, - bh_end_io_t *end_io) + bh_end_io_t *end_io, bool simu_fail) { + if (simu_fail) { + clear_buffer_uptodate(bh); + unlock_buffer(bh); + return; + } + /* * buffer's verified bit is no longer valid after reading from * disk again due to write out error, clear it to make sure we @@ -200,7 +206,7 @@ static inline void __ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags, } void ext4_read_bh_nowait(struct buffer_head *bh, blk_opf_t op_flags, - bh_end_io_t *end_io) + bh_end_io_t *end_io, bool simu_fail) { BUG_ON(!buffer_locked(bh)); @@ -208,10 +214,11 @@ void ext4_read_bh_nowait(struct buffer_head *bh, blk_opf_t op_flags, unlock_buffer(bh); return; } - __ext4_read_bh(bh, op_flags, end_io); + __ext4_read_bh(bh, op_flags, end_io, simu_fail); } -int ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags, bh_end_io_t *end_io) +int ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags, + bh_end_io_t *end_io, bool simu_fail) { BUG_ON(!buffer_locked(bh)); @@ -220,7 +227,7 @@ int ext4_read_bh(struct buffer_head *bh, blk_opf_t op_flags, bh_end_io_t *end_io return 0; } - __ext4_read_bh(bh, op_flags, end_io); + __ext4_read_bh(bh, op_flags, end_io, simu_fail); wait_on_buffer(bh); if (buffer_uptodate(bh)) @@ -232,10 +239,10 @@ int ext4_read_bh_lock(struct buffer_head *bh, blk_opf_t op_flags, bool wait) { lock_buffer(bh); if (!wait) { - ext4_read_bh_nowait(bh, op_flags, NULL); + ext4_read_bh_nowait(bh, op_flags, NULL, false); return 0; } - return ext4_read_bh(bh, op_flags, NULL); + return ext4_read_bh(bh, op_flags, NULL, false); } /* @@ -283,7 +290,7 @@ void ext4_sb_breadahead_unmovable(struct super_block *sb, sector_t block) if (likely(bh)) { if (trylock_buffer(bh)) - ext4_read_bh_nowait(bh, REQ_RAHEAD, NULL); + ext4_read_bh_nowait(bh, REQ_RAHEAD, NULL, false); brelse(bh); } } -- 2.39.2

2 1

[PATCH OLK-5.10] ext4: Fix race in buffer_head read fault injection
by Long Li 11 Sep '24

11 Sep '24

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IAQ8ED CVE: NA -------------------------------- When I enabled ext4 debug for fault injection testing, I encountered the following warning: EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress: Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051 WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0 The root cause of the issue lies in the improper implementation of ext4's buffer_head read fault injection. The actual completion of buffer_head read and the buffer_head fault injection are not atomic, which can lead to the uptodate flag being cleared on normally used buffer_heads in race conditions. [CPU0] [CPU1] [CPU2] ext4_read_inode_bitmap ext4_read_bh() <bh read complete> ext4_read_inode_bitmap if (buffer_uptodate(bh)) return bh jbd2_journal_commit_transaction __jbd2_journal_refile_buffer __jbd2_journal_unfile_buffer __jbd2_journal_temp_unlink_buffer ext4_simulate_fail_bh() clear_buffer_uptodate mark_buffer_dirty <report warning> WARN_ON_ONCE(!buffer_uptodate(bh)) The best approach would be to perform fault injection in the IO completion callback function, rather than after IO completion. However, the IO completion callback function cannot get the fault injection code in sb. Fix it by passing the result of fault injection into the bh read function, we simulate faults within the bh read function itself. This requires adding an extra parameter to the bh read functions that need fault injection. Fixes: 46f870d690fe ("ext4: simulate various I/O and checksum errors when reading metadata") Signed-off-by: Long Li <leo.lilong(a)huawei.com> --- fs/ext4/balloc.c | 4 ++-- fs/ext4/ext4.h | 12 ++---------- fs/ext4/extents.c | 2 +- fs/ext4/ialloc.c | 5 +++-- fs/ext4/indirect.c | 2 +- fs/ext4/inode.c | 4 ++-- fs/ext4/mmp.c | 2 +- fs/ext4/move_extent.c | 2 +- fs/ext4/resize.c | 2 +- fs/ext4/super.c | 22 ++++++++++++++-------- 10 files changed, 28 insertions(+), 29 deletions(-) diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c index bdbf130416c7..43ce0f3266b5 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -541,7 +541,8 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group, trace_ext4_read_block_bitmap_load(sb, block_group, ignore_locked); ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO | (ignore_locked ? REQ_RAHEAD : 0), - ext4_end_bitmap_read); + ext4_end_bitmap_read, + ext4_simulate_fail(sb, EXT4_SIM_BBITMAP_EIO)); return bh; verify: err = ext4_validate_block_bitmap(sb, desc, block_group, bh); @@ -565,7 +566,6 @@ int ext4_wait_block_bitmap(struct super_block *sb, ext4_group_t block_group, if (!desc) return -EFSCORRUPTED; wait_on_buffer(bh); - ext4_simulate_fail_bh(sb, bh, EXT4_SIM_BBITMAP_EIO); if (!buffer_uptodate(bh)) { ext4_error_err(sb, EIO, "Cannot read block bitmap - " "block_group = %u, block_bitmap = %llu", diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index b701f7ac7f66..99a767123ebf 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1779,14 +1779,6 @@ static inline bool ext4_simulate_fail(struct super_block *sb, return false; } -static inline void ext4_simulate_fail_bh(struct super_block *sb, - struct buffer_head *bh, - unsigned long code) -{ - if (!IS_ERR(bh) && ext4_simulate_fail(sb, code)) - clear_buffer_uptodate(bh); -} - /* * Error number codes for s_{first,last}_error_errno * @@ -2995,9 +2987,9 @@ extern struct buffer_head *ext4_sb_bread(struct super_block *sb, extern struct buffer_head *ext4_sb_bread_unmovable(struct super_block *sb, sector_t block); extern void ext4_read_bh_nowait(struct buffer_head *bh, int op_flags, - bh_end_io_t *end_io); + bh_end_io_t *end_io, bool simu_fail); extern int ext4_read_bh(struct buffer_head *bh, int op_flags, - bh_end_io_t *end_io); + bh_end_io_t *end_io, bool simu_fail); extern int ext4_read_bh_lock(struct buffer_head *bh, int op_flags, bool wait); extern void ext4_sb_breadahead_unmovable(struct super_block *sb, sector_t block); extern int ext4_seq_options_show(struct seq_file *seq, void *offset); diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 71503987d313..31d5061f1408 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -544,7 +544,7 @@ __read_extent_tree_block(const char *function, unsigned int line, if (!bh_uptodate_or_lock(bh)) { trace_ext4_ext_load_extent(inode, pblk, _RET_IP_); - err = ext4_read_bh(bh, 0, NULL); + err = ext4_read_bh(bh, 0, NULL, false); if (err < 0) goto errout; } diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c index d178543ca13f..b0d0ca8f4389 100644 --- a/fs/ext4/ialloc.c +++ b/fs/ext4/ialloc.c @@ -194,8 +194,9 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) * submit the buffer_head for reading */ trace_ext4_load_inode_bitmap(sb, block_group); - ext4_read_bh(bh, REQ_META | REQ_PRIO, ext4_end_bitmap_read); - ext4_simulate_fail_bh(sb, bh, EXT4_SIM_IBITMAP_EIO); + ext4_read_bh(bh, REQ_META | REQ_PRIO, + ext4_end_bitmap_read, + ext4_simulate_fail(sb, EXT4_SIM_IBITMAP_EIO)); if (!buffer_uptodate(bh)) { put_bh(bh); ext4_error_err(sb, EIO, "Cannot read inode bitmap - " diff --git a/fs/ext4/indirect.c b/fs/ext4/indirect.c index c2bb2ff3fbb6..f1e62f40341e 100644 --- a/fs/ext4/indirect.c +++ b/fs/ext4/indirect.c @@ -170,7 +170,7 @@ static Indirect *ext4_get_branch(struct inode *inode, int depth, } if (!bh_uptodate_or_lock(bh)) { - if (ext4_read_bh(bh, 0, NULL) < 0) { + if (ext4_read_bh(bh, 0, NULL, false) < 0) { put_bh(bh); goto failure; } diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index ad7918c8df7b..d956ba3cd6f7 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4625,10 +4625,10 @@ static int __ext4_get_inode_loc(struct super_block *sb, unsigned long ino, * Read the block from disk. */ trace_ext4_load_inode(sb, ino); - ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO, NULL); + ext4_read_bh_nowait(bh, REQ_META | REQ_PRIO, NULL, + ext4_simulate_fail(sb, EXT4_SIM_INODE_EIO)); blk_finish_plug(&plug); wait_on_buffer(bh); - ext4_simulate_fail_bh(sb, bh, EXT4_SIM_INODE_EIO); if (!buffer_uptodate(bh)) { if (ret_block) *ret_block = block; diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c index 3e8bce19ad16..4a6d7488d1ec 100644 --- a/fs/ext4/mmp.c +++ b/fs/ext4/mmp.c @@ -94,7 +94,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, } lock_buffer(*bh); - ret = ext4_read_bh(*bh, REQ_META | REQ_PRIO, NULL); + ret = ext4_read_bh(*bh, REQ_META | REQ_PRIO, NULL, false); if (ret) goto warn_exit; diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c index f8dd5d972c33..f3d06beb79b2 100644 --- a/fs/ext4/move_extent.c +++ b/fs/ext4/move_extent.c @@ -215,7 +215,7 @@ mext_page_mkuptodate(struct page *page, unsigned from, unsigned to) for (i = 0; i < nr; i++) { bh = arr[i]; if (!bh_uptodate_or_lock(bh)) { - err = ext4_read_bh(bh, 0, NULL); + err = ext4_read_bh(bh, 0, NULL, false); if (err) return err; } diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c index 9edc8da921f4..84184c40f99b 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -1266,7 +1266,7 @@ static struct buffer_head *ext4_get_bitmap(struct super_block *sb, __u64 block) if (unlikely(!bh)) return NULL; if (!bh_uptodate_or_lock(bh)) { - if (ext4_read_bh(bh, 0, NULL) < 0) { + if (ext4_read_bh(bh, 0, NULL, false) < 0) { brelse(bh); return NULL; } diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 0a20e0734904..b07fb8abe813 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -168,8 +168,13 @@ MODULE_ALIAS("ext3"); static inline void __ext4_read_bh(struct buffer_head *bh, int op_flags, - bh_end_io_t *end_io) + bh_end_io_t *end_io, bool simu_fail) { + if (simu_fail) { + clear_buffer_uptodate(bh); + unlock_buffer(bh); + return; + } /* * buffer's verified bit is no longer valid after reading from * disk again due to write out error, clear it to make sure we @@ -183,7 +188,7 @@ static inline void __ext4_read_bh(struct buffer_head *bh, int op_flags, } void ext4_read_bh_nowait(struct buffer_head *bh, int op_flags, - bh_end_io_t *end_io) + bh_end_io_t *end_io, bool simu_fail) { BUG_ON(!buffer_locked(bh)); @@ -191,10 +196,11 @@ void ext4_read_bh_nowait(struct buffer_head *bh, int op_flags, unlock_buffer(bh); return; } - __ext4_read_bh(bh, op_flags, end_io); + __ext4_read_bh(bh, op_flags, end_io, simu_fail); } -int ext4_read_bh(struct buffer_head *bh, int op_flags, bh_end_io_t *end_io) +int ext4_read_bh(struct buffer_head *bh, int op_flags, + bh_end_io_t *end_io, bool simu_fail) { BUG_ON(!buffer_locked(bh)); @@ -203,7 +209,7 @@ int ext4_read_bh(struct buffer_head *bh, int op_flags, bh_end_io_t *end_io) return 0; } - __ext4_read_bh(bh, op_flags, end_io); + __ext4_read_bh(bh, op_flags, end_io, simu_fail); wait_on_buffer(bh); if (buffer_uptodate(bh)) @@ -215,10 +221,10 @@ int ext4_read_bh_lock(struct buffer_head *bh, int op_flags, bool wait) { lock_buffer(bh); if (!wait) { - ext4_read_bh_nowait(bh, op_flags, NULL); + ext4_read_bh_nowait(bh, op_flags, NULL, false); return 0; } - return ext4_read_bh(bh, op_flags, NULL); + return ext4_read_bh(bh, op_flags, NULL, false); } /* @@ -266,7 +272,7 @@ void ext4_sb_breadahead_unmovable(struct super_block *sb, sector_t block) if (likely(bh)) { if (trylock_buffer(bh)) - ext4_read_bh_nowait(bh, REQ_RAHEAD, NULL); + ext4_read_bh_nowait(bh, REQ_RAHEAD, NULL, false); brelse(bh); } } -- 2.39.2

2 1

[openeuler:openEuler-1.0-LTS 20076/23703] arch/x86/power/cpu.o: warning: objtool: missing symbol for section .exit.text
by kernel test robot 11 Sep '24

11 Sep '24

tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: bf039567abd9303dc03746afaaf0854f41ed853b commit: 27dd57ae7b305c8c1bcf55eab82c45d85b605149 [20076/23703] x86/cpu: Load microcode during restore_processor_state() config: x86_64-buildonly-randconfig-003-20240911 (https://download.01.org/0day-ci/archive/20240911/202409110927.XJnvEERE-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240911/202409110927.XJnvEERE-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409110927.XJnvEERE-lkp@intel.com/ All warnings (new ones prefixed by >>): arch/x86/power/cpu.c:78: warning: Function parameter or member 'ctxt' not described in '__save_processor_state' arch/x86/power/cpu.c:200: warning: Function parameter or member 'ctxt' not described in '__restore_processor_state' >> arch/x86/power/cpu.o: warning: objtool: missing symbol for section .exit.text -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 26326/30000] fs/quota/dquot.c:1699:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
by kernel test robot 11 Sep '24

11 Sep '24

tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: cbfb00d89c3b9971c3f0732b4f34d4e674bff5d8 commit: b6c35c29c4b795fa72f7acecb07e94502f159bec [26326/30000] quota: Fix potential NULL pointer dereference config: x86_64-randconfig-122-20240910 (https://download.01.org/0day-ci/archive/20240911/202409110955.mmx8Aa4b-lkp@…) compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240911/202409110955.mmx8Aa4b-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409110955.mmx8Aa4b-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> fs/quota/dquot.c:1699:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:1699:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:1699:25: sparse: struct dquot * fs/quota/dquot.c:1710:41: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:1710:41: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:1710:41: sparse: struct dquot * fs/quota/dquot.c:1760:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:1760:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:1760:25: sparse: struct dquot * fs/quota/dquot.c:1766:41: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:1766:41: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:1766:41: sparse: struct dquot * fs/quota/dquot.c:1810:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:1810:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:1810:25: sparse: struct dquot * fs/quota/dquot.c:1852:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:1852:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:1852:25: sparse: struct dquot * fs/quota/dquot.c:1901:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:1901:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:1901:25: sparse: struct dquot * fs/quota/dquot.c:1949:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:1949:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:1949:25: sparse: struct dquot * fs/quota/dquot.c:409:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:409:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:409:25: sparse: struct dquot * fs/quota/dquot.c:409:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:409:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:409:25: sparse: struct dquot * fs/quota/dquot.c:409:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:409:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:409:25: sparse: struct dquot * fs/quota/dquot.c:409:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:409:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:409:25: sparse: struct dquot * fs/quota/dquot.c:409:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:409:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:409:25: sparse: struct dquot * fs/quota/dquot.c:409:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:409:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:409:25: sparse: struct dquot * fs/quota/dquot.c:409:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:409:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:409:25: sparse: struct dquot * fs/quota/dquot.c:409:25: sparse: sparse: incompatible types in comparison expression (different address spaces): fs/quota/dquot.c:409:25: sparse: struct dquot [noderef] __rcu * fs/quota/dquot.c:409:25: sparse: struct dquot * vim +1699 fs/quota/dquot.c 1659 1660 /* 1661 * This functions updates i_blocks+i_bytes fields and quota information 1662 * (together with appropriate checks). 1663 * 1664 * NOTE: We absolutely rely on the fact that caller dirties the inode 1665 * (usually helpers in quotaops.h care about this) and holds a handle for 1666 * the current transaction so that dquot write and inode write go into the 1667 * same transaction. 1668 */ 1669 1670 /* 1671 * This operation can block, but only after everything is updated 1672 */ 1673 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1674 { 1675 int cnt, ret = 0, index; 1676 struct dquot_warn warn[MAXQUOTAS]; 1677 int reserve = flags & DQUOT_SPACE_RESERVE; 1678 struct dquot **dquots; 1679 struct dquot *dquot; 1680 1681 if (!inode_quota_active(inode)) { 1682 if (reserve) { 1683 spin_lock(&inode->i_lock); 1684 *inode_reserved_space(inode) += number; 1685 spin_unlock(&inode->i_lock); 1686 } else { 1687 inode_add_bytes(inode, number); 1688 } 1689 goto out; 1690 } 1691 1692 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1693 warn[cnt].w_type = QUOTA_NL_NOWARN; 1694 1695 dquots = i_dquot(inode); 1696 index = srcu_read_lock(&dquot_srcu); 1697 spin_lock(&inode->i_lock); 1698 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { > 1699 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1700 if (!dquot) 1701 continue; 1702 if (reserve) { 1703 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]); 1704 } else { 1705 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]); 1706 } 1707 if (ret) { 1708 /* Back out changes we already did */ 1709 for (cnt--; cnt >= 0; cnt--) { 1710 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1711 if (!dquot) 1712 continue; 1713 spin_lock(&dquot->dq_dqb_lock); 1714 if (reserve) 1715 dquot_free_reserved_space(dquot, number); 1716 else 1717 dquot_decr_space(dquot, number); 1718 spin_unlock(&dquot->dq_dqb_lock); 1719 } 1720 spin_unlock(&inode->i_lock); 1721 goto out_flush_warn; 1722 } 1723 } 1724 if (reserve) 1725 *inode_reserved_space(inode) += number; 1726 else 1727 __inode_add_bytes(inode, number); 1728 spin_unlock(&inode->i_lock); 1729 1730 if (reserve) 1731 goto out_flush_warn; 1732 mark_all_dquot_dirty(dquots); 1733 out_flush_warn: 1734 srcu_read_unlock(&dquot_srcu, index); 1735 flush_warnings(warn); 1736 out: 1737 return ret; 1738 } 1739 EXPORT_SYMBOL(__dquot_alloc_space); 1740 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS] BUILD SUCCESS WITH WARNING bf039567abd9303dc03746afaaf0854f41ed853b
by kernel test robot 11 Sep '24

11 Sep '24

tree/branch: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS branch HEAD: bf039567abd9303dc03746afaaf0854f41ed853b !11434 v3 cifs: Fix pages leak when cifs_writedata allocate fails in cifs_writedata_direct_alloc() Warning reports: https://lore.kernel.org/oe-kbuild-all/202409110303.bhVqMzMo-lkp@intel.com Warning: (recently discovered and may have been fixed) arch/arm64/include/asm/irqflags.h:88:9: warning: 'flags' may be used uninitialized [-Wmaybe-uninitialized] Warning ids grouped by kconfigs: recent_errors |-- arm64-allmodconfig | |-- block-blk-io-hierarchy-iodump.c:warning:no-previous-prototype-for-__bio_stage_hierarchy_start | `-- include-linux-thread_info.h:warning:b-may-be-used-uninitialized |-- arm64-randconfig-002-20240911 | `-- arch-arm64-include-asm-irqflags.h:warning:flags-may-be-used-uninitialized |-- arm64-randconfig-003-20240911 | `-- drivers-tty-serial-sc16is7xx.c:warning:label-err_i2c-defined-but-not-used |-- x86_64-allyesconfig | `-- block-blk-io-hierarchy-iodump.c:warning:no-previous-prototype-for-function-__bio_stage_hierarchy_start `-- x86_64-buildonly-randconfig-005-20240911 `-- drivers-tty-serial-sc16is7xx.c:warning:label-err_i2c-defined-but-not-used elapsed time: 797m configs tested: 20 configs skipped: 139 tested configs: arm64 allmodconfig gcc-14.1.0 arm64 allnoconfig gcc-14.1.0 arm64 defconfig gcc-14.1.0 arm64 randconfig-001-20240911 gcc-14.1.0 arm64 randconfig-002-20240911 gcc-14.1.0 arm64 randconfig-003-20240911 gcc-14.1.0 arm64 randconfig-004-20240911 gcc-14.1.0 x86_64 allnoconfig clang-18 x86_64 allyesconfig clang-18 x86_64 buildonly-randconfig-001-20240911 clang-18 x86_64 buildonly-randconfig-002-20240911 clang-18 x86_64 buildonly-randconfig-003-20240911 gcc-12 x86_64 buildonly-randconfig-004-20240911 gcc-12 x86_64 buildonly-randconfig-005-20240911 gcc-12 x86_64 buildonly-randconfig-006-20240911 clang-18 x86_64 defconfig gcc-11 x86_64 randconfig-001-20240911 gcc-12 x86_64 randconfig-002-20240911 gcc-12 x86_64 randconfig-003-20240911 clang-18 x86_64 rhel-8.3-rust clang-18 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 16131/30000] net/core/sock_map.c:1501:5: sparse: sparse: symbol 'sock_map_prog_lookup' was not declared. Should it be static?
by kernel test robot 11 Sep '24

11 Sep '24

tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: cbfb00d89c3b9971c3f0732b4f34d4e674bff5d8 commit: 050383882de382969e4fb8362235749b232cccae [16131/30000] bpf: support BPF_PROG_QUERY for progs attached to sockmap config: x86_64-randconfig-122-20240910 (https://download.01.org/0day-ci/archive/20240911/202409110644.OlZbU3Ny-lkp@…) compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240911/202409110644.OlZbU3Ny-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409110644.OlZbU3Ny-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> net/core/sock_map.c:1501:5: sparse: sparse: symbol 'sock_map_prog_lookup' was not declared. Should it be static? vim +/sock_map_prog_lookup +1501 net/core/sock_map.c 1500 > 1501 int sock_map_prog_lookup(struct bpf_map *map, struct bpf_prog ***pprog, 1502 u32 which) 1503 { 1504 struct sk_psock_progs *progs = sock_map_progs(map); 1505 1506 if (!progs) 1507 return -EOPNOTSUPP; 1508 1509 switch (which) { 1510 case BPF_SK_MSG_VERDICT: 1511 *pprog = &progs->msg_parser; 1512 break; 1513 case BPF_SK_SKB_STREAM_PARSER: 1514 *pprog = &progs->skb_parser; 1515 break; 1516 case BPF_SK_SKB_STREAM_VERDICT: 1517 *pprog = &progs->skb_verdict; 1518 break; 1519 default: 1520 return -EOPNOTSUPP; 1521 } 1522 return 0; 1523 } 1524 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 3790/30000] kernel/pid.c:623:50: sparse: sparse: incorrect type in argument 3 (different address spaces)
by kernel test robot 11 Sep '24

11 Sep '24

tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: cbfb00d89c3b9971c3f0732b4f34d4e674bff5d8 commit: c649babf7cf25e545a7dc3eb6d59392ac3355cb9 [3790/30000] pid_ns: Make pid_max per namespace config: x86_64-randconfig-123-20240910 (https://download.01.org/0day-ci/archive/20240911/202409110524.f822gNQG-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240911/202409110524.f822gNQG-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409110524.f822gNQG-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) kernel/pid.c:385:9: sparse: sparse: incompatible types in comparison expression (different address spaces): kernel/pid.c:385:9: sparse: struct pid [noderef] __rcu * kernel/pid.c:385:9: sparse: struct pid * kernel/pid.c:386:9: sparse: sparse: incompatible types in comparison expression (different address spaces): kernel/pid.c:386:9: sparse: struct pid [noderef] __rcu * kernel/pid.c:386:9: sparse: struct pid * kernel/pid.c:449:23: sparse: sparse: incompatible types in comparison expression (different address spaces): kernel/pid.c:449:23: sparse: struct pid [noderef] __rcu * kernel/pid.c:449:23: sparse: struct pid * kernel/pid.c:507:24: sparse: sparse: incompatible types in comparison expression (different address spaces): kernel/pid.c:507:24: sparse: struct pid [noderef] __rcu * kernel/pid.c:507:24: sparse: struct pid * >> kernel/pid.c:623:50: sparse: sparse: incorrect type in argument 3 (different address spaces) @@ expected void * @@ got void [noderef] __user *buffer @@ kernel/pid.c:623:50: sparse: expected void * kernel/pid.c:623:50: sparse: got void [noderef] __user *buffer >> kernel/pid.c:632:35: sparse: sparse: incorrect type in initializer (incompatible argument 3 (different address spaces)) @@ expected int ( [usertype] *proc_handler )( ... ) @@ got int ( * )( ... ) @@ kernel/pid.c:632:35: sparse: expected int ( [usertype] *proc_handler )( ... ) kernel/pid.c:632:35: sparse: got int ( * )( ... ) kernel/pid.c: note: in included file (through include/linux/pid.h, include/linux/sched.h, include/linux/mm.h): include/linux/rculist.h:553:9: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/rculist.h:553:9: sparse: struct hlist_node [noderef] __rcu * include/linux/rculist.h:553:9: sparse: struct hlist_node * include/linux/rculist.h:554:9: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/rculist.h:554:9: sparse: struct hlist_node [noderef] __rcu * include/linux/rculist.h:554:9: sparse: struct hlist_node * vim +623 kernel/pid.c 614 615 static int proc_dointvec_pidmax(struct ctl_table *table, int write, 616 void __user *buffer, size_t *lenp, loff_t *ppos) 617 { 618 struct ctl_table tmp; 619 620 tmp = *table; 621 tmp.data = &task_active_pid_ns(current)->pid_max; 622 > 623 return proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 624 } 625 626 static struct ctl_table pid_ctl_table[] = { 627 { 628 .procname = "pid_max", 629 .data = &init_pid_ns.pid_max, 630 .maxlen = sizeof(int), 631 .mode = 0644, > 632 .proc_handler = proc_dointvec_pidmax, 633 .extra1 = &pid_max_min, 634 .extra2 = &pid_max_max, 635 }, 636 {} 637 }; 638 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:openEuler-1.0-LTS 2662/23703] arch/arm64/include/asm/irqflags.h:88:9: warning: 'flags' may be used uninitialized
by kernel test robot 11 Sep '24

11 Sep '24

Hi Geert, FYI, the error/warning still remains. tree: https://gitee.com/openeuler/kernel.git openEuler-1.0-LTS head: bf039567abd9303dc03746afaaf0854f41ed853b commit: 9dae7e237a64858407b7626260bad53aa13c9198 [2662/23703] serial: sh-sci: Fix locking in sci_submit_rx() config: arm64-randconfig-002-20240911 (https://download.01.org/0day-ci/archive/20240911/202409110303.bhVqMzMo-lkp@…) compiler: aarch64-linux-gcc (GCC) 14.1.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240911/202409110303.bhVqMzMo-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409110303.bhVqMzMo-lkp@intel.com/ Note: it may well be a FALSE warning. FWIW you are at least aware of it now. http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings All warnings (new ones prefixed by >>): In file included from include/linux/irqflags.h:16, from include/linux/spinlock.h:54, from include/linux/rwsem.h:16, from include/linux/notifier.h:15, from include/linux/clk.h:17, from drivers/tty/serial/sh-sci.c:24: In function 'arch_local_irq_restore', inlined from '__raw_spin_unlock_irqrestore' at include/linux/spinlock_api_smp.h:160:2, inlined from 'spin_unlock_irqrestore' at include/linux/spinlock.h:384:2, inlined from 'sci_submit_rx' at drivers/tty/serial/sh-sci.c:1376:3: >> arch/arm64/include/asm/irqflags.h:88:9: warning: 'flags' may be used uninitialized [-Wmaybe-uninitialized] 88 | asm volatile( | ^~~ drivers/tty/serial/sh-sci.c: In function 'sci_submit_rx': drivers/tty/serial/sh-sci.c:1338:23: note: 'flags' was declared here 1338 | unsigned long flags; | ^~~~~ In file included from drivers/tty/serial/sh-sci.c:53: In function 'tty_insert_flip_char', inlined from 'sci_handle_errors' at drivers/tty/serial/sh-sci.c:940:7: include/linux/tty_flip.h:27:53: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 27 | *flag_buf_ptr(tb, tb->used) = flag; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~ In file included from include/linux/serial_core.h:29, from include/linux/serial_sci.h:6, from drivers/tty/serial/sh-sci.c:46: include/linux/tty.h: In function 'sci_handle_errors': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_handle_errors' at drivers/tty/serial/sh-sci.c:940:7: include/linux/tty_flip.h:28:47: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 28 | *char_buf_ptr(tb, tb->used++) = ch; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~ include/linux/tty.h: In function 'sci_handle_errors': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_handle_errors' at drivers/tty/serial/sh-sci.c:950:7: include/linux/tty_flip.h:27:53: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 27 | *flag_buf_ptr(tb, tb->used) = flag; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~ include/linux/tty.h: In function 'sci_handle_errors': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_handle_errors' at drivers/tty/serial/sh-sci.c:950:7: include/linux/tty_flip.h:28:47: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 28 | *char_buf_ptr(tb, tb->used++) = ch; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~ include/linux/tty.h: In function 'sci_handle_errors': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_handle_errors' at drivers/tty/serial/sh-sci.c:960:7: include/linux/tty_flip.h:27:53: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 27 | *flag_buf_ptr(tb, tb->used) = flag; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~ include/linux/tty.h: In function 'sci_handle_errors': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_handle_errors' at drivers/tty/serial/sh-sci.c:960:7: include/linux/tty_flip.h:28:47: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 28 | *char_buf_ptr(tb, tb->used++) = ch; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~ include/linux/tty.h: In function 'sci_handle_errors': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_receive_chars' at drivers/tty/serial/sh-sci.c:906:5: include/linux/tty_flip.h:27:53: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 27 | *flag_buf_ptr(tb, tb->used) = flag; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~ include/linux/tty.h: In function 'sci_receive_chars': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_receive_chars' at drivers/tty/serial/sh-sci.c:906:5: include/linux/tty_flip.h:28:47: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 28 | *char_buf_ptr(tb, tb->used++) = ch; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~ include/linux/tty.h: In function 'sci_receive_chars': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_receive_chars' at drivers/tty/serial/sh-sci.c:883:5: include/linux/tty_flip.h:27:53: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 27 | *flag_buf_ptr(tb, tb->used) = flag; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~ include/linux/tty.h: In function 'sci_receive_chars': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ In function 'tty_insert_flip_char', inlined from 'sci_receive_chars' at drivers/tty/serial/sh-sci.c:883:5: include/linux/tty_flip.h:28:47: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=] 28 | *char_buf_ptr(tb, tb->used++) = ch; | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~ include/linux/tty.h: In function 'sci_receive_chars': include/linux/tty.h:69:23: note: destination object 'data' of size 0 69 | unsigned long data[0]; | ^~~~ vim +/flags +88 arch/arm64/include/asm/irqflags.h fb9bd7d6df81ddf Marc Zyngier 2012-03-05 82 fb9bd7d6df81ddf Marc Zyngier 2012-03-05 83 /* fb9bd7d6df81ddf Marc Zyngier 2012-03-05 84 * restore saved IRQ state fb9bd7d6df81ddf Marc Zyngier 2012-03-05 85 */ fb9bd7d6df81ddf Marc Zyngier 2012-03-05 86 static inline void arch_local_irq_restore(unsigned long flags) fb9bd7d6df81ddf Marc Zyngier 2012-03-05 87 { fb9bd7d6df81ddf Marc Zyngier 2012-03-05 @88 asm volatile( fb9bd7d6df81ddf Marc Zyngier 2012-03-05 89 "msr daif, %0 // arch_local_irq_restore" fb9bd7d6df81ddf Marc Zyngier 2012-03-05 90 : fb9bd7d6df81ddf Marc Zyngier 2012-03-05 91 : "r" (flags) fb9bd7d6df81ddf Marc Zyngier 2012-03-05 92 : "memory"); fb9bd7d6df81ddf Marc Zyngier 2012-03-05 93 } fb9bd7d6df81ddf Marc Zyngier 2012-03-05 94 :::::: The code at line 88 was first introduced by commit :::::: fb9bd7d6df81ddf1e7ab6648ac89ddbe0625b26b arm64: IRQ handling :::::: TO: Marc Zyngier <marc.zyngier(a)arm.com> :::::: CC: Catalin Marinas <catalin.marinas(a)arm.com> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 3775/30000] mm/page_alloc.c:3036:6: sparse: sparse: symbol '__drain_all_pages' was not declared. Should it be static?
by kernel test robot 11 Sep '24

11 Sep '24

tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: cbfb00d89c3b9971c3f0732b4f34d4e674bff5d8 commit: e037ee4a8deaff7c579618c0aba1f066d6d14b11 [3775/30000] mm, page_alloc: disable pcplists during memory offline config: x86_64-randconfig-123-20240910 (https://download.01.org/0day-ci/archive/20240911/202409110302.AhDyE0gr-lkp@…) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240911/202409110302.AhDyE0gr-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409110302.AhDyE0gr-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) >> mm/page_alloc.c:3036:6: sparse: sparse: symbol '__drain_all_pages' was not declared. Should it be static? >> mm/page_alloc.c:6634:6: sparse: sparse: symbol '__zone_set_pageset_high_and_batch' was not declared. Should it be static? mm/page_alloc.c: note: in included file (through include/linux/mm.h): include/linux/gfp.h:327:27: sparse: sparse: restricted gfp_t degrades to integer include/linux/gfp.h:327:27: sparse: sparse: restricted gfp_t degrades to integer vim +/__drain_all_pages +3036 mm/page_alloc.c 3025 3026 /* 3027 * The implementation of drain_all_pages(), exposing an extra parameter to 3028 * drain on all cpus. 3029 * 3030 * drain_all_pages() is optimized to only execute on cpus where pcplists are 3031 * not empty. The check for non-emptiness can however race with a free to 3032 * pcplist that has not yet increased the pcp->count from 0 to 1. Callers 3033 * that need the guarantee that every CPU has drained can disable the 3034 * optimizing racy check. 3035 */ > 3036 void __drain_all_pages(struct zone *zone, bool force_all_cpus) 3037 { 3038 int cpu; 3039 3040 /* 3041 * Allocate in the BSS so we wont require allocation in 3042 * direct reclaim path for CONFIG_CPUMASK_OFFSTACK=y 3043 */ 3044 static cpumask_t cpus_with_pcps; 3045 3046 /* 3047 * Make sure nobody triggers this path before mm_percpu_wq is fully 3048 * initialized. 3049 */ 3050 if (WARN_ON_ONCE(!mm_percpu_wq)) 3051 return; 3052 3053 /* 3054 * Do not drain if one is already in progress unless it's specific to 3055 * a zone. Such callers are primarily CMA and memory hotplug and need 3056 * the drain to be complete when the call returns. 3057 */ 3058 if (unlikely(!mutex_trylock(&pcpu_drain_mutex))) { 3059 if (!zone) 3060 return; 3061 mutex_lock(&pcpu_drain_mutex); 3062 } 3063 3064 /* 3065 * We don't care about racing with CPU hotplug event 3066 * as offline notification will cause the notified 3067 * cpu to drain that CPU pcps and on_each_cpu_mask 3068 * disables preemption as part of its processing 3069 */ 3070 for_each_online_cpu(cpu) { 3071 struct per_cpu_pageset *pcp; 3072 struct zone *z; 3073 bool has_pcps = false; 3074 3075 if (force_all_cpus) { 3076 /* 3077 * The pcp.count check is racy, some callers need a 3078 * guarantee that no cpu is missed. 3079 */ 3080 has_pcps = true; 3081 } else if (zone) { 3082 pcp = per_cpu_ptr(zone->pageset, cpu); 3083 if (pcp->pcp.count) 3084 has_pcps = true; 3085 } else { 3086 for_each_populated_zone(z) { 3087 pcp = per_cpu_ptr(z->pageset, cpu); 3088 if (pcp->pcp.count) { 3089 has_pcps = true; 3090 break; 3091 } 3092 } 3093 } 3094 3095 if (has_pcps) 3096 cpumask_set_cpu(cpu, &cpus_with_pcps); 3097 else 3098 cpumask_clear_cpu(cpu, &cpus_with_pcps); 3099 } 3100 3101 for_each_cpu(cpu, &cpus_with_pcps) { 3102 struct pcpu_drain *drain = per_cpu_ptr(&pcpu_drain, cpu); 3103 3104 drain->zone = zone; 3105 INIT_WORK(&drain->work, drain_local_pages_wq); 3106 queue_work_on(cpu, mm_percpu_wq, &drain->work); 3107 } 3108 for_each_cpu(cpu, &cpus_with_pcps) 3109 flush_work(&per_cpu_ptr(&pcpu_drain, cpu)->work); 3110 3111 mutex_unlock(&pcpu_drain_mutex); 3112 } 3113 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0

[openeuler:OLK-5.10 5704/30000] include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces):
by kernel test robot 10 Sep '24

10 Sep '24

tree: https://gitee.com/openeuler/kernel.git OLK-5.10 head: cbfb00d89c3b9971c3f0732b4f34d4e674bff5d8 commit: 8a6bee347626968d467aef07453c4547bc23cb64 [5704/30000] blk-mq: fix potential uaf for 'queue_hw_ctx' config: x86_64-randconfig-122-20240910 (https://download.01.org/0day-ci/archive/20240910/202409102355.6lrxEzuT-lkp@…) compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240910/202409102355.6lrxEzuT-lkp@…) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp(a)intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202409102355.6lrxEzuT-lkp@intel.com/ sparse warnings: (new ones prefixed by >>) block/blk-mq-sched.c: note: in included file: >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** -- >> block/blk-mq-sysfs.c:339:55: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct blk_mq_hw_ctx *hctx @@ got struct blk_mq_hw_ctx [noderef] __rcu * @@ block/blk-mq-sysfs.c:339:55: sparse: expected struct blk_mq_hw_ctx *hctx block/blk-mq-sysfs.c:339:55: sparse: got struct blk_mq_hw_ctx [noderef] __rcu * block/blk-mq-sysfs.c: note: in included file: >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** -- block/blk-sysfs.c: note: in included file: >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** -- block/blk-mq-tag.c: note: in included file: >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** -- >> block/blk-mq.c:485:19: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct blk_mq_hw_ctx *hctx @@ got struct blk_mq_hw_ctx [noderef] __rcu * @@ block/blk-mq.c:485:19: sparse: expected struct blk_mq_hw_ctx *hctx block/blk-mq.c:485:19: sparse: got struct blk_mq_hw_ctx [noderef] __rcu * >> block/blk-mq.c:3270:41: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected struct blk_mq_hw_ctx **hctxs @@ got struct blk_mq_hw_ctx [noderef] __rcu **queue_hw_ctx @@ block/blk-mq.c:3270:41: sparse: expected struct blk_mq_hw_ctx **hctxs block/blk-mq.c:3270:41: sparse: got struct blk_mq_hw_ctx [noderef] __rcu **queue_hw_ctx >> block/blk-mq.c:3284:17: sparse: sparse: incompatible types in comparison expression (different address spaces): block/blk-mq.c:3284:17: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * block/blk-mq.c:3284:17: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** block/blk-mq.c:4033:14: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct blk_mq_hw_ctx *hctx @@ got struct blk_mq_hw_ctx [noderef] __rcu * @@ block/blk-mq.c: note: in included file: >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** >> include/linux/blk-mq.h:620:18: sparse: sparse: incompatible types in comparison expression (different address spaces): include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu *[noderef] __rcu * include/linux/blk-mq.h:620:18: sparse: struct blk_mq_hw_ctx [noderef] __rcu ** vim +620 include/linux/blk-mq.h 614 615 static inline struct blk_mq_hw_ctx *queue_hctx(struct request_queue *q, int id) 616 { 617 struct blk_mq_hw_ctx *hctx; 618 619 rcu_read_lock(); > 620 hctx = *(rcu_dereference(q->queue_hw_ctx) + id); 621 rcu_read_unlock(); 622 623 return hctx; 624 } 625 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 0