From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: Re: [CFT][PATCH] ucounts: Fix signal ucount refcounting
Date: Fri, 26 Nov 2021 23:09:01 +0800 [thread overview]
Message-ID: <202111262308.9Mq1UEM2-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 15108 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
In-Reply-To: <87mtnavszx.fsf_-_@disp2133>
References: <87mtnavszx.fsf_-_@disp2133>
TO: "Eric W. Biederman" <ebiederm@xmission.com>
Hi "Eric,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on linus/master]
[cannot apply to v5.16-rc2 next-20211126]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Eric-W-Biederman/ucounts-Fix-signal-ucount-refcounting/20211016-061359
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 8fe31e0995f048d16b378b90926793a0aa4af1e5
:::::: branch date: 6 weeks ago
:::::: commit date: 6 weeks ago
config: arm-randconfig-c002-20211017 (https://download.01.org/0day-ci/archive/20211126/202111262308.9Mq1UEM2-lkp(a)intel.com/config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 8ca4b3ef19fe82d7ad6a6e1515317dcc01b41515)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://github.com/0day-ci/linux/commit/e042a898defa264b6a95a439b8570486b47bcd49
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Eric-W-Biederman/ucounts-Fix-signal-ucount-refcounting/20211016-061359
git checkout e042a898defa264b6a95a439b8570486b47bcd49
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
fs/notify/fsnotify.c:212:15: note: Left side of '&&' is true
if (unlikely(parent_watched && !p_mask))
^
fs/notify/fsnotify.c:212:33: note: Assuming 'p_mask' is not equal to 0
if (unlikely(parent_watched && !p_mask))
^
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
fs/notify/fsnotify.c:212:2: note: Taking false branch
if (unlikely(parent_watched && !p_mask))
^
fs/notify/fsnotify.c:220:6: note: 'parent_needed' is false
if (parent_needed || parent_interested) {
^~~~~~~~~~~~~
fs/notify/fsnotify.c:220:6: note: Left side of '||' is false
fs/notify/fsnotify.c:220:23: note: Assuming 'parent_interested' is true
if (parent_needed || parent_interested) {
^~~~~~~~~~~~~~~~~
fs/notify/fsnotify.c:220:2: note: Taking true branch
if (parent_needed || parent_interested) {
^
fs/notify/fsnotify.c:222:45: note: Passing null pointer value via 1st parameter 'data'
WARN_ON_ONCE(inode != fsnotify_data_inode(data, data_type));
^
include/asm-generic/bug.h:146:18: note: expanded from macro 'WARN_ON_ONCE'
DO_ONCE_LITE_IF(condition, WARN_ON, 1)
^~~~~~~~~
include/linux/once_lite.h:15:27: note: expanded from macro 'DO_ONCE_LITE_IF'
bool __ret_do_once = !!(condition); \
^~~~~~~~~
fs/notify/fsnotify.c:222:25: note: Calling 'fsnotify_data_inode'
WARN_ON_ONCE(inode != fsnotify_data_inode(data, data_type));
^
include/asm-generic/bug.h:146:18: note: expanded from macro 'WARN_ON_ONCE'
DO_ONCE_LITE_IF(condition, WARN_ON, 1)
^~~~~~~~~
include/linux/once_lite.h:15:27: note: expanded from macro 'DO_ONCE_LITE_IF'
bool __ret_do_once = !!(condition); \
^~~~~~~~~
include/linux/fsnotify_backend.h:255:2: note: Control jumps to 'case FSNOTIFY_EVENT_PATH:' at line 258
switch (data_type) {
^
include/linux/fsnotify_backend.h:259:18: note: Access to field 'dentry' results in a dereference of a null pointer (loaded from variable 'data')
return d_inode(((const struct path *)data)->dentry);
^ ~~~~
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
6 warnings generated.
Suppressed 6 warnings (6 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
include/linux/list.h:808:10: warning: Access to field 'pprev' results in a dereference of a null pointer (loaded from variable 'h') [clang-analyzer-core.NullDereference]
return !h->pprev;
^
kernel/ucount.c:251:23: note: Assuming pointer value is null
for (iter = ucounts; iter; iter = iter->ns->ucounts) {
^~~~
kernel/ucount.c:251:2: note: Loop condition is false. Execution continues on line 255
for (iter = ucounts; iter; iter = iter->ns->ucounts) {
^
kernel/ucount.c:255:14: note: Passing null pointer value via 1st parameter 'ucounts'
put_ucounts(ucounts);
^~~~~~~
kernel/ucount.c:255:2: note: Calling 'put_ucounts'
put_ucounts(ucounts);
^~~~~~~~~~~~~~~~~~~~
kernel/ucount.c:204:6: note: Assuming the condition is true
if (atomic_dec_and_lock_irqsave(&ucounts->count, &ucounts_lock, flags)) {
^
include/linux/spinlock.h:490:21: note: expanded from macro 'atomic_dec_and_lock_irqsave'
__cond_lock(lock, _atomic_dec_and_lock_irqsave(atomic, lock, &(flags)))
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler_types.h:48:28: note: expanded from macro '__cond_lock'
# define __cond_lock(x,c) (c)
^
kernel/ucount.c:204:2: note: Taking true branch
if (atomic_dec_and_lock_irqsave(&ucounts->count, &ucounts_lock, flags)) {
^
kernel/ucount.c:205:18: note: Passing null pointer value via 1st parameter 'n'
hlist_del_init(&ucounts->node);
^~~~~~~~~~~~~~
kernel/ucount.c:205:3: note: Calling 'hlist_del_init'
hlist_del_init(&ucounts->node);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/list.h:865:22: note: Passing null pointer value via 1st parameter 'h'
if (!hlist_unhashed(n)) {
^
include/linux/list.h:865:7: note: Calling 'hlist_unhashed'
if (!hlist_unhashed(n)) {
^~~~~~~~~~~~~~~~~
include/linux/list.h:808:10: note: Access to field 'pprev' results in a dereference of a null pointer (loaded from variable 'h')
return !h->pprev;
^
>> kernel/ucount.c:291:44: warning: Use of memory after it is freed [clang-analyzer-unix.Malloc]
for (iter = ucounts; iter != last; iter = iter->ns->ucounts) {
^
kernel/ucount.c:309:2: note: Loop condition is true. Entering loop body
for (iter = ucounts; iter; iter = iter->ns->ucounts) {
^
kernel/ucount.c:310:14: note: Left side of '||' is false
long max = READ_ONCE(iter->ns->ucount_max[type]);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:290:3: note: expanded from macro '__native_word'
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
^
kernel/ucount.c:310:14: note: Left side of '||' is false
long max = READ_ONCE(iter->ns->ucount_max[type]);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:290:3: note: expanded from macro '__native_word'
(sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \
^
kernel/ucount.c:310:14: note: Left side of '||' is true
long max = READ_ONCE(iter->ns->ucount_max[type]);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:291:28: note: expanded from macro '__native_word'
sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
^
kernel/ucount.c:310:14: note: Taking false branch
long max = READ_ONCE(iter->ns->ucount_max[type]);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:322:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:310:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:302:3: note: expanded from macro '__compiletime_assert'
if (!(condition)) \
^
kernel/ucount.c:310:14: note: Loop condition is false. Exiting loop
long max = READ_ONCE(iter->ns->ucount_max[type]);
^
include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE'
compiletime_assert_rwonce_type(x); \
^
include/asm-generic/rwonce.h:36:2: note: expanded from macro 'compiletime_assert_rwonce_type'
compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \
^
include/linux/compiler_types.h:322:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:310:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:300:2: note: expanded from macro '__compiletime_assert'
do { \
^
kernel/ucount.c:312:7: note: Assuming 'new' is >= 0
if (new < 0 || new > max)
^~~~~~~
kernel/ucount.c:312:7: note: Left side of '||' is false
kernel/ucount.c:312:18: note: Assuming 'new' is <= 'max'
if (new < 0 || new > max)
^~~~~~~~~
kernel/ucount.c:312:3: note: Taking false branch
if (new < 0 || new > max)
^
kernel/ucount.c:314:12: note: 'iter' is equal to 'ucounts'
else if (iter == ucounts)
^~~~
kernel/ucount.c:314:8: note: Taking true branch
else if (iter == ucounts)
^
kernel/ucount.c:316:8: note: Assuming 'new' is not equal to 1
if ((new == 1) && (get_ucounts(iter) != iter))
^~~~~~~~
kernel/ucount.c:316:18: note: Left side of '&&' is false
if ((new == 1) && (get_ucounts(iter) != iter))
^
kernel/ucount.c:309:2: note: Loop condition is true. Entering loop body
vim +291 kernel/ucount.c
21d1c5e386bc751 Alexey Gladkov 2021-04-22 286
e042a898defa264 Eric W. Biederman 2021-10-15 287 static void do_dec_rlimit_put_ucounts(struct ucounts *ucounts,
e042a898defa264 Eric W. Biederman 2021-10-15 288 struct ucounts *last, enum ucount_type type)
e042a898defa264 Eric W. Biederman 2021-10-15 289 {
e042a898defa264 Eric W. Biederman 2021-10-15 290 struct ucounts *iter;
e042a898defa264 Eric W. Biederman 2021-10-15 @291 for (iter = ucounts; iter != last; iter = iter->ns->ucounts) {
e042a898defa264 Eric W. Biederman 2021-10-15 292 long dec = atomic_long_add_return(-1, &iter->ucount[type]);
e042a898defa264 Eric W. Biederman 2021-10-15 293 WARN_ON_ONCE(dec < 0);
e042a898defa264 Eric W. Biederman 2021-10-15 294 if (dec == 0)
e042a898defa264 Eric W. Biederman 2021-10-15 295 put_ucounts(iter);
e042a898defa264 Eric W. Biederman 2021-10-15 296 }
e042a898defa264 Eric W. Biederman 2021-10-15 297 }
e042a898defa264 Eric W. Biederman 2021-10-15 298
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
next reply other threads:[~2021-11-26 15:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-26 15:09 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-11-27 1:35 [CFT][PATCH] ucounts: Fix signal ucount refcounting kernel test robot
2021-10-17 13:36 kernel test robot
2021-09-15 19:49 linux 5.14.3: free_user_ns causes NULL pointer dereference Jordan Glover
2021-09-15 21:02 ` Eric W. Biederman
2021-09-15 22:42 ` Jordan Glover
2021-09-15 23:47 ` Jordan Glover
2021-09-16 17:30 ` Eric W. Biederman
2021-09-28 13:40 ` Jordan Glover
2021-09-29 17:36 ` Alexey Gladkov
2021-09-29 21:39 ` Jordan Glover
2021-09-30 13:06 ` Alexey Gladkov
2021-09-30 22:27 ` Yu Zhao
2021-10-04 17:10 ` Eric W. Biederman
2021-10-04 17:19 ` Eric W. Biederman
2021-10-10 8:59 ` Rune Kleveland
2021-10-15 22:10 ` [CFT][PATCH] ucounts: Fix signal ucount refcounting Eric W. Biederman
2021-10-15 23:09 ` Alexey Gladkov
2021-10-16 17:34 ` Eric W. Biederman
2021-10-17 19:35 ` Yu Zhao
2021-10-18 15:35 ` Eric W. Biederman
2021-10-16 2:08 ` Hillf Danton
2021-10-16 18:00 ` Eric W. Biederman
2021-10-17 16:47 ` Rune Kleveland
2021-10-18 6:25 ` Yu Zhao
2021-10-18 10:31 ` Jordan Glover
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202111262308.9Mq1UEM2-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.