| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Oct 2021 04:58:12 +0800
From: kernel test robot <lkp@...el.com>
To: Arnd Bergmann <arnd@...db.de>
Cc: llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org
Subject: [arnd-playground:randconfig-5.15-min 57/175] fs/ntfs/aops.c:918:2:
error: call to __compiletime_assert_306 declared with 'error' attribute:
BUILD_BUG_ON failed: PAGE_SIZE >= 65536
tree: https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git randconfig-5.15-min
head: c471093763a746b316809f07c3114a455f37a32b
commit: 15ea6d3528a89c0b7d8a470b68844d18b0fb2016 [57/175] [SUBMITTED 20210927] [RFC] ntfs: disable for 64KB because of stack overflow risk
config: hexagon-randconfig-r031-20211008 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 8ed2e8e04ff42eb4d8009999ae1fd341a30bf6c0)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git/commit/?id=15ea6d3528a89c0b7d8a470b68844d18b0fb2016
git remote add arnd-playground https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git
git fetch --no-tags arnd-playground randconfig-5.15-min
git checkout 15ea6d3528a89c0b7d8a470b68844d18b0fb2016
# save the attached .config to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon SHELL=/bin/bash fs/ntfs/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
All errors (new ones prefixed by >>):
fs/ntfs/aops.c:378:12: warning: stack frame size (2208) exceeds limit (1024) in 'ntfs_readpage' [-Wframe-larger-than]
static int ntfs_readpage(struct file *file, struct page *page)
^
>> fs/ntfs/aops.c:918:2: error: call to __compiletime_assert_306 declared with 'error' attribute: BUILD_BUG_ON failed: PAGE_SIZE >= 65536
BUILD_BUG_ON(PAGE_SIZE >= 65536);
^
include/linux/build_bug.h:50:2: note: expanded from macro 'BUILD_BUG_ON'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^
include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^
include/linux/compiler_types.h:322:2: note: expanded from macro 'compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
^
include/linux/compiler_types.h:310:2: note: expanded from macro '_compiletime_assert'
__compiletime_assert(condition, msg, prefix, suffix)
^
include/linux/compiler_types.h:303:4: note: expanded from macro '__compiletime_assert'
prefix ## suffix(); \
^
<scratch space>:187:1: note: expanded from here
__compiletime_assert_306
^
fs/ntfs/aops.c:899:12: warning: stack frame size (4312) exceeds limit (1024) in 'ntfs_write_mst_block' [-Wframe-larger-than]
static int ntfs_write_mst_block(struct page *page,
^
2 warnings and 1 error generated.
vim +/error +918 fs/ntfs/aops.c
874
875 /**
876 * ntfs_write_mst_block - write a @page to the backing store
877 * @page: page cache page to write out
878 * @wbc: writeback control structure
879 *
880 * This function is for writing pages belonging to non-resident, mst protected
881 * attributes to their backing store. The only supported attributes are index
882 * allocation and $MFT/$DATA. Both directory inodes and index inodes are
883 * supported for the index allocation case.
884 *
885 * The page must remain locked for the duration of the write because we apply
886 * the mst fixups, write, and then undo the fixups, so if we were to unlock the
887 * page before undoing the fixups, any other user of the page will see the
888 * page contents as corrupt.
889 *
890 * We clear the page uptodate flag for the duration of the function to ensure
891 * exclusion for the $MFT/$DATA case against someone mapping an mft record we
892 * are about to apply the mst fixups to.
893 *
894 * Return 0 on success and -errno on error.
895 *
896 * Based on ntfs_write_block(), ntfs_mft_writepage(), and
897 * write_mft_record_nolock().
898 */
899 static int ntfs_write_mst_block(struct page *page,
900 struct writeback_control *wbc)
901 {
902 sector_t block, dblock, rec_block;
903 struct inode *vi = page->mapping->host;
904 ntfs_inode *ni = NTFS_I(vi);
905 ntfs_volume *vol = ni->vol;
906 u8 *kaddr;
907 unsigned int rec_size = ni->itype.index.block_size;
908 ntfs_inode *locked_nis[PAGE_SIZE / NTFS_BLOCK_SIZE];
909 struct buffer_head *bh, *head, *tbh, *rec_start_bh;
910 struct buffer_head *bhs[MAX_BUF_PER_PAGE];
911 runlist_element *rl;
912 int i, nr_locked_nis, nr_recs, nr_bhs, max_bhs, bhs_per_rec, err, err2;
913 unsigned bh_size, rec_size_bits;
914 bool sync, is_mft, page_is_dirty, rec_is_dirty;
915 unsigned char bh_size_bits;
916
917 /* Two arrays of MAX_BUF_PER_PAGE on the stack risks an overrun with 64K pages */
> 918 BUILD_BUG_ON(PAGE_SIZE >= 65536);
919
920 if (WARN_ON(rec_size < NTFS_BLOCK_SIZE))
921 return -EINVAL;
922
923 ntfs_debug("Entering for inode 0x%lx, attribute type 0x%x, page index "
924 "0x%lx.", vi->i_ino, ni->type, page->index);
925 BUG_ON(!NInoNonResident(ni));
926 BUG_ON(!NInoMstProtected(ni));
927 is_mft = (S_ISREG(vi->i_mode) && !vi->i_ino);
928 /*
929 * NOTE: ntfs_write_mst_block() would be called for $MFTMirr if a page
930 * in its page cache were to be marked dirty. However this should
931 * never happen with the current driver and considering we do not
932 * handle this case here we do want to BUG(), at least for now.
933 */
934 BUG_ON(!(is_mft || S_ISDIR(vi->i_mode) ||
935 (NInoAttr(ni) && ni->type == AT_INDEX_ALLOCATION)));
936 bh_size = vol->sb->s_blocksize;
937 bh_size_bits = vol->sb->s_blocksize_bits;
938 max_bhs = PAGE_SIZE / bh_size;
939 BUG_ON(!max_bhs);
940 BUG_ON(max_bhs > MAX_BUF_PER_PAGE);
941
942 /* Were we called for sync purposes? */
943 sync = (wbc->sync_mode == WB_SYNC_ALL);
944
945 /* Make sure we have mapped buffers. */
946 bh = head = page_buffers(page);
947 BUG_ON(!bh);
948
949 rec_size_bits = ni->itype.index.block_size_bits;
950 BUG_ON(!(PAGE_SIZE >> rec_size_bits));
951 bhs_per_rec = rec_size >> bh_size_bits;
952 BUG_ON(!bhs_per_rec);
953
954 /* The first block in the page. */
955 rec_block = block = (sector_t)page->index <<
956 (PAGE_SHIFT - bh_size_bits);
957
958 /* The first out of bounds block for the data size. */
959 dblock = (i_size_read(vi) + bh_size - 1) >> bh_size_bits;
960
961 rl = NULL;
962 err = err2 = nr_bhs = nr_recs = nr_locked_nis = 0;
963 page_is_dirty = rec_is_dirty = false;
964 rec_start_bh = NULL;
965 do {
966 bool is_retry = false;
967
968 if (likely(block < rec_block)) {
969 if (unlikely(block >= dblock)) {
970 clear_buffer_dirty(bh);
971 set_buffer_uptodate(bh);
972 continue;
973 }
974 /*
975 * This block is not the first one in the record. We
976 * ignore the buffer's dirty state because we could
977 * have raced with a parallel mark_ntfs_record_dirty().
978 */
979 if (!rec_is_dirty)
980 continue;
981 if (unlikely(err2)) {
982 if (err2 != -ENOMEM)
983 clear_buffer_dirty(bh);
984 continue;
985 }
986 } else /* if (block == rec_block) */ {
987 BUG_ON(block > rec_block);
988 /* This block is the first one in the record. */
989 rec_block += bhs_per_rec;
990 err2 = 0;
991 if (unlikely(block >= dblock)) {
992 clear_buffer_dirty(bh);
993 continue;
994 }
995 if (!buffer_dirty(bh)) {
996 /* Clean records are not written out. */
997 rec_is_dirty = false;
998 continue;
999 }
1000 rec_is_dirty = true;
1001 rec_start_bh = bh;
1002 }
1003 /* Need to map the buffer if it is not mapped already. */
1004 if (unlikely(!buffer_mapped(bh))) {
1005 VCN vcn;
1006 LCN lcn;
1007 unsigned int vcn_ofs;
1008
1009 bh->b_bdev = vol->sb->s_bdev;
1010 /* Obtain the vcn and offset of the current block. */
1011 vcn = (VCN)block << bh_size_bits;
1012 vcn_ofs = vcn & vol->cluster_size_mask;
1013 vcn >>= vol->cluster_size_bits;
1014 if (!rl) {
1015 lock_retry_remap:
1016 down_read(&ni->runlist.lock);
1017 rl = ni->runlist.rl;
1018 }
1019 if (likely(rl != NULL)) {
1020 /* Seek to element containing target vcn. */
1021 while (rl->length && rl[1].vcn <= vcn)
1022 rl++;
1023 lcn = ntfs_rl_vcn_to_lcn(rl, vcn);
1024 } else
1025 lcn = LCN_RL_NOT_MAPPED;
1026 /* Successful remap. */
1027 if (likely(lcn >= 0)) {
1028 /* Setup buffer head to correct block. */
1029 bh->b_blocknr = ((lcn <<
1030 vol->cluster_size_bits) +
1031 vcn_ofs) >> bh_size_bits;
1032 set_buffer_mapped(bh);
1033 } else {
1034 /*
1035 * Remap failed. Retry to map the runlist once
1036 * unless we are working on $MFT which always
1037 * has the whole of its runlist in memory.
1038 */
1039 if (!is_mft && !is_retry &&
1040 lcn == LCN_RL_NOT_MAPPED) {
1041 is_retry = true;
1042 /*
1043 * Attempt to map runlist, dropping
1044 * lock for the duration.
1045 */
1046 up_read(&ni->runlist.lock);
1047 err2 = ntfs_map_runlist(ni, vcn);
1048 if (likely(!err2))
1049 goto lock_retry_remap;
1050 if (err2 == -ENOMEM)
1051 page_is_dirty = true;
1052 lcn = err2;
1053 } else {
1054 err2 = -EIO;
1055 if (!rl)
1056 up_read(&ni->runlist.lock);
1057 }
1058 /* Hard error. Abort writing this record. */
1059 if (!err || err == -ENOMEM)
1060 err = err2;
1061 bh->b_blocknr = -1;
1062 ntfs_error(vol->sb, "Cannot write ntfs record "
1063 "0x%llx (inode 0x%lx, "
1064 "attribute type 0x%x) because "
1065 "its location on disk could "
1066 "not be determined (error "
1067 "code %lli).",
1068 (long long)block <<
1069 bh_size_bits >>
1070 vol->mft_record_size_bits,
1071 ni->mft_no, ni->type,
1072 (long long)lcn);
1073 /*
1074 * If this is not the first buffer, remove the
1075 * buffers in this record from the list of
1076 * buffers to write and clear their dirty bit
1077 * if not error -ENOMEM.
1078 */
1079 if (rec_start_bh != bh) {
1080 while (bhs[--nr_bhs] != rec_start_bh)
1081 ;
1082 if (err2 != -ENOMEM) {
1083 do {
1084 clear_buffer_dirty(
1085 rec_start_bh);
1086 } while ((rec_start_bh =
1087 rec_start_bh->
1088 b_this_page) !=
1089 bh);
1090 }
1091 }
1092 continue;
1093 }
1094 }
1095 BUG_ON(!buffer_uptodate(bh));
1096 BUG_ON(nr_bhs >= max_bhs);
1097 bhs[nr_bhs++] = bh;
1098 } while (block++, (bh = bh->b_this_page) != head);
1099 if (unlikely(rl))
1100 up_read(&ni->runlist.lock);
1101 /* If there were no dirty buffers, we are done. */
1102 if (!nr_bhs)
1103 goto done;
1104 /* Map the page so we can access its contents. */
1105 kaddr = kmap(page);
1106 /* Clear the page uptodate flag whilst the mst fixups are applied. */
1107 BUG_ON(!PageUptodate(page));
1108 ClearPageUptodate(page);
1109 for (i = 0; i < nr_bhs; i++) {
1110 unsigned int ofs;
1111
1112 /* Skip buffers which are not at the beginning of records. */
1113 if (i % bhs_per_rec)
1114 continue;
1115 tbh = bhs[i];
1116 ofs = bh_offset(tbh);
1117 if (is_mft) {
1118 ntfs_inode *tni;
1119 unsigned long mft_no;
1120
1121 /* Get the mft record number. */
1122 mft_no = (((s64)page->index << PAGE_SHIFT) + ofs)
1123 >> rec_size_bits;
1124 /* Check whether to write this mft record. */
1125 tni = NULL;
1126 if (!ntfs_may_write_mft_record(vol, mft_no,
1127 (MFT_RECORD*)(kaddr + ofs), &tni)) {
1128 /*
1129 * The record should not be written. This
1130 * means we need to redirty the page before
1131 * returning.
1132 */
1133 page_is_dirty = true;
1134 /*
1135 * Remove the buffers in this mft record from
1136 * the list of buffers to write.
1137 */
1138 do {
1139 bhs[i] = NULL;
1140 } while (++i % bhs_per_rec);
1141 continue;
1142 }
1143 /*
1144 * The record should be written. If a locked ntfs
1145 * inode was returned, add it to the array of locked
1146 * ntfs inodes.
1147 */
1148 if (tni)
1149 locked_nis[nr_locked_nis++] = tni;
1150 }
1151 /* Apply the mst protection fixups. */
1152 err2 = pre_write_mst_fixup((NTFS_RECORD*)(kaddr + ofs),
1153 rec_size);
1154 if (unlikely(err2)) {
1155 if (!err || err == -ENOMEM)
1156 err = -EIO;
1157 ntfs_error(vol->sb, "Failed to apply mst fixups "
1158 "(inode 0x%lx, attribute type 0x%x, "
1159 "page index 0x%lx, page offset 0x%x)!"
1160 " Unmount and run chkdsk.", vi->i_ino,
1161 ni->type, page->index, ofs);
1162 /*
1163 * Mark all the buffers in this record clean as we do
1164 * not want to write corrupt data to disk.
1165 */
1166 do {
1167 clear_buffer_dirty(bhs[i]);
1168 bhs[i] = NULL;
1169 } while (++i % bhs_per_rec);
1170 continue;
1171 }
1172 nr_recs++;
1173 }
1174 /* If no records are to be written out, we are done. */
1175 if (!nr_recs)
1176 goto unm_done;
1177 flush_dcache_page(page);
1178 /* Lock buffers and start synchronous write i/o on them. */
1179 for (i = 0; i < nr_bhs; i++) {
1180 tbh = bhs[i];
1181 if (!tbh)
1182 continue;
1183 if (!trylock_buffer(tbh))
1184 BUG();
1185 /* The buffer dirty state is now irrelevant, just clean it. */
1186 clear_buffer_dirty(tbh);
1187 BUG_ON(!buffer_uptodate(tbh));
1188 BUG_ON(!buffer_mapped(tbh));
1189 get_bh(tbh);
1190 tbh->b_end_io = end_buffer_write_sync;
1191 submit_bh(REQ_OP_WRITE, 0, tbh);
1192 }
1193 /* Synchronize the mft mirror now if not @sync. */
1194 if (is_mft && !sync)
1195 goto do_mirror;
1196 do_wait:
1197 /* Wait on i/o completion of buffers. */
1198 for (i = 0; i < nr_bhs; i++) {
1199 tbh = bhs[i];
1200 if (!tbh)
1201 continue;
1202 wait_on_buffer(tbh);
1203 if (unlikely(!buffer_uptodate(tbh))) {
1204 ntfs_error(vol->sb, "I/O error while writing ntfs "
1205 "record buffer (inode 0x%lx, "
1206 "attribute type 0x%x, page index "
1207 "0x%lx, page offset 0x%lx)! Unmount "
1208 "and run chkdsk.", vi->i_ino, ni->type,
1209 page->index, bh_offset(tbh));
1210 if (!err || err == -ENOMEM)
1211 err = -EIO;
1212 /*
1213 * Set the buffer uptodate so the page and buffer
1214 * states do not become out of sync.
1215 */
1216 set_buffer_uptodate(tbh);
1217 }
1218 }
1219 /* If @sync, now synchronize the mft mirror. */
1220 if (is_mft && sync) {
1221 do_mirror:
1222 for (i = 0; i < nr_bhs; i++) {
1223 unsigned long mft_no;
1224 unsigned int ofs;
1225
1226 /*
1227 * Skip buffers which are not at the beginning of
1228 * records.
1229 */
1230 if (i % bhs_per_rec)
1231 continue;
1232 tbh = bhs[i];
1233 /* Skip removed buffers (and hence records). */
1234 if (!tbh)
1235 continue;
1236 ofs = bh_offset(tbh);
1237 /* Get the mft record number. */
1238 mft_no = (((s64)page->index << PAGE_SHIFT) + ofs)
1239 >> rec_size_bits;
1240 if (mft_no < vol->mftmirr_size)
1241 ntfs_sync_mft_mirror(vol, mft_no,
1242 (MFT_RECORD*)(kaddr + ofs),
1243 sync);
1244 }
1245 if (!sync)
1246 goto do_wait;
1247 }
1248 /* Remove the mst protection fixups again. */
1249 for (i = 0; i < nr_bhs; i++) {
1250 if (!(i % bhs_per_rec)) {
1251 tbh = bhs[i];
1252 if (!tbh)
1253 continue;
1254 post_write_mst_fixup((NTFS_RECORD*)(kaddr +
1255 bh_offset(tbh)));
1256 }
1257 }
1258 flush_dcache_page(page);
1259 unm_done:
1260 /* Unlock any locked inodes. */
1261 while (nr_locked_nis-- > 0) {
1262 ntfs_inode *tni, *base_tni;
1263
1264 tni = locked_nis[nr_locked_nis];
1265 /* Get the base inode. */
1266 mutex_lock(&tni->extent_lock);
1267 if (tni->nr_extents >= 0)
1268 base_tni = tni;
1269 else {
1270 base_tni = tni->ext.base_ntfs_ino;
1271 BUG_ON(!base_tni);
1272 }
1273 mutex_unlock(&tni->extent_lock);
1274 ntfs_debug("Unlocking %s inode 0x%lx.",
1275 tni == base_tni ? "base" : "extent",
1276 tni->mft_no);
1277 mutex_unlock(&tni->mrec_lock);
1278 atomic_dec(&tni->count);
1279 iput(VFS_I(base_tni));
1280 }
1281 SetPageUptodate(page);
1282 kunmap(page);
1283 done:
1284 if (unlikely(err && err != -ENOMEM)) {
1285 /*
1286 * Set page error if there is only one ntfs record in the page.
1287 * Otherwise we would loose per-record granularity.
1288 */
1289 if (ni->itype.index.block_size == PAGE_SIZE)
1290 SetPageError(page);
1291 NVolSetErrors(vol);
1292 }
1293 if (page_is_dirty) {
1294 ntfs_debug("Page still contains one or more dirty ntfs "
1295 "records. Redirtying the page starting at "
1296 "record 0x%lx.", page->index <<
1297 (PAGE_SHIFT - rec_size_bits));
1298 redirty_page_for_writepage(wbc, page);
1299 unlock_page(page);
1300 } else {
1301 /*
1302 * Keep the VM happy. This must be done otherwise the
1303 * radix-tree tag PAGECACHE_TAG_DIRTY remains set even though
1304 * the page is clean.
1305 */
1306 BUG_ON(PageWriteback(page));
1307 set_page_writeback(page);
1308 unlock_page(page);
1309 end_page_writeback(page);
1310 }
1311 if (likely(!err))
1312 ntfs_debug("Done.");
1313 return err;
1314 }
1315
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (30842 bytes)
Powered by blists - more mailing lists