lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202110090409.whyy4VSF-lkp@intel.com>
Date:   Sat, 9 Oct 2021 04:58:12 +0800
From:   kernel test robot <lkp@...el.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org
Subject: [arnd-playground:randconfig-5.15-min 57/175] fs/ntfs/aops.c:918:2:
 error: call to __compiletime_assert_306 declared with 'error' attribute:
 BUILD_BUG_ON failed: PAGE_SIZE >= 65536

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git randconfig-5.15-min
head:   c471093763a746b316809f07c3114a455f37a32b
commit: 15ea6d3528a89c0b7d8a470b68844d18b0fb2016 [57/175] [SUBMITTED 20210927] [RFC] ntfs: disable for 64KB because of stack overflow risk
config: hexagon-randconfig-r031-20211008 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 8ed2e8e04ff42eb4d8009999ae1fd341a30bf6c0)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git/commit/?id=15ea6d3528a89c0b7d8a470b68844d18b0fb2016
        git remote add arnd-playground https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git
        git fetch --no-tags arnd-playground randconfig-5.15-min
        git checkout 15ea6d3528a89c0b7d8a470b68844d18b0fb2016
        # save the attached .config to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon SHELL=/bin/bash fs/ntfs/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>

All errors (new ones prefixed by >>):

   fs/ntfs/aops.c:378:12: warning: stack frame size (2208) exceeds limit (1024) in 'ntfs_readpage' [-Wframe-larger-than]
   static int ntfs_readpage(struct file *file, struct page *page)
              ^
>> fs/ntfs/aops.c:918:2: error: call to __compiletime_assert_306 declared with 'error' attribute: BUILD_BUG_ON failed: PAGE_SIZE >= 65536
           BUILD_BUG_ON(PAGE_SIZE >= 65536);
           ^
   include/linux/build_bug.h:50:2: note: expanded from macro 'BUILD_BUG_ON'
           BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
           ^
   include/linux/build_bug.h:39:37: note: expanded from macro 'BUILD_BUG_ON_MSG'
   #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
                                       ^
   include/linux/compiler_types.h:322:2: note: expanded from macro 'compiletime_assert'
           _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__)
           ^
   include/linux/compiler_types.h:310:2: note: expanded from macro '_compiletime_assert'
           __compiletime_assert(condition, msg, prefix, suffix)
           ^
   include/linux/compiler_types.h:303:4: note: expanded from macro '__compiletime_assert'
                           prefix ## suffix();                             \
                           ^
   <scratch space>:187:1: note: expanded from here
   __compiletime_assert_306
   ^
   fs/ntfs/aops.c:899:12: warning: stack frame size (4312) exceeds limit (1024) in 'ntfs_write_mst_block' [-Wframe-larger-than]
   static int ntfs_write_mst_block(struct page *page,
              ^
   2 warnings and 1 error generated.


vim +/error +918 fs/ntfs/aops.c

   874	
   875	/**
   876	 * ntfs_write_mst_block - write a @page to the backing store
   877	 * @page:	page cache page to write out
   878	 * @wbc:	writeback control structure
   879	 *
   880	 * This function is for writing pages belonging to non-resident, mst protected
   881	 * attributes to their backing store.  The only supported attributes are index
   882	 * allocation and $MFT/$DATA.  Both directory inodes and index inodes are
   883	 * supported for the index allocation case.
   884	 *
   885	 * The page must remain locked for the duration of the write because we apply
   886	 * the mst fixups, write, and then undo the fixups, so if we were to unlock the
   887	 * page before undoing the fixups, any other user of the page will see the
   888	 * page contents as corrupt.
   889	 *
   890	 * We clear the page uptodate flag for the duration of the function to ensure
   891	 * exclusion for the $MFT/$DATA case against someone mapping an mft record we
   892	 * are about to apply the mst fixups to.
   893	 *
   894	 * Return 0 on success and -errno on error.
   895	 *
   896	 * Based on ntfs_write_block(), ntfs_mft_writepage(), and
   897	 * write_mft_record_nolock().
   898	 */
   899	static int ntfs_write_mst_block(struct page *page,
   900			struct writeback_control *wbc)
   901	{
   902		sector_t block, dblock, rec_block;
   903		struct inode *vi = page->mapping->host;
   904		ntfs_inode *ni = NTFS_I(vi);
   905		ntfs_volume *vol = ni->vol;
   906		u8 *kaddr;
   907		unsigned int rec_size = ni->itype.index.block_size;
   908		ntfs_inode *locked_nis[PAGE_SIZE / NTFS_BLOCK_SIZE];
   909		struct buffer_head *bh, *head, *tbh, *rec_start_bh;
   910		struct buffer_head *bhs[MAX_BUF_PER_PAGE];
   911		runlist_element *rl;
   912		int i, nr_locked_nis, nr_recs, nr_bhs, max_bhs, bhs_per_rec, err, err2;
   913		unsigned bh_size, rec_size_bits;
   914		bool sync, is_mft, page_is_dirty, rec_is_dirty;
   915		unsigned char bh_size_bits;
   916	
   917		/* Two arrays of MAX_BUF_PER_PAGE on the stack risks an overrun with 64K pages */
 > 918		BUILD_BUG_ON(PAGE_SIZE >= 65536);
   919	
   920		if (WARN_ON(rec_size < NTFS_BLOCK_SIZE))
   921			return -EINVAL;
   922	
   923		ntfs_debug("Entering for inode 0x%lx, attribute type 0x%x, page index "
   924				"0x%lx.", vi->i_ino, ni->type, page->index);
   925		BUG_ON(!NInoNonResident(ni));
   926		BUG_ON(!NInoMstProtected(ni));
   927		is_mft = (S_ISREG(vi->i_mode) && !vi->i_ino);
   928		/*
   929		 * NOTE: ntfs_write_mst_block() would be called for $MFTMirr if a page
   930		 * in its page cache were to be marked dirty.  However this should
   931		 * never happen with the current driver and considering we do not
   932		 * handle this case here we do want to BUG(), at least for now.
   933		 */
   934		BUG_ON(!(is_mft || S_ISDIR(vi->i_mode) ||
   935				(NInoAttr(ni) && ni->type == AT_INDEX_ALLOCATION)));
   936		bh_size = vol->sb->s_blocksize;
   937		bh_size_bits = vol->sb->s_blocksize_bits;
   938		max_bhs = PAGE_SIZE / bh_size;
   939		BUG_ON(!max_bhs);
   940		BUG_ON(max_bhs > MAX_BUF_PER_PAGE);
   941	
   942		/* Were we called for sync purposes? */
   943		sync = (wbc->sync_mode == WB_SYNC_ALL);
   944	
   945		/* Make sure we have mapped buffers. */
   946		bh = head = page_buffers(page);
   947		BUG_ON(!bh);
   948	
   949		rec_size_bits = ni->itype.index.block_size_bits;
   950		BUG_ON(!(PAGE_SIZE >> rec_size_bits));
   951		bhs_per_rec = rec_size >> bh_size_bits;
   952		BUG_ON(!bhs_per_rec);
   953	
   954		/* The first block in the page. */
   955		rec_block = block = (sector_t)page->index <<
   956				(PAGE_SHIFT - bh_size_bits);
   957	
   958		/* The first out of bounds block for the data size. */
   959		dblock = (i_size_read(vi) + bh_size - 1) >> bh_size_bits;
   960	
   961		rl = NULL;
   962		err = err2 = nr_bhs = nr_recs = nr_locked_nis = 0;
   963		page_is_dirty = rec_is_dirty = false;
   964		rec_start_bh = NULL;
   965		do {
   966			bool is_retry = false;
   967	
   968			if (likely(block < rec_block)) {
   969				if (unlikely(block >= dblock)) {
   970					clear_buffer_dirty(bh);
   971					set_buffer_uptodate(bh);
   972					continue;
   973				}
   974				/*
   975				 * This block is not the first one in the record.  We
   976				 * ignore the buffer's dirty state because we could
   977				 * have raced with a parallel mark_ntfs_record_dirty().
   978				 */
   979				if (!rec_is_dirty)
   980					continue;
   981				if (unlikely(err2)) {
   982					if (err2 != -ENOMEM)
   983						clear_buffer_dirty(bh);
   984					continue;
   985				}
   986			} else /* if (block == rec_block) */ {
   987				BUG_ON(block > rec_block);
   988				/* This block is the first one in the record. */
   989				rec_block += bhs_per_rec;
   990				err2 = 0;
   991				if (unlikely(block >= dblock)) {
   992					clear_buffer_dirty(bh);
   993					continue;
   994				}
   995				if (!buffer_dirty(bh)) {
   996					/* Clean records are not written out. */
   997					rec_is_dirty = false;
   998					continue;
   999				}
  1000				rec_is_dirty = true;
  1001				rec_start_bh = bh;
  1002			}
  1003			/* Need to map the buffer if it is not mapped already. */
  1004			if (unlikely(!buffer_mapped(bh))) {
  1005				VCN vcn;
  1006				LCN lcn;
  1007				unsigned int vcn_ofs;
  1008	
  1009				bh->b_bdev = vol->sb->s_bdev;
  1010				/* Obtain the vcn and offset of the current block. */
  1011				vcn = (VCN)block << bh_size_bits;
  1012				vcn_ofs = vcn & vol->cluster_size_mask;
  1013				vcn >>= vol->cluster_size_bits;
  1014				if (!rl) {
  1015	lock_retry_remap:
  1016					down_read(&ni->runlist.lock);
  1017					rl = ni->runlist.rl;
  1018				}
  1019				if (likely(rl != NULL)) {
  1020					/* Seek to element containing target vcn. */
  1021					while (rl->length && rl[1].vcn <= vcn)
  1022						rl++;
  1023					lcn = ntfs_rl_vcn_to_lcn(rl, vcn);
  1024				} else
  1025					lcn = LCN_RL_NOT_MAPPED;
  1026				/* Successful remap. */
  1027				if (likely(lcn >= 0)) {
  1028					/* Setup buffer head to correct block. */
  1029					bh->b_blocknr = ((lcn <<
  1030							vol->cluster_size_bits) +
  1031							vcn_ofs) >> bh_size_bits;
  1032					set_buffer_mapped(bh);
  1033				} else {
  1034					/*
  1035					 * Remap failed.  Retry to map the runlist once
  1036					 * unless we are working on $MFT which always
  1037					 * has the whole of its runlist in memory.
  1038					 */
  1039					if (!is_mft && !is_retry &&
  1040							lcn == LCN_RL_NOT_MAPPED) {
  1041						is_retry = true;
  1042						/*
  1043						 * Attempt to map runlist, dropping
  1044						 * lock for the duration.
  1045						 */
  1046						up_read(&ni->runlist.lock);
  1047						err2 = ntfs_map_runlist(ni, vcn);
  1048						if (likely(!err2))
  1049							goto lock_retry_remap;
  1050						if (err2 == -ENOMEM)
  1051							page_is_dirty = true;
  1052						lcn = err2;
  1053					} else {
  1054						err2 = -EIO;
  1055						if (!rl)
  1056							up_read(&ni->runlist.lock);
  1057					}
  1058					/* Hard error.  Abort writing this record. */
  1059					if (!err || err == -ENOMEM)
  1060						err = err2;
  1061					bh->b_blocknr = -1;
  1062					ntfs_error(vol->sb, "Cannot write ntfs record "
  1063							"0x%llx (inode 0x%lx, "
  1064							"attribute type 0x%x) because "
  1065							"its location on disk could "
  1066							"not be determined (error "
  1067							"code %lli).",
  1068							(long long)block <<
  1069							bh_size_bits >>
  1070							vol->mft_record_size_bits,
  1071							ni->mft_no, ni->type,
  1072							(long long)lcn);
  1073					/*
  1074					 * If this is not the first buffer, remove the
  1075					 * buffers in this record from the list of
  1076					 * buffers to write and clear their dirty bit
  1077					 * if not error -ENOMEM.
  1078					 */
  1079					if (rec_start_bh != bh) {
  1080						while (bhs[--nr_bhs] != rec_start_bh)
  1081							;
  1082						if (err2 != -ENOMEM) {
  1083							do {
  1084								clear_buffer_dirty(
  1085									rec_start_bh);
  1086							} while ((rec_start_bh =
  1087									rec_start_bh->
  1088									b_this_page) !=
  1089									bh);
  1090						}
  1091					}
  1092					continue;
  1093				}
  1094			}
  1095			BUG_ON(!buffer_uptodate(bh));
  1096			BUG_ON(nr_bhs >= max_bhs);
  1097			bhs[nr_bhs++] = bh;
  1098		} while (block++, (bh = bh->b_this_page) != head);
  1099		if (unlikely(rl))
  1100			up_read(&ni->runlist.lock);
  1101		/* If there were no dirty buffers, we are done. */
  1102		if (!nr_bhs)
  1103			goto done;
  1104		/* Map the page so we can access its contents. */
  1105		kaddr = kmap(page);
  1106		/* Clear the page uptodate flag whilst the mst fixups are applied. */
  1107		BUG_ON(!PageUptodate(page));
  1108		ClearPageUptodate(page);
  1109		for (i = 0; i < nr_bhs; i++) {
  1110			unsigned int ofs;
  1111	
  1112			/* Skip buffers which are not at the beginning of records. */
  1113			if (i % bhs_per_rec)
  1114				continue;
  1115			tbh = bhs[i];
  1116			ofs = bh_offset(tbh);
  1117			if (is_mft) {
  1118				ntfs_inode *tni;
  1119				unsigned long mft_no;
  1120	
  1121				/* Get the mft record number. */
  1122				mft_no = (((s64)page->index << PAGE_SHIFT) + ofs)
  1123						>> rec_size_bits;
  1124				/* Check whether to write this mft record. */
  1125				tni = NULL;
  1126				if (!ntfs_may_write_mft_record(vol, mft_no,
  1127						(MFT_RECORD*)(kaddr + ofs), &tni)) {
  1128					/*
  1129					 * The record should not be written.  This
  1130					 * means we need to redirty the page before
  1131					 * returning.
  1132					 */
  1133					page_is_dirty = true;
  1134					/*
  1135					 * Remove the buffers in this mft record from
  1136					 * the list of buffers to write.
  1137					 */
  1138					do {
  1139						bhs[i] = NULL;
  1140					} while (++i % bhs_per_rec);
  1141					continue;
  1142				}
  1143				/*
  1144				 * The record should be written.  If a locked ntfs
  1145				 * inode was returned, add it to the array of locked
  1146				 * ntfs inodes.
  1147				 */
  1148				if (tni)
  1149					locked_nis[nr_locked_nis++] = tni;
  1150			}
  1151			/* Apply the mst protection fixups. */
  1152			err2 = pre_write_mst_fixup((NTFS_RECORD*)(kaddr + ofs),
  1153					rec_size);
  1154			if (unlikely(err2)) {
  1155				if (!err || err == -ENOMEM)
  1156					err = -EIO;
  1157				ntfs_error(vol->sb, "Failed to apply mst fixups "
  1158						"(inode 0x%lx, attribute type 0x%x, "
  1159						"page index 0x%lx, page offset 0x%x)!"
  1160						"  Unmount and run chkdsk.", vi->i_ino,
  1161						ni->type, page->index, ofs);
  1162				/*
  1163				 * Mark all the buffers in this record clean as we do
  1164				 * not want to write corrupt data to disk.
  1165				 */
  1166				do {
  1167					clear_buffer_dirty(bhs[i]);
  1168					bhs[i] = NULL;
  1169				} while (++i % bhs_per_rec);
  1170				continue;
  1171			}
  1172			nr_recs++;
  1173		}
  1174		/* If no records are to be written out, we are done. */
  1175		if (!nr_recs)
  1176			goto unm_done;
  1177		flush_dcache_page(page);
  1178		/* Lock buffers and start synchronous write i/o on them. */
  1179		for (i = 0; i < nr_bhs; i++) {
  1180			tbh = bhs[i];
  1181			if (!tbh)
  1182				continue;
  1183			if (!trylock_buffer(tbh))
  1184				BUG();
  1185			/* The buffer dirty state is now irrelevant, just clean it. */
  1186			clear_buffer_dirty(tbh);
  1187			BUG_ON(!buffer_uptodate(tbh));
  1188			BUG_ON(!buffer_mapped(tbh));
  1189			get_bh(tbh);
  1190			tbh->b_end_io = end_buffer_write_sync;
  1191			submit_bh(REQ_OP_WRITE, 0, tbh);
  1192		}
  1193		/* Synchronize the mft mirror now if not @sync. */
  1194		if (is_mft && !sync)
  1195			goto do_mirror;
  1196	do_wait:
  1197		/* Wait on i/o completion of buffers. */
  1198		for (i = 0; i < nr_bhs; i++) {
  1199			tbh = bhs[i];
  1200			if (!tbh)
  1201				continue;
  1202			wait_on_buffer(tbh);
  1203			if (unlikely(!buffer_uptodate(tbh))) {
  1204				ntfs_error(vol->sb, "I/O error while writing ntfs "
  1205						"record buffer (inode 0x%lx, "
  1206						"attribute type 0x%x, page index "
  1207						"0x%lx, page offset 0x%lx)!  Unmount "
  1208						"and run chkdsk.", vi->i_ino, ni->type,
  1209						page->index, bh_offset(tbh));
  1210				if (!err || err == -ENOMEM)
  1211					err = -EIO;
  1212				/*
  1213				 * Set the buffer uptodate so the page and buffer
  1214				 * states do not become out of sync.
  1215				 */
  1216				set_buffer_uptodate(tbh);
  1217			}
  1218		}
  1219		/* If @sync, now synchronize the mft mirror. */
  1220		if (is_mft && sync) {
  1221	do_mirror:
  1222			for (i = 0; i < nr_bhs; i++) {
  1223				unsigned long mft_no;
  1224				unsigned int ofs;
  1225	
  1226				/*
  1227				 * Skip buffers which are not at the beginning of
  1228				 * records.
  1229				 */
  1230				if (i % bhs_per_rec)
  1231					continue;
  1232				tbh = bhs[i];
  1233				/* Skip removed buffers (and hence records). */
  1234				if (!tbh)
  1235					continue;
  1236				ofs = bh_offset(tbh);
  1237				/* Get the mft record number. */
  1238				mft_no = (((s64)page->index << PAGE_SHIFT) + ofs)
  1239						>> rec_size_bits;
  1240				if (mft_no < vol->mftmirr_size)
  1241					ntfs_sync_mft_mirror(vol, mft_no,
  1242							(MFT_RECORD*)(kaddr + ofs),
  1243							sync);
  1244			}
  1245			if (!sync)
  1246				goto do_wait;
  1247		}
  1248		/* Remove the mst protection fixups again. */
  1249		for (i = 0; i < nr_bhs; i++) {
  1250			if (!(i % bhs_per_rec)) {
  1251				tbh = bhs[i];
  1252				if (!tbh)
  1253					continue;
  1254				post_write_mst_fixup((NTFS_RECORD*)(kaddr +
  1255						bh_offset(tbh)));
  1256			}
  1257		}
  1258		flush_dcache_page(page);
  1259	unm_done:
  1260		/* Unlock any locked inodes. */
  1261		while (nr_locked_nis-- > 0) {
  1262			ntfs_inode *tni, *base_tni;
  1263			
  1264			tni = locked_nis[nr_locked_nis];
  1265			/* Get the base inode. */
  1266			mutex_lock(&tni->extent_lock);
  1267			if (tni->nr_extents >= 0)
  1268				base_tni = tni;
  1269			else {
  1270				base_tni = tni->ext.base_ntfs_ino;
  1271				BUG_ON(!base_tni);
  1272			}
  1273			mutex_unlock(&tni->extent_lock);
  1274			ntfs_debug("Unlocking %s inode 0x%lx.",
  1275					tni == base_tni ? "base" : "extent",
  1276					tni->mft_no);
  1277			mutex_unlock(&tni->mrec_lock);
  1278			atomic_dec(&tni->count);
  1279			iput(VFS_I(base_tni));
  1280		}
  1281		SetPageUptodate(page);
  1282		kunmap(page);
  1283	done:
  1284		if (unlikely(err && err != -ENOMEM)) {
  1285			/*
  1286			 * Set page error if there is only one ntfs record in the page.
  1287			 * Otherwise we would loose per-record granularity.
  1288			 */
  1289			if (ni->itype.index.block_size == PAGE_SIZE)
  1290				SetPageError(page);
  1291			NVolSetErrors(vol);
  1292		}
  1293		if (page_is_dirty) {
  1294			ntfs_debug("Page still contains one or more dirty ntfs "
  1295					"records.  Redirtying the page starting at "
  1296					"record 0x%lx.", page->index <<
  1297					(PAGE_SHIFT - rec_size_bits));
  1298			redirty_page_for_writepage(wbc, page);
  1299			unlock_page(page);
  1300		} else {
  1301			/*
  1302			 * Keep the VM happy.  This must be done otherwise the
  1303			 * radix-tree tag PAGECACHE_TAG_DIRTY remains set even though
  1304			 * the page is clean.
  1305			 */
  1306			BUG_ON(PageWriteback(page));
  1307			set_page_writeback(page);
  1308			unlock_page(page);
  1309			end_page_writeback(page);
  1310		}
  1311		if (likely(!err))
  1312			ntfs_debug("Done.");
  1313		return err;
  1314	}
  1315	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (30842 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ