[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a7243d03-da3a-8df5-1c5c-b4540fb1a91a@redhat.com>
Date: Mon, 14 Nov 2022 21:08:15 +0800
From: Xiubo Li <xiubli@...hat.com>
To: kernel test robot <lkp@...el.com>, ceph-devel@...r.kernel.org,
jlayton@...nel.org, idryomov@...il.com, viro@...iv.linux.org.uk
Cc: llvm@...ts.linux.dev, oe-kbuild-all@...ts.linux.dev,
lhenriques@...e.de, mchangir@...hat.com,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH 2/2 v2] ceph: use a xarray to record all the opened files
for each inode
Hi
Thanks for reporting this.
I will fix it in the next version.
- Xiubo
On 14/11/2022 16:54, kernel test robot wrote:
> Hi,
>
> I love your patch! Perhaps something to improve:
>
> [auto build test WARNING on ceph-client/testing]
> [also build test WARNING on ceph-client/for-linus linus/master v6.1-rc5 next-20221111]
> [If your patch is applied to the wrong git tree, kindly drop us a note.
> And when submitting patch, we suggest to use '--base' as documented in
> https://git-scm.com/docs/git-format-patch#_base_tree_information]
>
> url: https://github.com/intel-lab-lkp/linux/commits/xiubli-redhat-com/ceph-fix-the-use-after-free-bug-for-file_lock/20221114-132233
> base: https://github.com/ceph/ceph-client.git testing
> patch link: https://lore.kernel.org/r/20221114051901.15371-3-xiubli%40redhat.com
> patch subject: [PATCH 2/2 v2] ceph: use a xarray to record all the opened files for each inode
> config: hexagon-randconfig-r041-20221114
> compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 463da45892e2d2a262277b91b96f5f8c05dc25d0)
> reproduce (this is a W=1 build):
> wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
> chmod +x ~/bin/make.cross
> # https://github.com/intel-lab-lkp/linux/commit/232cc8f1dbeddb308946202a7c67ee4d20451ae7
> git remote add linux-review https://github.com/intel-lab-lkp/linux
> git fetch --no-tags linux-review xiubli-redhat-com/ceph-fix-the-use-after-free-bug-for-file_lock/20221114-132233
> git checkout 232cc8f1dbeddb308946202a7c67ee4d20451ae7
> # save the config file
> mkdir build_dir && cp config build_dir/.config
> COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon SHELL=/bin/bash fs/ceph/
>
> If you fix the issue, kindly add following tag where applicable
> | Reported-by: kernel test robot <lkp@...el.com>
>
> All warnings (new ones prefixed by >>):
>
> In file included from fs/ceph/locks.c:8:
> In file included from fs/ceph/super.h:8:
> In file included from include/linux/backing-dev.h:16:
> In file included from include/linux/writeback.h:13:
> In file included from include/linux/blk_types.h:10:
> In file included from include/linux/bvec.h:10:
> In file included from include/linux/highmem.h:12:
> In file included from include/linux/hardirq.h:11:
> In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
> In file included from include/asm-generic/hardirq.h:17:
> In file included from include/linux/irq.h:20:
> In file included from include/linux/io.h:13:
> In file included from arch/hexagon/include/asm/io.h:334:
> include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
> val = __raw_readb(PCI_IOBASE + addr);
> ~~~~~~~~~~ ^
> include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
> val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
> ~~~~~~~~~~ ^
> include/uapi/linux/byteorder/little_endian.h:37:51: note: expanded from macro '__le16_to_cpu'
> #define __le16_to_cpu(x) ((__force __u16)(__le16)(x))
> ^
> In file included from fs/ceph/locks.c:8:
> In file included from fs/ceph/super.h:8:
> In file included from include/linux/backing-dev.h:16:
> In file included from include/linux/writeback.h:13:
> In file included from include/linux/blk_types.h:10:
> In file included from include/linux/bvec.h:10:
> In file included from include/linux/highmem.h:12:
> In file included from include/linux/hardirq.h:11:
> In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
> In file included from include/asm-generic/hardirq.h:17:
> In file included from include/linux/irq.h:20:
> In file included from include/linux/io.h:13:
> In file included from arch/hexagon/include/asm/io.h:334:
> include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
> val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
> ~~~~~~~~~~ ^
> include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__le32_to_cpu'
> #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
> ^
> In file included from fs/ceph/locks.c:8:
> In file included from fs/ceph/super.h:8:
> In file included from include/linux/backing-dev.h:16:
> In file included from include/linux/writeback.h:13:
> In file included from include/linux/blk_types.h:10:
> In file included from include/linux/bvec.h:10:
> In file included from include/linux/highmem.h:12:
> In file included from include/linux/hardirq.h:11:
> In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
> In file included from include/asm-generic/hardirq.h:17:
> In file included from include/linux/irq.h:20:
> In file included from include/linux/io.h:13:
> In file included from arch/hexagon/include/asm/io.h:334:
> include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
> __raw_writeb(value, PCI_IOBASE + addr);
> ~~~~~~~~~~ ^
> include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
> __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
> ~~~~~~~~~~ ^
> include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
> __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
> ~~~~~~~~~~ ^
>>> fs/ceph/locks.c:66:6: warning: variable 'fi' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
> if (val == CEPH_FILP_AVAILABLE) {
> ^~~~~~~~~~~~~~~~~~~~~~~~~~
> fs/ceph/locks.c:79:14: note: uninitialized use occurs here
> atomic_dec(&fi->num_locks);
> ^~
> fs/ceph/locks.c:66:2: note: remove the 'if' if its condition is always true
> if (val == CEPH_FILP_AVAILABLE) {
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> fs/ceph/locks.c:47:27: note: initialize the variable 'fi' to silence this warning
> struct ceph_file_info *fi;
> ^
> = NULL
> 7 warnings generated.
>
>
> vim +66 fs/ceph/locks.c
>
> 42
> 43 static void ceph_fl_release_lock(struct file_lock *fl)
> 44 {
> 45 struct inode *inode = fl->fl_u.ceph_fl.fl_inode;
> 46 struct ceph_inode_info *ci;
> 47 struct ceph_file_info *fi;
> 48 void *val;
> 49
> 50 /*
> 51 * If inode is NULL it should be a request file_lock,
> 52 * nothing we can do.
> 53 */
> 54 if (!inode)
> 55 return;
> 56
> 57 ci = ceph_inode(inode);
> 58
> 59 /*
> 60 * For Posix-style locks, it may race between filp_close()s,
> 61 * and it's possible that the 'file' memory pointed by
> 62 * 'fl->fl_file' has been released. If so just skip it.
> 63 */
> 64 rcu_read_lock();
> 65 val = xa_load(&ci->i_opened_files, (unsigned long)fl->fl_file);
> > 66 if (val == CEPH_FILP_AVAILABLE) {
> 67 fi = fl->fl_file->private_data;
> 68 atomic_dec(&fi->num_locks);
> 69 }
> 70 rcu_read_unlock();
> 71
> 72 if (atomic_dec_and_test(&ci->i_filelock_ref)) {
> 73 /* clear error when all locks are released */
> 74 spin_lock(&ci->i_ceph_lock);
> 75 ci->i_ceph_flags &= ~CEPH_I_ERROR_FILELOCK;
> 76 spin_unlock(&ci->i_ceph_lock);
> 77 }
> 78 iput(inode);
> 79 atomic_dec(&fi->num_locks);
> 80 }
> 81
>
Powered by blists - more mailing lists