lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <db824d75-6d6e-4390-899e-6e9ea5159c20@paulmck-laptop>
Date: Tue, 9 Apr 2024 18:09:18 -0700
From: "Paul E. McKenney" <paulmck@...nel.org>
To: kernel test robot <lkp@...el.com>
Cc: oe-kbuild-all@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [paulmck-rcu:dev.2024.04.04a 17/74] mm/memcontrol.c:1200:31:
 sparse: sparse: incorrect type in argument 2 (different base types)

On Wed, Apr 10, 2024 at 08:08:14AM +0800, kernel test robot wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git dev.2024.04.04a
> head:   e2a520f3f3921cb5d3c9631917fccf8c215991ce
> commit: 27011e7159ef6e100e9ae1debb01a8e180ee94bf [17/74] riscv: Emulate one-byte cmpxchg
> config: riscv-randconfig-r122-20240409 (https://download.01.org/0day-ci/archive/20240410/202404100829.OchVjDmF-lkp@intel.com/config)
> compiler: riscv64-linux-gcc (GCC) 13.2.0
> reproduce: (https://download.01.org/0day-ci/archive/20240410/202404100829.OchVjDmF-lkp@intel.com/reproduce)
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202404100829.OchVjDmF-lkp@intel.com/

I believe these to be fixed by the addition of casts by this new
version of the above commit:

4d5c72a34948 ("riscv: Emulate one-byte cmpxchg")

As always, please let me know if I am missing something.

							Thanx, Paul

> sparse warnings: (new ones prefixed by >>)
> >> mm/memcontrol.c:1200:31: sparse: sparse: incorrect type in argument 2 (different base types) @@     expected unsigned long [usertype] old @@     got struct mem_cgroup *__old @@
>    mm/memcontrol.c:1200:31: sparse:     expected unsigned long [usertype] old
>    mm/memcontrol.c:1200:31: sparse:     got struct mem_cgroup *__old
> >> mm/memcontrol.c:1200:31: sparse: sparse: incorrect type in argument 3 (different base types) @@     expected unsigned long [usertype] new @@     got struct mem_cgroup *__new @@
>    mm/memcontrol.c:1200:31: sparse:     expected unsigned long [usertype] new
>    mm/memcontrol.c:1200:31: sparse:     got struct mem_cgroup *__new
>    mm/memcontrol.c:1240:23: sparse: sparse: incorrect type in argument 2 (different base types) @@     expected unsigned long [usertype] old @@     got struct mem_cgroup *__old @@
>    mm/memcontrol.c:1240:23: sparse:     expected unsigned long [usertype] old
>    mm/memcontrol.c:1240:23: sparse:     got struct mem_cgroup *__old
>    mm/memcontrol.c:1240:23: sparse: sparse: incorrect type in argument 3 (different base types) @@     expected unsigned long [usertype] new @@     got struct mem_cgroup *__new @@
>    mm/memcontrol.c:1240:23: sparse:     expected unsigned long [usertype] new
>    mm/memcontrol.c:1240:23: sparse:     got struct mem_cgroup *__new
>    mm/memcontrol.c:1281:17: sparse: sparse: incorrect type in argument 2 (different base types) @@     expected unsigned long [usertype] old @@     got struct mem_cgroup *__old @@
>    mm/memcontrol.c:1281:17: sparse:     expected unsigned long [usertype] old
>    mm/memcontrol.c:1281:17: sparse:     got struct mem_cgroup *__old
>    mm/memcontrol.c:1281:17: sparse: sparse: incorrect type in argument 3 (different base types) @@     expected unsigned long [usertype] new @@     got struct mem_cgroup *__new @@
>    mm/memcontrol.c:1281:17: sparse:     expected unsigned long [usertype] new
>    mm/memcontrol.c:1281:17: sparse:     got struct mem_cgroup *__new
> >> mm/memcontrol.c:3184:19: sparse: sparse: incorrect type in argument 2 (different base types) @@     expected unsigned long [usertype] old @@     got struct obj_cgroup *__old @@
>    mm/memcontrol.c:3184:19: sparse:     expected unsigned long [usertype] old
>    mm/memcontrol.c:3184:19: sparse:     got struct obj_cgroup *__old
> >> mm/memcontrol.c:3184:19: sparse: sparse: incorrect type in argument 3 (different base types) @@     expected unsigned long [usertype] new @@     got struct obj_cgroup *__new @@
>    mm/memcontrol.c:3184:19: sparse:     expected unsigned long [usertype] new
>    mm/memcontrol.c:3184:19: sparse:     got struct obj_cgroup *__new
>    mm/memcontrol.c:4408:21: sparse: sparse: incompatible types in comparison expression (different address spaces):
>    mm/memcontrol.c:4408:21: sparse:    struct mem_cgroup_threshold_ary [noderef] __rcu *
>    mm/memcontrol.c:4408:21: sparse:    struct mem_cgroup_threshold_ary *
>    mm/memcontrol.c:4410:21: sparse: sparse: incompatible types in comparison expression (different address spaces):
>    mm/memcontrol.c:4410:21: sparse:    struct mem_cgroup_threshold_ary [noderef] __rcu *
>    mm/memcontrol.c:4410:21: sparse:    struct mem_cgroup_threshold_ary *
>    mm/memcontrol.c:4566:9: sparse: sparse: incompatible types in comparison expression (different address spaces):
>    mm/memcontrol.c:4566:9: sparse:    struct mem_cgroup_threshold_ary [noderef] __rcu *
>    mm/memcontrol.c:4566:9: sparse:    struct mem_cgroup_threshold_ary *
>    mm/memcontrol.c:4660:9: sparse: sparse: incompatible types in comparison expression (different address spaces):
>    mm/memcontrol.c:4660:9: sparse:    struct mem_cgroup_threshold_ary [noderef] __rcu *
>    mm/memcontrol.c:4660:9: sparse:    struct mem_cgroup_threshold_ary *
>    mm/memcontrol.c: note: in included file:
>    include/linux/memcontrol.h:761:9: sparse: sparse: context imbalance in 'folio_lruvec_lock' - wrong count at exit
>    include/linux/memcontrol.h:761:9: sparse: sparse: context imbalance in 'folio_lruvec_lock_irq' - wrong count at exit
>    include/linux/memcontrol.h:761:9: sparse: sparse: context imbalance in 'folio_lruvec_lock_irqsave' - wrong count at exit
>    mm/memcontrol.c:2185:6: sparse: sparse: context imbalance in 'folio_memcg_lock' - wrong count at exit
>    mm/memcontrol.c:2232:17: sparse: sparse: context imbalance in '__folio_memcg_unlock' - unexpected unlock
> --
> >> fs/fs-writeback.c:291:13: sparse: sparse: incorrect type in argument 2 (different base types) @@     expected unsigned long [usertype] old @@     got struct bdi_writeback *__old @@
>    fs/fs-writeback.c:291:13: sparse:     expected unsigned long [usertype] old
>    fs/fs-writeback.c:291:13: sparse:     got struct bdi_writeback *__old
> >> fs/fs-writeback.c:291:13: sparse: sparse: incorrect type in argument 3 (different base types) @@     expected unsigned long [usertype] new @@     got struct bdi_writeback *__new @@
>    fs/fs-writeback.c:291:13: sparse:     expected unsigned long [usertype] new
>    fs/fs-writeback.c:291:13: sparse:     got struct bdi_writeback *__new
>    fs/fs-writeback.c:753:15: sparse: sparse: context imbalance in 'wbc_attach_and_unlock_inode' - unexpected unlock
>    fs/fs-writeback.c:1804:20: sparse: sparse: context imbalance in 'writeback_single_inode' - different lock contexts for basic block
>    fs/fs-writeback.c:1990:9: sparse: sparse: context imbalance in 'writeback_sb_inodes' - different lock contexts for basic block
>    fs/fs-writeback.c:2580:20: sparse: sparse: context imbalance in '__mark_inode_dirty' - unexpected unlock
> --
>    fs/bcachefs/btree_cache.c: note: in included file:
>    fs/bcachefs/bcachefs.h:1023:9: sparse: sparse: array of flexible structures
> >> fs/bcachefs/btree_cache.c:534:15: sparse: sparse: incorrect type in argument 2 (different base types) @@     expected unsigned long [usertype] old @@     got struct task_struct *__old @@
>    fs/bcachefs/btree_cache.c:534:15: sparse:     expected unsigned long [usertype] old
>    fs/bcachefs/btree_cache.c:534:15: sparse:     got struct task_struct *__old
> >> fs/bcachefs/btree_cache.c:534:15: sparse: sparse: incorrect type in argument 3 (different base types) @@     expected unsigned long [usertype] new @@     got struct task_struct *__new @@
>    fs/bcachefs/btree_cache.c:534:15: sparse:     expected unsigned long [usertype] new
>    fs/bcachefs/btree_cache.c:534:15: sparse:     got struct task_struct *__new
>    fs/bcachefs/btree_cache.c:546:15: sparse: sparse: incorrect type in argument 2 (different base types) @@     expected unsigned long [usertype] old @@     got struct task_struct *__old @@
>    fs/bcachefs/btree_cache.c:546:15: sparse:     expected unsigned long [usertype] old
>    fs/bcachefs/btree_cache.c:546:15: sparse:     got struct task_struct *__old
>    fs/bcachefs/btree_cache.c:546:15: sparse: sparse: incorrect type in argument 3 (different base types) @@     expected unsigned long [usertype] new @@     got struct task_struct *__new @@
>    fs/bcachefs/btree_cache.c:546:15: sparse:     expected unsigned long [usertype] new
>    fs/bcachefs/btree_cache.c:546:15: sparse:     got struct task_struct *__new
> 
> vim +1200 mm/memcontrol.c
> 
> 4b569387c0d566 Nhat Pham         2023-10-06  1138  
> 5660048ccac873 Johannes Weiner   2012-01-12  1139  /**
> 5660048ccac873 Johannes Weiner   2012-01-12  1140   * mem_cgroup_iter - iterate over memory cgroup hierarchy
> 5660048ccac873 Johannes Weiner   2012-01-12  1141   * @root: hierarchy root
> 5660048ccac873 Johannes Weiner   2012-01-12  1142   * @prev: previously returned memcg, NULL on first invocation
> 5660048ccac873 Johannes Weiner   2012-01-12  1143   * @reclaim: cookie for shared reclaim walks, NULL for full walks
> 5660048ccac873 Johannes Weiner   2012-01-12  1144   *
> 5660048ccac873 Johannes Weiner   2012-01-12  1145   * Returns references to children of the hierarchy below @root, or
> 5660048ccac873 Johannes Weiner   2012-01-12  1146   * @root itself, or %NULL after a full round-trip.
> 5660048ccac873 Johannes Weiner   2012-01-12  1147   *
> 5660048ccac873 Johannes Weiner   2012-01-12  1148   * Caller must pass the return value in @prev on subsequent
> 5660048ccac873 Johannes Weiner   2012-01-12  1149   * invocations for reference counting, or use mem_cgroup_iter_break()
> 5660048ccac873 Johannes Weiner   2012-01-12  1150   * to cancel a hierarchy walk before the round-trip is complete.
> 5660048ccac873 Johannes Weiner   2012-01-12  1151   *
> 05bdc520b3ad39 Miaohe Lin        2020-10-13  1152   * Reclaimers can specify a node in @reclaim to divide up the memcgs
> 05bdc520b3ad39 Miaohe Lin        2020-10-13  1153   * in the hierarchy among all concurrent reclaimers operating on the
> 05bdc520b3ad39 Miaohe Lin        2020-10-13  1154   * same node.
> 5660048ccac873 Johannes Weiner   2012-01-12  1155   */
> 694fbc0fe78518 Andrew Morton     2013-09-24  1156  struct mem_cgroup *mem_cgroup_iter(struct mem_cgroup *root,
> 9f3a0d0933de07 Johannes Weiner   2012-01-12  1157  				   struct mem_cgroup *prev,
> 694fbc0fe78518 Andrew Morton     2013-09-24  1158  				   struct mem_cgroup_reclaim_cookie *reclaim)
> 7d74b06f240f1b KAMEZAWA Hiroyuki 2010-10-27  1159  {
> 3f649ab728cda8 Kees Cook         2020-06-03  1160  	struct mem_cgroup_reclaim_iter *iter;
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1161  	struct cgroup_subsys_state *css = NULL;
> 9f3a0d0933de07 Johannes Weiner   2012-01-12  1162  	struct mem_cgroup *memcg = NULL;
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1163  	struct mem_cgroup *pos = NULL;
> 711d3d2c9bc3fb KAMEZAWA Hiroyuki 2010-10-27  1164  
> 694fbc0fe78518 Andrew Morton     2013-09-24  1165  	if (mem_cgroup_disabled())
> 694fbc0fe78518 Andrew Morton     2013-09-24  1166  		return NULL;
> 5660048ccac873 Johannes Weiner   2012-01-12  1167  
> 9f3a0d0933de07 Johannes Weiner   2012-01-12  1168  	if (!root)
> 9f3a0d0933de07 Johannes Weiner   2012-01-12  1169  		root = root_mem_cgroup;
> 9f3a0d0933de07 Johannes Weiner   2012-01-12  1170  
> 542f85f9ae4acd Michal Hocko      2013-04-29  1171  	rcu_read_lock();
> 14067bb3e24b96 KAMEZAWA Hiroyuki 2009-04-02  1172  
> 527a5ec9a53471 Johannes Weiner   2012-01-12  1173  	if (reclaim) {
> ef8f2327996b5c Mel Gorman        2016-07-28  1174  		struct mem_cgroup_per_node *mz;
> 527a5ec9a53471 Johannes Weiner   2012-01-12  1175  
> a3747b53b1771a Johannes Weiner   2021-04-29  1176  		mz = root->nodeinfo[reclaim->pgdat->node_id];
> 9da83f3fc74b80 Yafang Shao       2019-11-30  1177  		iter = &mz->iter;
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1178  
> a9320aae68a1cd Wei Yang          2022-04-28  1179  		/*
> a9320aae68a1cd Wei Yang          2022-04-28  1180  		 * On start, join the current reclaim iteration cycle.
> a9320aae68a1cd Wei Yang          2022-04-28  1181  		 * Exit when a concurrent walker completes it.
> a9320aae68a1cd Wei Yang          2022-04-28  1182  		 */
> a9320aae68a1cd Wei Yang          2022-04-28  1183  		if (!prev)
> a9320aae68a1cd Wei Yang          2022-04-28  1184  			reclaim->generation = iter->generation;
> a9320aae68a1cd Wei Yang          2022-04-28  1185  		else if (reclaim->generation != iter->generation)
> 542f85f9ae4acd Michal Hocko      2013-04-29  1186  			goto out_unlock;
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1187  
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1188  		while (1) {
> 4db0c3c2983cc6 Jason Low         2015-04-15  1189  			pos = READ_ONCE(iter->position);
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1190  			if (!pos || css_tryget(&pos->css))
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1191  				break;
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1192  			/*
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1193  			 * css reference reached zero, so iter->position will
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1194  			 * be cleared by ->css_released. However, we should not
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1195  			 * rely on this happening soon, because ->css_released
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1196  			 * is called from a work queue, and by busy-waiting we
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1197  			 * might block it. So we clear iter->position right
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1198  			 * away.
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1199  			 */
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29 @1200  			(void)cmpxchg(&iter->position, pos, NULL);
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1201  		}
> 89d8330ccf2ad4 Wei Yang          2022-04-28  1202  	} else if (prev) {
> 89d8330ccf2ad4 Wei Yang          2022-04-28  1203  		pos = prev;
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1204  	}
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1205  
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1206  	if (pos)
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1207  		css = &pos->css;
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1208  
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1209  	for (;;) {
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1210  		css = css_next_descendant_pre(css, &root->css);
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1211  		if (!css) {
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1212  			/*
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1213  			 * Reclaimers share the hierarchy walk, and a
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1214  			 * new one might jump in right at the end of
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1215  			 * the hierarchy - make sure they see at least
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1216  			 * one group and restart from the beginning.
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1217  			 */
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1218  			if (!prev)
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1219  				continue;
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1220  			break;
> 542f85f9ae4acd Michal Hocko      2013-04-29  1221  		}
> 5f578161971863 Michal Hocko      2013-04-29  1222  
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1223  		/*
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1224  		 * Verify the css and acquire a reference.  The root
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1225  		 * is provided by the caller, so we know it's alive
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1226  		 * and kicking, and don't take an extra reference.
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1227  		 */
> 41555dadbff8d2 Wei Yang          2022-04-28  1228  		if (css == &root->css || css_tryget(css)) {
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1229  			memcg = mem_cgroup_from_css(css);
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1230  			break;
> 41555dadbff8d2 Wei Yang          2022-04-28  1231  		}
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1232  	}
> 9f3a0d0933de07 Johannes Weiner   2012-01-12  1233  
> 527a5ec9a53471 Johannes Weiner   2012-01-12  1234  	if (reclaim) {
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1235  		/*
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1236  		 * The position could have already been updated by a competing
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1237  		 * thread, so check that the value hasn't changed since we read
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1238  		 * it to avoid reclaiming from the same cgroup twice.
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1239  		 */
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1240  		(void)cmpxchg(&iter->position, pos, memcg);
> 6df38689e0e9a0 Vladimir Davydov  2015-12-29  1241  
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1242  		if (pos)
> 5ac8fb31ad2ebd Johannes Weiner   2014-12-10  1243  			css_put(&pos->css);
> 542f85f9ae4acd Michal Hocko      2013-04-29  1244  
> 19f39402864ea3 Michal Hocko      2013-04-29  1245  		if (!memcg)
> 527a5ec9a53471 Johannes Weiner   2012-01-12  1246  			iter->generation++;
> 527a5ec9a53471 Johannes Weiner   2012-01-12  1247  	}
> 14067bb3e24b96 KAMEZAWA Hiroyuki 2009-04-02  1248  
> 542f85f9ae4acd Michal Hocko      2013-04-29  1249  out_unlock:
> 542f85f9ae4acd Michal Hocko      2013-04-29  1250  	rcu_read_unlock();
> c40046f3ad5e87 Michal Hocko      2013-04-29  1251  	if (prev && prev != root)
> c40046f3ad5e87 Michal Hocko      2013-04-29  1252  		css_put(&prev->css);
> c40046f3ad5e87 Michal Hocko      2013-04-29  1253  
> 9f3a0d0933de07 Johannes Weiner   2012-01-12  1254  	return memcg;
> 9f3a0d0933de07 Johannes Weiner   2012-01-12  1255  }
> 14067bb3e24b96 KAMEZAWA Hiroyuki 2009-04-02  1256  
> 
> :::::: The code at line 1200 was first introduced by commit
> :::::: 6df38689e0e9a07ff4f42c06b302e203b33667e9 mm: memcontrol: fix possible memcg leak due to interrupted reclaim
> 
> :::::: TO: Vladimir Davydov <vdavydov@...tuozzo.com>
> :::::: CC: Linus Torvalds <torvalds@...ux-foundation.org>
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ