lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202410252304.ImkycETw-lkp@intel.com>
Date: Fri, 25 Oct 2024 23:17:32 +0800
From: kernel test robot <lkp@...el.com>
To: Li Lingfeng <lilingfeng3@...wei.com>, trondmy@...nel.org,
	anna@...nel.org
Cc: oe-kbuild-all@...ts.linux.dev, dros@...app.com,
	trond.myklebust@...merspace.com, jlayton@...nel.org,
	linux-nfs@...r.kernel.org, linux-kernel@...r.kernel.org,
	yukuai1@...weicloud.com, houtao1@...wei.com, yi.zhang@...wei.com,
	yangerkun@...wei.com, lilingfeng@...weicloud.com,
	lilingfeng3@...wei.com
Subject: Re: [PATCH v3] nfs: protect nfs41_impl_id by rcu

Hi Li,

kernel test robot noticed the following build warnings:

[auto build test WARNING on trondmy-nfs/linux-next]
[also build test WARNING on linus/master v6.12-rc4 next-20241025]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Li-Lingfeng/nfs-protect-nfs41_impl_id-by-rcu/20241022-194521
base:   git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
patch link:    https://lore.kernel.org/r/20241022115847.1283892-1-lilingfeng3%40huawei.com
patch subject: [PATCH v3] nfs: protect nfs41_impl_id by rcu
config: alpha-randconfig-r132-20241025 (https://download.01.org/0day-ci/archive/20241025/202410252304.ImkycETw-lkp@intel.com/config)
compiler: alpha-linux-gcc (GCC) 13.3.0
reproduce: (https://download.01.org/0day-ci/archive/20241025/202410252304.ImkycETw-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202410252304.ImkycETw-lkp@intel.com/

sparse warnings: (new ones prefixed by >>)
>> fs/nfs/nfs4proc.c:8876:17: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct callback_head *head @@     got struct callback_head [noderef] __rcu * @@
   fs/nfs/nfs4proc.c:8876:17: sparse:     expected struct callback_head *head
   fs/nfs/nfs4proc.c:8876:17: sparse:     got struct callback_head [noderef] __rcu *
>> fs/nfs/nfs4proc.c:8876:17: sparse: sparse: cast removes address space '__rcu' of expression
>> fs/nfs/nfs4proc.c:8933:31: sparse: sparse: incorrect type in assignment (different address spaces) @@     expected struct nfs41_impl_id [noderef] __rcu *impl_id @@     got void *_res @@
   fs/nfs/nfs4proc.c:8933:31: sparse:     expected struct nfs41_impl_id [noderef] __rcu *impl_id
   fs/nfs/nfs4proc.c:8933:31: sparse:     got void *_res
>> fs/nfs/nfs4proc.c:8973:28: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected void const *objp @@     got struct nfs41_impl_id [noderef] __rcu *impl_id @@
   fs/nfs/nfs4proc.c:8973:28: sparse:     expected void const *objp
   fs/nfs/nfs4proc.c:8973:28: sparse:     got struct nfs41_impl_id [noderef] __rcu *impl_id
>> fs/nfs/nfs4proc.c:9038:25: sparse: sparse: incorrect type in initializer (different address spaces) @@     expected struct nfs41_impl_id [noderef] __rcu *__tmp @@     got struct nfs41_impl_id * @@
   fs/nfs/nfs4proc.c:9038:25: sparse:     expected struct nfs41_impl_id [noderef] __rcu *__tmp
   fs/nfs/nfs4proc.c:9038:25: sparse:     got struct nfs41_impl_id *
--
>> fs/nfs/nfs4xdr.c:5788:27: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected void * @@     got char [noderef] __rcu * @@
   fs/nfs/nfs4xdr.c:5788:27: sparse:     expected void *
   fs/nfs/nfs4xdr.c:5788:27: sparse:     got char [noderef] __rcu *
   fs/nfs/nfs4xdr.c:5794:27: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected void * @@     got char [noderef] __rcu * @@
   fs/nfs/nfs4xdr.c:5794:27: sparse:     expected void *
   fs/nfs/nfs4xdr.c:5794:27: sparse:     got char [noderef] __rcu *
>> fs/nfs/nfs4xdr.c:5800:45: sparse: sparse: incorrect type in argument 2 (different address spaces) @@     expected unsigned long long [usertype] *valp @@     got unsigned long long [noderef] __rcu * @@
   fs/nfs/nfs4xdr.c:5800:45: sparse:     expected unsigned long long [usertype] *valp
   fs/nfs/nfs4xdr.c:5800:45: sparse:     got unsigned long long [noderef] __rcu *
>> fs/nfs/nfs4xdr.c:5801:20: sparse: sparse: dereference of noderef expression
--
>> fs/nfs/nfs4client.c:298:17: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct callback_head *head @@     got struct callback_head [noderef] __rcu * @@
   fs/nfs/nfs4client.c:298:17: sparse:     expected struct callback_head *head
   fs/nfs/nfs4client.c:298:17: sparse:     got struct callback_head [noderef] __rcu *
>> fs/nfs/nfs4client.c:298:17: sparse: sparse: cast removes address space '__rcu' of expression

vim +8876 fs/nfs/nfs4proc.c

  8868	
  8869	static void nfs4_exchange_id_release(void *data)
  8870	{
  8871		struct nfs41_exchange_id_data *cdata =
  8872						(struct nfs41_exchange_id_data *)data;
  8873	
  8874		nfs_put_client(cdata->args.client);
  8875		if (cdata->res.impl_id)
> 8876			kfree_rcu(cdata->res.impl_id, __rcu_head);
  8877		kfree(cdata->res.server_scope);
  8878		kfree(cdata->res.server_owner);
  8879		kfree(cdata);
  8880	}
  8881	
  8882	static const struct rpc_call_ops nfs4_exchange_id_call_ops = {
  8883		.rpc_release = nfs4_exchange_id_release,
  8884	};
  8885	
  8886	/*
  8887	 * _nfs4_proc_exchange_id()
  8888	 *
  8889	 * Wrapper for EXCHANGE_ID operation.
  8890	 */
  8891	static struct rpc_task *
  8892	nfs4_run_exchange_id(struct nfs_client *clp, const struct cred *cred,
  8893				u32 sp4_how, struct rpc_xprt *xprt)
  8894	{
  8895		struct rpc_message msg = {
  8896			.rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_EXCHANGE_ID],
  8897			.rpc_cred = cred,
  8898		};
  8899		struct rpc_task_setup task_setup_data = {
  8900			.rpc_client = clp->cl_rpcclient,
  8901			.callback_ops = &nfs4_exchange_id_call_ops,
  8902			.rpc_message = &msg,
  8903			.flags = RPC_TASK_TIMEOUT | RPC_TASK_NO_ROUND_ROBIN,
  8904		};
  8905		struct nfs41_exchange_id_data *calldata;
  8906		int status;
  8907	
  8908		if (!refcount_inc_not_zero(&clp->cl_count))
  8909			return ERR_PTR(-EIO);
  8910	
  8911		status = -ENOMEM;
  8912		calldata = kzalloc(sizeof(*calldata), GFP_NOFS);
  8913		if (!calldata)
  8914			goto out;
  8915	
  8916		nfs4_init_boot_verifier(clp, &calldata->args.verifier);
  8917	
  8918		status = nfs4_init_uniform_client_string(clp);
  8919		if (status)
  8920			goto out_calldata;
  8921	
  8922		calldata->res.server_owner = kzalloc(sizeof(struct nfs41_server_owner),
  8923							GFP_NOFS);
  8924		status = -ENOMEM;
  8925		if (unlikely(calldata->res.server_owner == NULL))
  8926			goto out_calldata;
  8927	
  8928		calldata->res.server_scope = kzalloc(sizeof(struct nfs41_server_scope),
  8929						GFP_NOFS);
  8930		if (unlikely(calldata->res.server_scope == NULL))
  8931			goto out_server_owner;
  8932	
> 8933		calldata->res.impl_id = kzalloc(sizeof(struct nfs41_impl_id), GFP_NOFS);
  8934		if (unlikely(calldata->res.impl_id == NULL))
  8935			goto out_server_scope;
  8936	
  8937		switch (sp4_how) {
  8938		case SP4_NONE:
  8939			calldata->args.state_protect.how = SP4_NONE;
  8940			break;
  8941	
  8942		case SP4_MACH_CRED:
  8943			calldata->args.state_protect = nfs4_sp4_mach_cred_request;
  8944			break;
  8945	
  8946		default:
  8947			/* unsupported! */
  8948			WARN_ON_ONCE(1);
  8949			status = -EINVAL;
  8950			goto out_impl_id;
  8951		}
  8952		if (xprt) {
  8953			task_setup_data.rpc_xprt = xprt;
  8954			task_setup_data.flags |= RPC_TASK_SOFTCONN;
  8955			memcpy(calldata->args.verifier.data, clp->cl_confirm.data,
  8956					sizeof(calldata->args.verifier.data));
  8957		}
  8958		calldata->args.client = clp;
  8959		calldata->args.flags = EXCHGID4_FLAG_SUPP_MOVED_REFER |
  8960		EXCHGID4_FLAG_BIND_PRINC_STATEID;
  8961	#ifdef CONFIG_NFS_V4_1_MIGRATION
  8962		calldata->args.flags |= EXCHGID4_FLAG_SUPP_MOVED_MIGR;
  8963	#endif
  8964		if (test_bit(NFS_CS_PNFS, &clp->cl_flags))
  8965			calldata->args.flags |= EXCHGID4_FLAG_USE_PNFS_DS;
  8966		msg.rpc_argp = &calldata->args;
  8967		msg.rpc_resp = &calldata->res;
  8968		task_setup_data.callback_data = calldata;
  8969	
  8970		return rpc_run_task(&task_setup_data);
  8971	
  8972	out_impl_id:
> 8973		kfree(calldata->res.impl_id);
  8974	out_server_scope:
  8975		kfree(calldata->res.server_scope);
  8976	out_server_owner:
  8977		kfree(calldata->res.server_owner);
  8978	out_calldata:
  8979		kfree(calldata);
  8980	out:
  8981		nfs_put_client(clp);
  8982		return ERR_PTR(status);
  8983	}
  8984	
  8985	/*
  8986	 * _nfs4_proc_exchange_id()
  8987	 *
  8988	 * Wrapper for EXCHANGE_ID operation.
  8989	 */
  8990	static int _nfs4_proc_exchange_id(struct nfs_client *clp, const struct cred *cred,
  8991				u32 sp4_how)
  8992	{
  8993		struct rpc_task *task;
  8994		struct nfs41_exchange_id_args *argp;
  8995		struct nfs41_exchange_id_res *resp;
  8996		unsigned long now = jiffies;
  8997		int status;
  8998	
  8999		task = nfs4_run_exchange_id(clp, cred, sp4_how, NULL);
  9000		if (IS_ERR(task))
  9001			return PTR_ERR(task);
  9002	
  9003		argp = task->tk_msg.rpc_argp;
  9004		resp = task->tk_msg.rpc_resp;
  9005		status = task->tk_status;
  9006		if (status  != 0)
  9007			goto out;
  9008	
  9009		status = nfs4_check_cl_exchange_flags(resp->flags,
  9010				clp->cl_mvops->minor_version);
  9011		if (status  != 0)
  9012			goto out;
  9013	
  9014		status = nfs4_sp4_select_mode(clp, &resp->state_protect);
  9015		if (status != 0)
  9016			goto out;
  9017	
  9018		do_renew_lease(clp, now);
  9019	
  9020		clp->cl_clientid = resp->clientid;
  9021		clp->cl_exchange_flags = resp->flags;
  9022		clp->cl_seqid = resp->seqid;
  9023		/* Client ID is not confirmed */
  9024		if (!(resp->flags & EXCHGID4_FLAG_CONFIRMED_R))
  9025			clear_bit(NFS4_SESSION_ESTABLISHED,
  9026				  &clp->cl_session->session_state);
  9027	
  9028		if (clp->cl_serverscope != NULL &&
  9029		    !nfs41_same_server_scope(clp->cl_serverscope,
  9030					resp->server_scope)) {
  9031			dprintk("%s: server_scope mismatch detected\n",
  9032				__func__);
  9033			set_bit(NFS4CLNT_SERVER_SCOPE_MISMATCH, &clp->cl_state);
  9034		}
  9035	
  9036		swap(clp->cl_serverowner, resp->server_owner);
  9037		swap(clp->cl_serverscope, resp->server_scope);
> 9038		resp->impl_id = rcu_replace_pointer(clp->cl_implid, resp->impl_id, 1);
  9039	
  9040		/* Save the EXCHANGE_ID verifier session trunk tests */
  9041		memcpy(clp->cl_confirm.data, argp->verifier.data,
  9042		       sizeof(clp->cl_confirm.data));
  9043	out:
  9044		trace_nfs4_exchange_id(clp, status);
  9045		rpc_put_task(task);
  9046		return status;
  9047	}
  9048	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ