Hi
Thanks for reporting this.
I will fix it in the next version.
- Xiubo
On 14/11/2022 16:54, kernel test robot wrote:
Hi,
I love your patch! Perhaps something to improve:
[auto build test WARNING on ceph-client/testing] [also build test WARNING on ceph-client/for-linus linus/master v6.1-rc5 next-20221111] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/xiubli-redhat-com/ceph-fix-th... base: https://github.com/ceph/ceph-client.git testing patch link: https://lore.kernel.org/r/20221114051901.15371-3-xiubli%40redhat.com patch subject: [PATCH 2/2 v2] ceph: use a xarray to record all the opened files for each inode config: hexagon-randconfig-r041-20221114 compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 463da45892e2d2a262277b91b96f5f8c05dc25d0) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/intel-lab-lkp/linux/commit/232cc8f1dbeddb308946202a7c67ee... git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review xiubli-redhat-com/ceph-fix-the-use-after-free-bug-for-file_lock/20221114-132233 git checkout 232cc8f1dbeddb308946202a7c67ee4d20451ae7 # save the config file mkdir build_dir && cp config build_dir/.config COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=hexagon SHELL=/bin/bash fs/ceph/
If you fix the issue, kindly add following tag where applicable | Reported-by: kernel test robot lkp@intel.com
All warnings (new ones prefixed by >>):
In file included from fs/ceph/locks.c:8: In file included from fs/ceph/super.h:8: In file included from include/linux/backing-dev.h:16: In file included from include/linux/writeback.h:13: In file included from include/linux/blk_types.h:10: In file included from include/linux/bvec.h:10: In file included from include/linux/highmem.h:12: In file included from include/linux/hardirq.h:11: In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1: In file included from include/asm-generic/hardirq.h:17: In file included from include/linux/irq.h:20: In file included from include/linux/io.h:13: In file included from arch/hexagon/include/asm/io.h:334: include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] val = __raw_readb(PCI_IOBASE + addr); ~~~~~~~~~~ ^ include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr)); ~~~~~~~~~~ ^ include/uapi/linux/byteorder/little_endian.h:37:51: note: expanded from macro '__le16_to_cpu' #define __le16_to_cpu(x) ((__force __u16)(__le16)(x)) ^ In file included from fs/ceph/locks.c:8: In file included from fs/ceph/super.h:8: In file included from include/linux/backing-dev.h:16: In file included from include/linux/writeback.h:13: In file included from include/linux/blk_types.h:10: In file included from include/linux/bvec.h:10: In file included from include/linux/highmem.h:12: In file included from include/linux/hardirq.h:11: In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1: In file included from include/asm-generic/hardirq.h:17: In file included from include/linux/irq.h:20: In file included from include/linux/io.h:13: In file included from arch/hexagon/include/asm/io.h:334: include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr)); ~~~~~~~~~~ ^ include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__le32_to_cpu' #define __le32_to_cpu(x) ((__force __u32)(__le32)(x)) ^ In file included from fs/ceph/locks.c:8: In file included from fs/ceph/super.h:8: In file included from include/linux/backing-dev.h:16: In file included from include/linux/writeback.h:13: In file included from include/linux/blk_types.h:10: In file included from include/linux/bvec.h:10: In file included from include/linux/highmem.h:12: In file included from include/linux/hardirq.h:11: In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1: In file included from include/asm-generic/hardirq.h:17: In file included from include/linux/irq.h:20: In file included from include/linux/io.h:13: In file included from arch/hexagon/include/asm/io.h:334: include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] __raw_writeb(value, PCI_IOBASE + addr); ~~~~~~~~~~ ^ include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr); ~~~~~~~~~~ ^ include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr); ~~~~~~~~~~ ^fs/ceph/locks.c:66:6: warning: variable 'fi' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
if (val == CEPH_FILP_AVAILABLE) { ^~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ceph/locks.c:79:14: note: uninitialized use occurs here atomic_dec(&fi->num_locks); ^~ fs/ceph/locks.c:66:2: note: remove the 'if' if its condition is always true if (val == CEPH_FILP_AVAILABLE) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ceph/locks.c:47:27: note: initialize the variable 'fi' to silence this warning struct ceph_file_info *fi; ^ = NULL 7 warnings generated.vim +66 fs/ceph/locks.c
42 43 static void ceph_fl_release_lock(struct file_lock *fl) 44 { 45 struct inode *inode = fl->fl_u.ceph_fl.fl_inode; 46 struct ceph_inode_info *ci; 47 struct ceph_file_info *fi; 48 void *val; 49 50 /* 51 * If inode is NULL it should be a request file_lock, 52 * nothing we can do. 53 */ 54 if (!inode) 55 return; 56 57 ci = ceph_inode(inode); 58 59 /* 60 * For Posix-style locks, it may race between filp_close()s, 61 * and it's possible that the 'file' memory pointed by 62 * 'fl->fl_file' has been released. If so just skip it. 63 */ 64 rcu_read_lock(); 65 val = xa_load(&ci->i_opened_files, (unsigned long)fl->fl_file);66 if (val == CEPH_FILP_AVAILABLE) {
67 fi = fl->fl_file->private_data; 68 atomic_dec(&fi->num_locks); 69 } 70 rcu_read_unlock(); 71 72 if (atomic_dec_and_test(&ci->i_filelock_ref)) { 73 /* clear error when all locks are released */ 74 spin_lock(&ci->i_ceph_lock); 75 ci->i_ceph_flags &= ~CEPH_I_ERROR_FILELOCK; 76 spin_unlock(&ci->i_ceph_lock); 77 } 78 iput(inode); 79 atomic_dec(&fi->num_locks); 80 } 81