On Tue, Jan 2, 2018 at 12:48 PM, kernelci.org bot bot@kernelci.org wrote:
Hi Ben,
almost a clean build with kernelci!
Errors summary: 1 drivers/scsi/mpt2sas/mpt2sas_base.c:3550:1: internal compiler error: in extract_constrain_insn, at recog.c:2190 1 drivers/scsi/mpt2sas/mpt2sas_base.c:3550:1: error: insn does not satisfy its constraints:
See earlier discussion https://www.spinics.net/lists/stable/msg195996.html
Warnings summary: 54 include/linux/stddef.h:8:14: warning: 'return' with a value, in function returning void
This comes from an incorrect backport of commit 49e67dd17649 ("of: fdt: add missing allocation-failure check")
It's harmless, and stable/linux-3.18.y has the correct version:
--- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -380,6 +380,6 @@ static void __unflatten_device_tree(void *blob, /* Allocate memory for the expanded device tree */ mem = dt_alloc(size + 4, __alignof__(struct device_node)); if (!mem) - return NULL; + return;
memset(mem, 0, size);
2 ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
This code was last touched in 3.16 by the backport of commit 5864a2fd3088 ("ipc/sem.c: fix complex_count vs. simple op race")
The warning is in "smp_load_acquire(&sma->complex_mode))", and I suspect that commit 27d7be1801a4 ("ipc/sem.c: avoid using spin_unlock_wait()") avoided the warning upstream by removing the smp_mb() before it.
The code is way too complex for a fly-by analysis, so I'm adding Manfred to Cc here. It may be worth comparing the full list of backports that went into ipc/sem.c in 3.16.y with those in 3.18.y and 4.1.y that don't have the warning. Here is what I see in the git history:
$ git log --oneline v3.16..stable/linux-3.16.y ipc/sem.c accb9f16adba ipc/sem.c: fix complex_count vs. simple op race 5b11c133308b ipc: remove use of seq_printf return value 08397b1a5cd4 sysv, ipc: fix security-layer leaking 35cfc2b3a9da ipc/sem.c: fully initialize sem_array before making it visible 69a9a86b645f ipc/sem.c: update/correct memory barriers 30f995ba77ca ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() 76ce4fe19d6b ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits
$ git log --oneline v3.16..stable/linux-3.18.y ipc/sem.c 7dd90826dfba sysv, ipc: fix security-layer leaking ff12efa03da1 ipc/sem.c: update/correct memory barriers 38b50c47c25e ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible
$ git log --oneline v3.16..stable/linux-4.1.y ipc/sem.c e2b438fdfa4d sysv, ipc: fix security-layer leaking b6805da60f01 ipc/sem.c: update/correct memory barriers 7be83cf01024 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible
$ git log --oneline v3.16..stable/linux-4.4.y ipc/sem.c f6031d95320d ipc/sem.c: fix complex_count vs. simple op race 62659f0b9ed7 sysv, ipc: fix security-layer leaking 3ed1f8a99d70 ipc/sem.c: update/correct memory barriers a97955844807 ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem() 602b8593d2b4 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 55b7ae50167e ipc: rename ipc_obtain_object 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible
$ git log --oneline v3.16..stable/linux-4.9.y ipc/sem.c 2a1613a586de ipc/sem.c: add cond_resched in exit_sme 5864a2fd3088 ipc/sem.c: fix complex_count vs. simple op race 9b24fef9f041 sysv, ipc: fix security-layer leaking be3e78449803 locking/spinlock: Update spin_unlock_wait() users 33ac279677dc locking/barriers: Introduce smp_acquire__after_ctrl_dep() a5f4db877177 ipc/sem: make semctl setting sempid consistent 1d5cfdb07628 tree wide: use kvfree() than conditional kfree()/vfree() 3ed1f8a99d70 ipc/sem.c: update/correct memory barriers a97955844807 ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem() 602b8593d2b4 ipc,sem: fix use after free on IPC_RMID after a task using same semaphore set exits 55b7ae50167e ipc: rename ipc_obtain_object 7f032d6ef615 ipc: remove use of seq_printf return value 52644c9ab3fa ipc,sem: use current->state helpers 2e094abfd1f2 ipc/sem.c: change memory barrier in sem_lock() to smp_rmb() e8577d1f0329 ipc/sem.c: fully initialize sem_array before making it visible
1 arch/arm/kernel/head-nommu.S:167: Warning: Use of r13 as a source register is deprecated when r15 is the destination register.
Fixed by backporting:
970d96f9a81b ("ARM: 8383/1: nommu: avoid deprecated source register on mov")
Arnd
Hi Arnd,
On 01/03/2018 12:15 AM, Arnd Bergmann wrote:
2 ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
This code was last touched in 3.16 by the backport of commit 5864a2fd3088 ("ipc/sem.c: fix complex_count vs. simple op race")
The warning is in "smp_load_acquire(&sma->complex_mode))", and I suspect that commit 27d7be1801a4 ("ipc/sem.c: avoid using spin_unlock_wait()") avoided the warning upstream by removing the smp_mb() before it.
The smp_mb() pairs with spin_unlock_wait() in complexmode_enter() It is removed by commit 27d7be1801a4 ("ipc/sem.c: avoid using spin_unlock_wait()").
From what I see, it doesn't exist in any of the stable kernels (intentionally, the above commit is a rewrite for better performance).
___p1 is from smp_load_acquire()
typeof(*p) ___p1 = READ_ONCE(*p); \
I don't see how ___p1 could be used uninitialized. Perhaps a compiler issue?
-- Manfred
On Sat, 2018-01-13 at 19:51 +0100, Manfred Spraul wrote:
Hi Arnd,
On 01/03/2018 12:15 AM, Arnd Bergmann wrote:
2 ipc/sem.c:377:6: warning: '___p1' may be used uninitialized in this function [-Wmaybe-uninitialized]
This code was last touched in 3.16 by the backport of commit 5864a2fd3088 ("ipc/sem.c: fix complex_count vs. simple op race")
The warning is in "smp_load_acquire(&sma->complex_mode))", and I suspect that commit 27d7be1801a4 ("ipc/sem.c: avoid using spin_unlock_wait()") avoided the warning upstream by removing the smp_mb() before it.
The smp_mb() pairs with spin_unlock_wait() in complexmode_enter() It is removed by commit 27d7be1801a4 ("ipc/sem.c: avoid using spin_unlock_wait()").
From what I see, it doesn't exist in any of the stable kernels (intentionally, the above commit is a rewrite for better performance).
___p1 is from smp_load_acquire()
typeof(*p) ___p1 = READ_ONCE(*p); \
I don't see how ___p1 could be used uninitialized. Perhaps a compiler issue?
On arm64 smp_load_acquire() was implemented in assembly that only supported 4-byte and 8-byte words. And complex_mode is a bool (1-byte) field.
So I believe the fix is:
878a84d5a8a1 arm64: add missing data types in smp_load_acquire/smp_store_release
Ben.
linux-stable-mirror@lists.linaro.org