From: kernel test robot <lkp@intel.com>
To: kbuild@lists.01.org
Subject: kernel/futex/pi.c:1089 futex_lock_pi() warn: bitwise AND condition is false here
Date: Thu, 18 Nov 2021 09:13:54 +0800 [thread overview]
Message-ID: <202111180945.bMDaUQcp-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 14194 bytes --]
CC: kbuild-all(a)lists.01.org
CC: linux-kernel(a)vger.kernel.org
TO: Peter Zijlstra <peterz@infradead.org>
CC: "André Almeida" <andrealmeid@collabora.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: ee1703cda8dc777e937dec172da55beaf1a74919
commit: 85dc28fa4ec058645c29bda952d901b29dfaa0b0 futex: Split out PI futex
date: 6 weeks ago
:::::: branch date: 8 hours ago
:::::: commit date: 6 weeks ago
config: arm-randconfig-m031-20211104 (attached as .config)
compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
kernel/futex/pi.c:1089 futex_lock_pi() warn: bitwise AND condition is false here
vim +1089 kernel/futex/pi.c
85dc28fa4ec058 Peter Zijlstra 2021-09-23 920
85dc28fa4ec058 Peter Zijlstra 2021-09-23 921 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 922 * Userspace tried a 0 -> TID atomic transition of the futex value
85dc28fa4ec058 Peter Zijlstra 2021-09-23 923 * and failed. The kernel side here does the whole locking operation:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 924 * if there are waiters then it will block as a consequence of relying
85dc28fa4ec058 Peter Zijlstra 2021-09-23 925 * on rt-mutexes, it does PI, etc. (Due to races the kernel might see
85dc28fa4ec058 Peter Zijlstra 2021-09-23 926 * a 0 value of the futex too.).
85dc28fa4ec058 Peter Zijlstra 2021-09-23 927 *
85dc28fa4ec058 Peter Zijlstra 2021-09-23 928 * Also serves as futex trylock_pi()'ing, and due semantics.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 929 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 930 int futex_lock_pi(u32 __user *uaddr, unsigned int flags, ktime_t *time, int trylock)
85dc28fa4ec058 Peter Zijlstra 2021-09-23 931 {
85dc28fa4ec058 Peter Zijlstra 2021-09-23 932 struct hrtimer_sleeper timeout, *to;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 933 struct task_struct *exiting = NULL;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 934 struct rt_mutex_waiter rt_waiter;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 935 struct futex_hash_bucket *hb;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 936 struct futex_q q = futex_q_init;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 937 int res, ret;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 938
85dc28fa4ec058 Peter Zijlstra 2021-09-23 939 if (!IS_ENABLED(CONFIG_FUTEX_PI))
85dc28fa4ec058 Peter Zijlstra 2021-09-23 940 return -ENOSYS;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 941
85dc28fa4ec058 Peter Zijlstra 2021-09-23 942 if (refill_pi_state_cache())
85dc28fa4ec058 Peter Zijlstra 2021-09-23 943 return -ENOMEM;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 944
85dc28fa4ec058 Peter Zijlstra 2021-09-23 945 to = futex_setup_timer(time, &timeout, flags, 0);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 946
85dc28fa4ec058 Peter Zijlstra 2021-09-23 947 retry:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 948 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q.key, FUTEX_WRITE);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 949 if (unlikely(ret != 0))
85dc28fa4ec058 Peter Zijlstra 2021-09-23 950 goto out;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 951
85dc28fa4ec058 Peter Zijlstra 2021-09-23 952 retry_private:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 953 hb = futex_q_lock(&q);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 954
85dc28fa4ec058 Peter Zijlstra 2021-09-23 955 ret = futex_lock_pi_atomic(uaddr, hb, &q.key, &q.pi_state, current,
85dc28fa4ec058 Peter Zijlstra 2021-09-23 956 &exiting, 0);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 957 if (unlikely(ret)) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23 958 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 959 * Atomic work succeeded and we got the lock,
85dc28fa4ec058 Peter Zijlstra 2021-09-23 960 * or failed. Either way, we do _not_ block.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 961 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 962 switch (ret) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23 963 case 1:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 964 /* We got the lock. */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 965 ret = 0;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 966 goto out_unlock_put_key;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 967 case -EFAULT:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 968 goto uaddr_faulted;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 969 case -EBUSY:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 970 case -EAGAIN:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 971 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 972 * Two reasons for this:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 973 * - EBUSY: Task is exiting and we just wait for the
85dc28fa4ec058 Peter Zijlstra 2021-09-23 974 * exit to complete.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 975 * - EAGAIN: The user space value changed.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 976 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 977 futex_q_unlock(hb);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 978 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 979 * Handle the case where the owner is in the middle of
85dc28fa4ec058 Peter Zijlstra 2021-09-23 980 * exiting. Wait for the exit to complete otherwise
85dc28fa4ec058 Peter Zijlstra 2021-09-23 981 * this task might loop forever, aka. live lock.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 982 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 983 wait_for_owner_exiting(ret, exiting);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 984 cond_resched();
85dc28fa4ec058 Peter Zijlstra 2021-09-23 985 goto retry;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 986 default:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 987 goto out_unlock_put_key;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 988 }
85dc28fa4ec058 Peter Zijlstra 2021-09-23 989 }
85dc28fa4ec058 Peter Zijlstra 2021-09-23 990
85dc28fa4ec058 Peter Zijlstra 2021-09-23 991 WARN_ON(!q.pi_state);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 992
85dc28fa4ec058 Peter Zijlstra 2021-09-23 993 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 994 * Only actually queue now that the atomic ops are done:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 995 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 996 __futex_queue(&q, hb);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 997
85dc28fa4ec058 Peter Zijlstra 2021-09-23 998 if (trylock) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23 999 ret = rt_mutex_futex_trylock(&q.pi_state->pi_mutex);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1000 /* Fixup the trylock return value: */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1001 ret = ret ? 0 : -EWOULDBLOCK;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1002 goto no_block;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1003 }
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1004
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1005 rt_mutex_init_waiter(&rt_waiter);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1006
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1007 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1008 * On PREEMPT_RT_FULL, when hb->lock becomes an rt_mutex, we must not
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1009 * hold it while doing rt_mutex_start_proxy(), because then it will
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1010 * include hb->lock in the blocking chain, even through we'll not in
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1011 * fact hold it while blocking. This will lead it to report -EDEADLK
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1012 * and BUG when futex_unlock_pi() interleaves with this.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1013 *
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1014 * Therefore acquire wait_lock while holding hb->lock, but drop the
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1015 * latter before calling __rt_mutex_start_proxy_lock(). This
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1016 * interleaves with futex_unlock_pi() -- which does a similar lock
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1017 * handoff -- such that the latter can observe the futex_q::pi_state
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1018 * before __rt_mutex_start_proxy_lock() is done.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1019 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1020 raw_spin_lock_irq(&q.pi_state->pi_mutex.wait_lock);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1021 spin_unlock(q.lock_ptr);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1022 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1023 * __rt_mutex_start_proxy_lock() unconditionally enqueues the @rt_waiter
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1024 * such that futex_unlock_pi() is guaranteed to observe the waiter when
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1025 * it sees the futex_q::pi_state.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1026 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1027 ret = __rt_mutex_start_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter, current);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1028 raw_spin_unlock_irq(&q.pi_state->pi_mutex.wait_lock);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1029
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1030 if (ret) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1031 if (ret == 1)
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1032 ret = 0;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1033 goto cleanup;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1034 }
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1035
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1036 if (unlikely(to))
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1037 hrtimer_sleeper_start_expires(to, HRTIMER_MODE_ABS);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1038
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1039 ret = rt_mutex_wait_proxy_lock(&q.pi_state->pi_mutex, to, &rt_waiter);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1040
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1041 cleanup:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1042 spin_lock(q.lock_ptr);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1043 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1044 * If we failed to acquire the lock (deadlock/signal/timeout), we must
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1045 * first acquire the hb->lock before removing the lock from the
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1046 * rt_mutex waitqueue, such that we can keep the hb and rt_mutex wait
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1047 * lists consistent.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1048 *
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1049 * In particular; it is important that futex_unlock_pi() can not
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1050 * observe this inconsistency.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1051 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1052 if (ret && !rt_mutex_cleanup_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter))
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1053 ret = 0;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1054
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1055 no_block:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1056 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1057 * Fixup the pi_state owner and possibly acquire the lock if we
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1058 * haven't already.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1059 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1060 res = fixup_pi_owner(uaddr, &q, !ret);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1061 /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1062 * If fixup_pi_owner() returned an error, propagate that. If it acquired
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1063 * the lock, clear our -ETIMEDOUT or -EINTR.
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1064 */
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1065 if (res)
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1066 ret = (res < 0) ? res : 0;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1067
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1068 futex_unqueue_pi(&q);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1069 spin_unlock(q.lock_ptr);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1070 goto out;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1071
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1072 out_unlock_put_key:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1073 futex_q_unlock(hb);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1074
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1075 out:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1076 if (to) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1077 hrtimer_cancel(&to->timer);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1078 destroy_hrtimer_on_stack(&to->timer);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1079 }
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1080 return ret != -EINTR ? ret : -ERESTARTNOINTR;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1081
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1082 uaddr_faulted:
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1083 futex_q_unlock(hb);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1084
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1085 ret = fault_in_user_writeable(uaddr);
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1086 if (ret)
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1087 goto out;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1088
85dc28fa4ec058 Peter Zijlstra 2021-09-23 @1089 if (!(flags & FLAGS_SHARED))
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1090 goto retry_private;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1091
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1092 goto retry;
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1093 }
85dc28fa4ec058 Peter Zijlstra 2021-09-23 1094
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 36790 bytes --]
next reply other threads:[~2021-11-18 1:13 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-18 1:13 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-11-18 17:43 kernel/futex/pi.c:1089 futex_lock_pi() warn: bitwise AND condition is false here kernel test robot
2021-11-18 6:30 kernel test robot
2021-11-17 13:43 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202111180945.bMDaUQcp-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.