From: kernel test robot <lkp@intel.com>
To: David Howells <dhowells@redhat.com>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev
Subject: [dhowells-fs:splice-fix-corruption 1/4] mm/filemap.c:2848:17: warning: comparison of distinct pointer types ('typeof ((typeof ((1UL << 18) - src_offset % (1UL << 18)))__builtin_choose_expr(((!!(sizeof ((typeof ((1UL << 18) - src_offset % (1UL << 18)) *)1 == (typeof ((1UL << 18) - dst_offset % (...
Date: Fri, 30 Jun 2023 02:26:26 +0800 [thread overview]
Message-ID: <202306300201.MxUr8OYn-lkp@intel.com> (raw)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git splice-fix-corruption
head: b7635ac359c8d2a679e0c0bd9bf7acab652ff3fb
commit: 018eeae5c2f650da68338bfc464de887af53ff1f [1/4] splice: Fix corruption of spliced data after splice() returns
config: hexagon-randconfig-r041-20230629 (https://download.01.org/0day-ci/archive/20230630/202306300201.MxUr8OYn-lkp@intel.com/config)
compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project.git 4a5ac14ee968ff0ad5d2cc1ffa0299048db4c88a)
reproduce: (https://download.01.org/0day-ci/archive/20230630/202306300201.MxUr8OYn-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202306300201.MxUr8OYn-lkp@intel.com/
All warnings (new ones prefixed by >>):
In file included from mm/filemap.c:20:
In file included from include/linux/kernel_stat.h:9:
In file included from include/linux/interrupt.h:11:
In file included from include/linux/hardirq.h:11:
In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
In file included from include/asm-generic/hardirq.h:17:
In file included from include/linux/irq.h:20:
In file included from include/linux/io.h:13:
In file included from arch/hexagon/include/asm/io.h:334:
include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
547 | val = __raw_readb(PCI_IOBASE + addr);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
560 | val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
| ~~~~~~~~~~ ^
include/uapi/linux/byteorder/little_endian.h:37:51: note: expanded from macro '__le16_to_cpu'
37 | #define __le16_to_cpu(x) ((__force __u16)(__le16)(x))
| ^
In file included from mm/filemap.c:20:
In file included from include/linux/kernel_stat.h:9:
In file included from include/linux/interrupt.h:11:
In file included from include/linux/hardirq.h:11:
In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
In file included from include/asm-generic/hardirq.h:17:
In file included from include/linux/irq.h:20:
In file included from include/linux/io.h:13:
In file included from arch/hexagon/include/asm/io.h:334:
include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
573 | val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
| ~~~~~~~~~~ ^
include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__le32_to_cpu'
35 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x))
| ^
In file included from mm/filemap.c:20:
In file included from include/linux/kernel_stat.h:9:
In file included from include/linux/interrupt.h:11:
In file included from include/linux/hardirq.h:11:
In file included from ./arch/hexagon/include/generated/asm/hardirq.h:1:
In file included from include/asm-generic/hardirq.h:17:
In file included from include/linux/irq.h:20:
In file included from include/linux/io.h:13:
In file included from arch/hexagon/include/asm/io.h:334:
include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
584 | __raw_writeb(value, PCI_IOBASE + addr);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
594 | __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
| ~~~~~~~~~~ ^
include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
604 | __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
| ~~~~~~~~~~ ^
>> mm/filemap.c:2848:17: warning: comparison of distinct pointer types ('typeof ((typeof ((1UL << 18) - src_offset % (1UL << 18)))__builtin_choose_expr(((!!(sizeof ((typeof ((1UL << 18) - src_offset % (1UL << 18)) *)1 == (typeof ((1UL << 18) - dst_offset % (1UL << 18)) *)1))) && ((sizeof(int) == sizeof (*(8 ? ((void *)((long)((1UL << 18) - src_offset % (1UL << 18)) * 0L)) : (int *)8))) && (sizeof(int) == sizeof (*(8 ? ((void *)((long)((1UL << 18) - dst_offset % (1UL << 18)) * 0L)) : (int *)8))))), (((1UL << 18) - src_offset % (1UL << 18)) < ((1UL << 18) - dst_offset % (1UL << 18)) ? ((1UL << 18) - src_offset % (1UL << 18)) : ((1UL << 18) - dst_offset % (1UL << 18))), ({
typeof ((1UL << 18) - src_offset % (1UL << 18)) __UNIQUE_ID___x324 = ((1UL << 18) - src_offset % (1UL << 18));
typeof ((1UL << 18) - dst_offset % (1UL << 18)) __UNIQUE_ID___y325 = ((1UL << 18) - dst_offset % (1UL << 18));
((__UNIQUE_ID___x324) < (__UNIQUE_ID___y325) ? (__UNIQUE_ID___x324) : (__UNIQUE_ID___y325));
}))) *' (aka 'unsigned long *') and 'typeof (size) *' (aka 'unsigned int *')) [-Wcompare-distinct-pointer-types]
2848 | size_t part = min3(PAGE_SIZE - src_offset % PAGE_SIZE,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2849 | PAGE_SIZE - dst_offset % PAGE_SIZE,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2850 | size);
| ~~~~~
include/linux/minmax.h:82:23: note: expanded from macro 'min3'
82 | #define min3(x, y, z) min((typeof(x))min(x, y), z)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:67:19: note: expanded from macro 'min'
67 | #define min(x, y) __careful_cmp(x, y, <)
| ^~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:36:24: note: expanded from macro '__careful_cmp'
36 | __builtin_choose_expr(__safe_cmp(x, y), \
| ^~~~~~~~~~~~~~~~
include/linux/minmax.h:26:4: note: expanded from macro '__safe_cmp'
26 | (__typecheck(x, y) && __no_side_effects(x, y))
| ^~~~~~~~~~~~~~~~~
include/linux/minmax.h:20:28: note: expanded from macro '__typecheck'
20 | (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
| ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
>> mm/filemap.c:2916:9: warning: comparison of distinct pointer types ('typeof (size) *' (aka 'unsigned int *') and 'typeof ((1UL << 18) - offset % (1UL << 18)) *' (aka 'unsigned long *')) [-Wcompare-distinct-pointer-types]
2916 | size = min(size, PAGE_SIZE - offset % PAGE_SIZE);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:67:19: note: expanded from macro 'min'
67 | #define min(x, y) __careful_cmp(x, y, <)
| ^~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:36:24: note: expanded from macro '__careful_cmp'
36 | __builtin_choose_expr(__safe_cmp(x, y), \
| ^~~~~~~~~~~~~~~~
include/linux/minmax.h:26:4: note: expanded from macro '__safe_cmp'
26 | (__typecheck(x, y) && __no_side_effects(x, y))
| ^~~~~~~~~~~~~~~~~
include/linux/minmax.h:20:28: note: expanded from macro '__typecheck'
20 | (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
| ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
8 warnings generated.
vim +2848 mm/filemap.c
2840
2841 static inline void copy_folio_to_folio(struct folio *src, size_t src_offset,
2842 struct folio *dst, size_t dst_offset,
2843 size_t size)
2844 {
2845 void *p, *q;
2846
2847 while (size > 0) {
> 2848 size_t part = min3(PAGE_SIZE - src_offset % PAGE_SIZE,
2849 PAGE_SIZE - dst_offset % PAGE_SIZE,
2850 size);
2851
2852 p = kmap_local_folio(src, src_offset);
2853 q = kmap_local_folio(dst, dst_offset);
2854 memcpy(q, p, part);
2855 kunmap_local(p);
2856 kunmap_local(q);
2857 src_offset += part;
2858 dst_offset += part;
2859 size -= part;
2860 }
2861 }
2862
2863 /*
2864 * Splice data from a folio into a pipe. The folio is stolen if no one else is
2865 * using it and copied otherwise. We can't put the folio into the pipe still
2866 * attached to the pagecache as that allows someone to modify it after the
2867 * splice.
2868 */
2869 ssize_t splice_folio_into_pipe(struct pipe_inode_info *pipe,
2870 struct folio *folio, loff_t fpos, size_t size)
2871 {
2872 struct address_space *mapping;
2873 struct folio *copy = NULL;
2874 struct page *page;
2875 unsigned int flags = 0;
2876 ssize_t ret;
2877 size_t spliced = 0, offset = offset_in_folio(folio, fpos);
2878
2879 folio_lock(folio);
2880
2881 mapping = folio_mapping(folio);
2882 ret = -ENODATA;
2883 if (!folio->mapping)
2884 goto err_unlock; /* Truncated */
2885 ret = -EIO;
2886 if (!folio_test_uptodate(folio))
2887 goto err_unlock;
2888
2889 /*
2890 * At least for ext2 with nobh option, we need to wait on writeback
2891 * completing on this folio, since we'll remove it from the pagecache.
2892 * Otherwise truncate wont wait on the folio, allowing the disk blocks
2893 * to be reused by someone else before we actually wrote our data to
2894 * them. fs corruption ensues.
2895 */
2896 folio_wait_writeback(folio);
2897
2898 if (folio_has_private(folio) &&
2899 !filemap_release_folio(folio, GFP_KERNEL))
2900 goto need_copy;
2901
2902 /* If we succeed in removing the mapping, set LRU flag and add it. */
2903 if (remove_mapping(mapping, folio)) {
2904 folio_unlock(folio);
2905 flags = PIPE_BUF_FLAG_LRU;
2906 goto add_to_pipe;
2907 }
2908
2909 need_copy:
2910 folio_unlock(folio);
2911
2912 copy = folio_alloc(GFP_KERNEL, 0);
2913 if (!copy)
2914 return -ENOMEM;
2915
> 2916 size = min(size, PAGE_SIZE - offset % PAGE_SIZE);
2917 copy_folio_to_folio(folio, offset, copy, 0, size);
2918 folio = copy;
2919 offset = 0;
2920
2921 add_to_pipe:
2922 page = folio_page(folio, offset / PAGE_SIZE);
2923 size = min(size, folio_size(folio) - offset);
2924 offset %= PAGE_SIZE;
2925
2926 while (spliced < size &&
2927 !pipe_full(pipe->head, pipe->tail, pipe->max_usage)) {
2928 struct pipe_buffer *buf = pipe_head_buf(pipe);
2929 size_t part = min_t(size_t, PAGE_SIZE - offset, size - spliced);
2930
2931 *buf = (struct pipe_buffer) {
2932 .ops = &page_cache_pipe_buf_ops,
2933 .page = page,
2934 .offset = offset,
2935 .len = part,
2936 .flags = flags,
2937 };
2938 folio_get(folio);
2939 pipe->head++;
2940 page++;
2941 spliced += part;
2942 offset = 0;
2943 }
2944
2945 if (copy)
2946 folio_put(copy);
2947 return spliced;
2948
2949 err_unlock:
2950 folio_unlock(folio);
2951 return ret;
2952 }
2953
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2023-06-29 18:27 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202306300201.MxUr8OYn-lkp@intel.com \
--to=lkp@intel.com \
--cc=dhowells@redhat.com \
--cc=llvm@lists.linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.