[PATCH] epoll: fix sparse error on RCU assignment

[PATCH] epoll: fix sparse error on RCU assignment

[Eric Wong]

This fixes the following sparse error when using
CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"

  fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)

Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Eric Wong <normalperson@yhbt.net>
---
 Oleg: I found this error since I was working on an unrelated patch
 to convert wakeup_source users to RCU in epoll.  This was introduced
 in:

  commit 971316f0503a5c50633d07b83b6db2f15a3a5b00
  (epoll: ep_unregister_pollwait() can use the freed pwq->whead)

 fs/eventpoll.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 9fec183..1326409 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -228,7 +228,7 @@ struct eppoll_entry {
 	wait_queue_t wait;
 
 	/* The wait queue head that linked the "wait" wait queue item */
-	wait_queue_head_t *whead;
+	wait_queue_head_t __rcu *whead;
 };
 
 /* Wrapper struct used by poll queueing */
@@ -929,7 +929,7 @@ static int ep_poll_callback(wait_queue_t *wait, unsigned mode, int sync, void *k
 	struct eventpoll *ep = epi->ep;
 
 	if ((unsigned long)key & POLLFREE) {
-		ep_pwq_from_wait(wait)->whead = NULL;
+		RCU_INIT_POINTER(ep_pwq_from_wait(wait)->whead, NULL);
 		/*
 		 * whead = NULL above can race with ep_remove_wait_queue()
 		 * which can do another remove_wait_queue() after us, so we
@@ -1018,7 +1018,7 @@ static void ep_ptable_queue_proc(struct file *file, wait_queue_head_t *whead,
 
 	if (epi->nwait >= 0 && (pwq = kmem_cache_alloc(pwq_cache, GFP_KERNEL))) {
 		init_waitqueue_func_entry(&pwq->wait, ep_poll_callback);
-		pwq->whead = whead;
+		RCU_INIT_POINTER(pwq->whead, whead);
 		pwq->base = epi;
 		add_wait_queue(whead, &pwq->wait);
 		list_add_tail(&pwq->llink, &epi->pwqlist);
-- 
Eric Wong

Re: [PATCH] epoll: fix sparse error on RCU assignment

[Oleg Nesterov]

On 03/10, Eric Wong wrote:
>
> This fixes the following sparse error when using
> CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
>
>   fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)

ep_remove_wait_queue() does rcu_dereference(pwq->whead) and
rcu_dereference_sparse(__rcu) complains, I guess.

> --- a/fs/eventpoll.c
> +++ b/fs/eventpoll.c
> @@ -228,7 +228,7 @@ struct eppoll_entry {
>  	wait_queue_t wait;
>
>  	/* The wait queue head that linked the "wait" wait queue item */
> -	wait_queue_head_t *whead;
> +	wait_queue_head_t __rcu *whead;

Well, perhaps this change is fine... but otoh this this a bit misleading.
It is not actually __rcu. The special case is sighand->signalfd_wqh, and
the commemt in ep_remove_wait_queue() means: if ->whead is not stable then
we can only race with signalfd_cleanup(), and rcu_read_lock() ensures this
memory can't go away.

We do not even need smp_read_barrier_depends() here, ACCESS_ONCE() should
be enough.

Perhaps it would be better to simply shut up this warning somehow...

>  };
>
>  /* Wrapper struct used by poll queueing */
> @@ -929,7 +929,7 @@ static int ep_poll_callback(wait_queue_t *wait, unsigned mode, int sync, void *k
>  	struct eventpoll *ep = epi->ep;
>
>  	if ((unsigned long)key & POLLFREE) {
> -		ep_pwq_from_wait(wait)->whead = NULL;
> +		RCU_INIT_POINTER(ep_pwq_from_wait(wait)->whead, NULL);
>  		/*
>  		 * whead = NULL above can race with ep_remove_wait_queue()
>  		 * which can do another remove_wait_queue() after us, so we
> @@ -1018,7 +1018,7 @@ static void ep_ptable_queue_proc(struct file *file, wait_queue_head_t *whead,
>
>  	if (epi->nwait >= 0 && (pwq = kmem_cache_alloc(pwq_cache, GFP_KERNEL))) {
>  		init_waitqueue_func_entry(&pwq->wait, ep_poll_callback);
> -		pwq->whead = whead;
> +		RCU_INIT_POINTER(pwq->whead, whead);
>  		pwq->base = epi;
>  		add_wait_queue(whead, &pwq->wait);
>  		list_add_tail(&pwq->llink, &epi->pwqlist);
> -- 
> Eric Wong

Re: [PATCH] epoll: fix sparse error on RCU assignment

[Eric Wong]

Oleg Nesterov <oleg@redhat.com> wrote:
> On 03/10, Eric Wong wrote:
> >
> > This fixes the following sparse error when using
> > CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
> >
> >   fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)
> 
> ep_remove_wait_queue() does rcu_dereference(pwq->whead) and
> rcu_dereference_sparse(__rcu) complains, I guess.
> 
> > --- a/fs/eventpoll.c
> > +++ b/fs/eventpoll.c
> > @@ -228,7 +228,7 @@ struct eppoll_entry {
> >  	wait_queue_t wait;
> >
> >  	/* The wait queue head that linked the "wait" wait queue item */
> > -	wait_queue_head_t *whead;
> > +	wait_queue_head_t __rcu *whead;
> 
> Well, perhaps this change is fine... but otoh this this a bit misleading.
> It is not actually __rcu. The special case is sighand->signalfd_wqh, and
> the commemt in ep_remove_wait_queue() means: if ->whead is not stable then
> we can only race with signalfd_cleanup(), and rcu_read_lock() ensures this
> memory can't go away.
> 
> We do not even need smp_read_barrier_depends() here, ACCESS_ONCE() should
> be enough.
> 
> Perhaps it would be better to simply shut up this warning somehow...

Hi, I've been hoping others would give a reply and offer a better
solution than min.

Without my proposed patch, sparse _errors_ out on me, so it prevent sparse
from reporting the many other warnings I create in my patches.

Re: [PATCH] epoll: fix sparse error on RCU assignment

[Oleg Nesterov]

On 03/14, Eric Wong wrote:
>
> Oleg Nesterov <oleg@redhat.com> wrote:
> > On 03/10, Eric Wong wrote:
> > >
> > > This fixes the following sparse error when using
> > > CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
> > >
> > >   fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)
> >
> > ep_remove_wait_queue() does rcu_dereference(pwq->whead) and
> > rcu_dereference_sparse(__rcu) complains, I guess.
> >
> > > --- a/fs/eventpoll.c
> > > +++ b/fs/eventpoll.c
> > > @@ -228,7 +228,7 @@ struct eppoll_entry {
> > >  	wait_queue_t wait;
> > >
> > >  	/* The wait queue head that linked the "wait" wait queue item */
> > > -	wait_queue_head_t *whead;
> > > +	wait_queue_head_t __rcu *whead;
> >
> > Well, perhaps this change is fine... but otoh this this a bit misleading.
> > It is not actually __rcu. The special case is sighand->signalfd_wqh, and
> > the commemt in ep_remove_wait_queue() means: if ->whead is not stable then
> > we can only race with signalfd_cleanup(), and rcu_read_lock() ensures this
> > memory can't go away.
> >
> > We do not even need smp_read_barrier_depends() here, ACCESS_ONCE() should
> > be enough.
> >
> > Perhaps it would be better to simply shut up this warning somehow...
>
> Hi, I've been hoping others would give a reply and offer a better
> solution than min.

Me too ;)

OK, probably we should use your patch, although personally I'd prefer
to simply shut up the warning, say

	- whead = rcu_dereference(pwq->whead);
	+ whead = rcu_dereference((void __rcu*)pwq->whead);

> Without my proposed patch, sparse _errors_ out on me,

it is only sparse...

But OK, I won't argue with you patch.

Oleg.

Re: [PATCH] epoll: fix sparse error on RCU assignment

[Eric Wong]

Oleg Nesterov <oleg@redhat.com> wrote:
> On 03/14, Eric Wong wrote:
> > Oleg Nesterov <oleg@redhat.com> wrote:
> > > On 03/10, Eric Wong wrote:
> > > >
> > > > This fixes the following sparse error when using
> > > > CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
> > > >
> > > >   fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)
> > >
> > > ep_remove_wait_queue() does rcu_dereference(pwq->whead) and
> > > rcu_dereference_sparse(__rcu) complains, I guess.
> > >
> > > > --- a/fs/eventpoll.c
> > > > +++ b/fs/eventpoll.c
> > > > @@ -228,7 +228,7 @@ struct eppoll_entry {
> > > >  	wait_queue_t wait;
> > > >
> > > >  	/* The wait queue head that linked the "wait" wait queue item */
> > > > -	wait_queue_head_t *whead;
> > > > +	wait_queue_head_t __rcu *whead;
> > >
> > > Well, perhaps this change is fine... but otoh this this a bit misleading.
> > > It is not actually __rcu. The special case is sighand->signalfd_wqh, and
> > > the commemt in ep_remove_wait_queue() means: if ->whead is not stable then
> > > we can only race with signalfd_cleanup(), and rcu_read_lock() ensures this
> > > memory can't go away.
> > >
> > > We do not even need smp_read_barrier_depends() here, ACCESS_ONCE() should
> > > be enough.
> > >
> > > Perhaps it would be better to simply shut up this warning somehow...
> >
> > Hi, I've been hoping others would give a reply and offer a better
> > solution than min.
> 
> Me too ;)
> 
> OK, probably we should use your patch, although personally I'd prefer
> to simply shut up the warning, say
> 
> 	- whead = rcu_dereference(pwq->whead);
> 	+ whead = rcu_dereference((void __rcu*)pwq->whead);

I just tried the above and it does not build:

$ make C=2 fs/eventpoll.o
make[1]: Nothing to be done for `all'.
make[1]: Nothing to be done for `relocs'.
  CHK     include/generated/uapi/linux/version.h
  CHK     include/generated/utsrelease.h
  CALL    scripts/checksyscalls.sh
  CHECK   scripts/mod/empty.c
  CHECK   fs/eventpoll.c
fs/eventpoll.c:516:17: error: not addressable
  CC      fs/eventpoll.o
fs/eventpoll.c: In function ‘ep_remove_wait_queue’:
fs/eventpoll.c:516: error: lvalue required as unary ‘&’ operand
make[1]: *** [fs/eventpoll.o] Error 1
make: *** [fs/eventpoll.o] Error 2

> > Without my proposed patch, sparse _errors_ out on me,
> 
> it is only sparse...
> 
> But OK, I won't argue with you patch.

Thanks.  I think my patch is the best way to address the issue and help
prevent myself from introducing new bugs while working on epoll.

I will continue to wait for comments from others.