Re: [linux-next:master 1589/1892] fs/proc/task_mmu.c:143:45: sparse: sparse: incorrect type in argument 1 (different address spaces)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Jan 25, 2024 at 2:23 AM kernel test robot <lkp@xxxxxxxxx> wrote:
>
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head:   01af33cc9894b4489fb68fa35c40e9fe85df63dc
> commit: 0c30c4cd953025979b7689e49844837f762303ec [1589/1892] mm/maps: read proc/pid/maps under RCU
> config: x86_64-randconfig-121-20240125 (https://download.01.org/0day-ci/archive/20240125/202401251829.0m6Eo4LI-lkp@xxxxxxxxx/config)
> compiler: clang version 17.0.6 (https://github.com/llvm/llvm-project 6009708b4367171ccdbf4b5905cb6a803753fe18)
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240125/202401251829.0m6Eo4LI-lkp@xxxxxxxxx/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@xxxxxxxxx>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202401251829.0m6Eo4LI-lkp@xxxxxxxxx/
>
> sparse warnings: (new ones prefixed by >>)
> >> fs/proc/task_mmu.c:143:45: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct file [noderef] __rcu **f @@     got struct file ** @@

Uh, this is a problem.
I missed that get_file_rcu() is used only with mm->exe_file and
vma->vm_file is not really RCU-safe. It's freed via a call to fput()
which schedules its freeing using schedule_delayed_work(..., 1) but I
don't think that constitutes RCU grace period. Paul, Matthew, could
you please confirm? In the meantime I'm going to ask Andrew to remove
my patchset from mm-unstable to be safe.


>    fs/proc/task_mmu.c:143:45: sparse:     expected struct file [noderef] __rcu **f
>    fs/proc/task_mmu.c:143:45: sparse:     got struct file **
>    fs/proc/task_mmu.c: note: in included file (through include/linux/rbtree.h, include/linux/mm_types.h, include/linux/mmzone.h, ...):
>    include/linux/rcupdate.h:781:9: sparse: sparse: context imbalance in 'get_vma_snapshot' - unexpected unlock
>    fs/proc/task_mmu.c:264:22: sparse: sparse: context imbalance in 'm_start' - different lock contexts for basic block
>    include/linux/rcupdate.h:781:9: sparse: sparse: context imbalance in 'm_stop' - unexpected unlock
>    include/linux/rcupdate.h:781:9: sparse: sparse: context imbalance in 'smaps_pte_range' - unexpected unlock
>    include/linux/rcupdate.h:781:9: sparse: sparse: context imbalance in 'clear_refs_pte_range' - unexpected unlock
>    include/linux/rcupdate.h:781:9: sparse: sparse: context imbalance in 'pagemap_pmd_range' - unexpected unlock
>    include/linux/rcupdate.h:781:9: sparse: sparse: context imbalance in 'pagemap_scan_pmd_entry' - unexpected unlock
>    fs/proc/task_mmu.c: note: in included file (through arch/x86/include/asm/uaccess.h, include/linux/uaccess.h, include/linux/sched/task.h, ...):
>    arch/x86/include/asm/uaccess_64.h:88:24: sparse: sparse: cast removes address space '__user' of expression
>    arch/x86/include/asm/uaccess_64.h:88:24: sparse: sparse: cast removes address space '__user' of expression
>
> vim +143 fs/proc/task_mmu.c
>
>    132
>    133  /*
>    134   * Take VMA snapshot and pin vm_file and anon_name as they are used by
>    135   * show_map_vma.
>    136   */
>    137  static int get_vma_snapshot(struct proc_maps_private *priv, struct vm_area_struct *vma)
>    138  {
>    139          struct vm_area_struct *copy = &priv->vma_copy;
>    140          int ret = -EAGAIN;
>    141
>    142          memcpy(copy, vma, sizeof(*vma));
>  > 143          if (copy->vm_file && !get_file_rcu(&copy->vm_file))
>    144                  goto out;
>    145
>    146          if (!anon_vma_name_get_if_valid(copy))
>    147                  goto put_file;
>    148
>    149          if (priv->mm_wr_seq == mmap_write_seq_read(priv->mm))
>    150                  return 0;
>    151
>    152          /* Address space got modified, vma might be stale. Wait and retry. */
>    153          rcu_read_unlock();
>    154          ret = mmap_read_lock_killable(priv->mm);
>    155          mmap_write_seq_record(priv->mm, &priv->mm_wr_seq);
>    156          mmap_read_unlock(priv->mm);
>    157          rcu_read_lock();
>    158
>    159          if (!ret)
>    160                  ret = -EAGAIN; /* no other errors, ok to retry */
>    161
>    162          anon_vma_name_put_if_valid(copy);
>    163  put_file:
>    164          if (copy->vm_file)
>    165                  fput(copy->vm_file);
>    166  out:
>    167          return ret;
>    168  }
>    169
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux