pi.c:1089 futex_lock_pi() warn: bitwise AND condition is false here

kernel test robot Wed, 17 Nov 2021 05:45:08 -0800

CC: [email protected]
CC: [email protected]
TO: Peter Zijlstra <[email protected]>
CC: "André Almeida" <[email protected]>


tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 
master
head:   8ab774587903771821b59471cc723bba6d893942
commit: 85dc28fa4ec058645c29bda952d901b29dfaa0b0 futex: Split out PI futex
date:   6 weeks ago
:::::: branch date: 2 days ago
:::::: commit date: 6 weeks ago
config: m68k-randconfig-m031-20211117 (attached as .config)
compiler: m68k-linux-gcc (GCC) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>

smatch warnings:
kernel/futex/pi.c:1089 futex_lock_pi() warn: bitwise AND condition is false here

vim +1089 kernel/futex/pi.c

85dc28fa4ec0586 Peter Zijlstra 2021-09-23   920  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   921  /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   922   * Userspace tried a 0 -> TID 
atomic transition of the futex value
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   923   * and failed. The kernel side 
here does the whole locking operation:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   924   * if there are waiters then 
it will block as a consequence of relying
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   925   * on rt-mutexes, it does PI, 
etc. (Due to races the kernel might see
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   926   * a 0 value of the futex 
too.).
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   927   *
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   928   * Also serves as futex 
trylock_pi()'ing, and due semantics.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   929   */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   930  int futex_lock_pi(u32 __user 
*uaddr, unsigned int flags, ktime_t *time, int trylock)
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   931  {
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   932         struct hrtimer_sleeper 
timeout, *to;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   933         struct task_struct 
*exiting = NULL;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   934         struct rt_mutex_waiter 
rt_waiter;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   935         struct 
futex_hash_bucket *hb;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   936         struct futex_q q = 
futex_q_init;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   937         int res, ret;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   938  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   939         if 
(!IS_ENABLED(CONFIG_FUTEX_PI))
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   940                 return -ENOSYS;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   941  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   942         if 
(refill_pi_state_cache())
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   943                 return -ENOMEM;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   944  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   945         to = 
futex_setup_timer(time, &timeout, flags, 0);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   946  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   947  retry:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   948         ret = 
get_futex_key(uaddr, flags & FLAGS_SHARED, &q.key, FUTEX_WRITE);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   949         if (unlikely(ret != 0))
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   950                 goto out;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   951  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   952  retry_private:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   953         hb = futex_q_lock(&q);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   954  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   955         ret = 
futex_lock_pi_atomic(uaddr, hb, &q.key, &q.pi_state, current,
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   956                                 
   &exiting, 0);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   957         if (unlikely(ret)) {
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   958                 /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   959                  * Atomic work 
succeeded and we got the lock,
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   960                  * or failed. 
Either way, we do _not_ block.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   961                  */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   962                 switch (ret) {
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   963                 case 1:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   964                         /* We 
got the lock. */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   965                         ret = 0;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   966                         goto 
out_unlock_put_key;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   967                 case -EFAULT:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   968                         goto 
uaddr_faulted;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   969                 case -EBUSY:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   970                 case -EAGAIN:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   971                         /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   972                          * Two 
reasons for this:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   973                          * - 
EBUSY: Task is exiting and we just wait for the
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   974                          *   
exit to complete.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   975                          * - 
EAGAIN: The user space value changed.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   976                          */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   977                         
futex_q_unlock(hb);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   978                         /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   979                          * 
Handle the case where the owner is in the middle of
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   980                          * 
exiting. Wait for the exit to complete otherwise
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   981                          * this 
task might loop forever, aka. live lock.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   982                          */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   983                         
wait_for_owner_exiting(ret, exiting);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   984                         
cond_resched();
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   985                         goto 
retry;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   986                 default:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   987                         goto 
out_unlock_put_key;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   988                 }
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   989         }
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   990  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   991         WARN_ON(!q.pi_state);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   992  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   993         /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   994          * Only actually queue 
now that the atomic ops are done:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   995          */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   996         __futex_queue(&q, hb);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   997  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   998         if (trylock) {
85dc28fa4ec0586 Peter Zijlstra 2021-09-23   999                 ret = 
rt_mutex_futex_trylock(&q.pi_state->pi_mutex);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1000                 /* Fixup the 
trylock return value: */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1001                 ret = ret ? 0 : 
-EWOULDBLOCK;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1002                 goto no_block;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1003         }
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1004  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1005         
rt_mutex_init_waiter(&rt_waiter);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1006  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1007         /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1008          * On PREEMPT_RT_FULL, 
when hb->lock becomes an rt_mutex, we must not
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1009          * hold it while doing 
rt_mutex_start_proxy(), because then it will
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1010          * include hb->lock in 
the blocking chain, even through we'll not in
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1011          * fact hold it while 
blocking. This will lead it to report -EDEADLK
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1012          * and BUG when 
futex_unlock_pi() interleaves with this.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1013          *
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1014          * Therefore acquire 
wait_lock while holding hb->lock, but drop the
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1015          * latter before 
calling __rt_mutex_start_proxy_lock(). This
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1016          * interleaves with 
futex_unlock_pi() -- which does a similar lock
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1017          * handoff -- such that 
the latter can observe the futex_q::pi_state
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1018          * before 
__rt_mutex_start_proxy_lock() is done.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1019          */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1020         
raw_spin_lock_irq(&q.pi_state->pi_mutex.wait_lock);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1021         spin_unlock(q.lock_ptr);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1022         /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1023          * 
__rt_mutex_start_proxy_lock() unconditionally enqueues the @rt_waiter
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1024          * such that 
futex_unlock_pi() is guaranteed to observe the waiter when
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1025          * it sees the 
futex_q::pi_state.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1026          */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1027         ret = 
__rt_mutex_start_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter, current);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1028         
raw_spin_unlock_irq(&q.pi_state->pi_mutex.wait_lock);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1029  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1030         if (ret) {
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1031                 if (ret == 1)
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1032                         ret = 0;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1033                 goto cleanup;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1034         }
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1035  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1036         if (unlikely(to))
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1037                 
hrtimer_sleeper_start_expires(to, HRTIMER_MODE_ABS);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1038  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1039         ret = 
rt_mutex_wait_proxy_lock(&q.pi_state->pi_mutex, to, &rt_waiter);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1040  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1041  cleanup:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1042         spin_lock(q.lock_ptr);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1043         /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1044          * If we failed to 
acquire the lock (deadlock/signal/timeout), we must
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1045          * first acquire the 
hb->lock before removing the lock from the
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1046          * rt_mutex waitqueue, 
such that we can keep the hb and rt_mutex wait
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1047          * lists consistent.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1048          *
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1049          * In particular; it is 
important that futex_unlock_pi() can not
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1050          * observe this 
inconsistency.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1051          */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1052         if (ret && 
!rt_mutex_cleanup_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter))
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1053                 ret = 0;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1054  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1055  no_block:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1056         /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1057          * Fixup the pi_state 
owner and possibly acquire the lock if we
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1058          * haven't already.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1059          */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1060         res = 
fixup_pi_owner(uaddr, &q, !ret);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1061         /*
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1062          * If fixup_pi_owner() 
returned an error, propagate that.  If it acquired
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1063          * the lock, clear our 
-ETIMEDOUT or -EINTR.
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1064          */
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1065         if (res)
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1066                 ret = (res < 0) 
? res : 0;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1067  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1068         futex_unqueue_pi(&q);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1069         spin_unlock(q.lock_ptr);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1070         goto out;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1071  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1072  out_unlock_put_key:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1073         futex_q_unlock(hb);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1074  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1075  out:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1076         if (to) {
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1077                 
hrtimer_cancel(&to->timer);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1078                 
destroy_hrtimer_on_stack(&to->timer);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1079         }
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1080         return ret != -EINTR ? 
ret : -ERESTARTNOINTR;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1081  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1082  uaddr_faulted:
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1083         futex_q_unlock(hb);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1084  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1085         ret = 
fault_in_user_writeable(uaddr);
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1086         if (ret)
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1087                 goto out;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1088  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23 @1089         if (!(flags & 
FLAGS_SHARED))
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1090                 goto 
retry_private;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1091  
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1092         goto retry;
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1093  }
85dc28fa4ec0586 Peter Zijlstra 2021-09-23  1094  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]

.config.gz
Description: application/gzip

_______________________________________________
kbuild mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[kbuild] kernel/futex/pi.c:1089 futex_lock_pi() warn: bitwise AND condition is false here

Reply via email to