[kbuild] kernel/futex/pi.c:1089 futex_lock_pi() warn: bitwise AND condition is false here

[kernel test robot]

CC: kbuild-...@lists.01.org
CC: linux-ker...@vger.kernel.org
TO: Peter Zijlstra <pet...@infradead.org>
CC: "André Almeida" <andrealm...@collabora.com>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 
master
head:   42eb8fdac2fc5d62392dcfcf0253753e821a97b0
commit: 85dc28fa4ec058645c29bda952d901b29dfaa0b0 futex: Split out PI futex
date:   6 weeks ago
:::::: branch date: 7 hours ago
:::::: commit date: 6 weeks ago
config: m68k-randconfig-m031-20211117 (attached as .config)
compiler: m68k-linux-gcc (GCC) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <l...@intel.com>
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>

smatch warnings:
kernel/futex/pi.c:1089 futex_lock_pi() warn: bitwise AND condition is false here

vim +1089 kernel/futex/pi.c

85dc28fa4ec058 Peter Zijlstra 2021-09-23   920  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   921  /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23   922   * Userspace tried a 0 -> TID 
atomic transition of the futex value
85dc28fa4ec058 Peter Zijlstra 2021-09-23   923   * and failed. The kernel side 
here does the whole locking operation:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   924   * if there are waiters then it 
will block as a consequence of relying
85dc28fa4ec058 Peter Zijlstra 2021-09-23   925   * on rt-mutexes, it does PI, 
etc. (Due to races the kernel might see
85dc28fa4ec058 Peter Zijlstra 2021-09-23   926   * a 0 value of the futex too.).
85dc28fa4ec058 Peter Zijlstra 2021-09-23   927   *
85dc28fa4ec058 Peter Zijlstra 2021-09-23   928   * Also serves as futex 
trylock_pi()'ing, and due semantics.
85dc28fa4ec058 Peter Zijlstra 2021-09-23   929   */
85dc28fa4ec058 Peter Zijlstra 2021-09-23   930  int futex_lock_pi(u32 __user 
*uaddr, unsigned int flags, ktime_t *time, int trylock)
85dc28fa4ec058 Peter Zijlstra 2021-09-23   931  {
85dc28fa4ec058 Peter Zijlstra 2021-09-23   932          struct hrtimer_sleeper 
timeout, *to;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   933          struct task_struct 
*exiting = NULL;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   934          struct rt_mutex_waiter 
rt_waiter;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   935          struct 
futex_hash_bucket *hb;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   936          struct futex_q q = 
futex_q_init;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   937          int res, ret;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   938  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   939          if 
(!IS_ENABLED(CONFIG_FUTEX_PI))
85dc28fa4ec058 Peter Zijlstra 2021-09-23   940                  return -ENOSYS;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   941  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   942          if 
(refill_pi_state_cache())
85dc28fa4ec058 Peter Zijlstra 2021-09-23   943                  return -ENOMEM;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   944  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   945          to = 
futex_setup_timer(time, &timeout, flags, 0);
85dc28fa4ec058 Peter Zijlstra 2021-09-23   946  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   947  retry:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   948          ret = 
get_futex_key(uaddr, flags & FLAGS_SHARED, &q.key, FUTEX_WRITE);
85dc28fa4ec058 Peter Zijlstra 2021-09-23   949          if (unlikely(ret != 0))
85dc28fa4ec058 Peter Zijlstra 2021-09-23   950                  goto out;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   951  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   952  retry_private:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   953          hb = futex_q_lock(&q);
85dc28fa4ec058 Peter Zijlstra 2021-09-23   954  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   955          ret = 
futex_lock_pi_atomic(uaddr, hb, &q.key, &q.pi_state, current,
85dc28fa4ec058 Peter Zijlstra 2021-09-23   956                                  
   &exiting, 0);
85dc28fa4ec058 Peter Zijlstra 2021-09-23   957          if (unlikely(ret)) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23   958                  /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23   959                   * Atomic work 
succeeded and we got the lock,
85dc28fa4ec058 Peter Zijlstra 2021-09-23   960                   * or failed. 
Either way, we do _not_ block.
85dc28fa4ec058 Peter Zijlstra 2021-09-23   961                   */
85dc28fa4ec058 Peter Zijlstra 2021-09-23   962                  switch (ret) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23   963                  case 1:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   964                          /* We 
got the lock. */
85dc28fa4ec058 Peter Zijlstra 2021-09-23   965                          ret = 0;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   966                          goto 
out_unlock_put_key;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   967                  case -EFAULT:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   968                          goto 
uaddr_faulted;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   969                  case -EBUSY:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   970                  case -EAGAIN:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   971                          /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23   972                           * Two 
reasons for this:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   973                           * - 
EBUSY: Task is exiting and we just wait for the
85dc28fa4ec058 Peter Zijlstra 2021-09-23   974                           *   
exit to complete.
85dc28fa4ec058 Peter Zijlstra 2021-09-23   975                           * - 
EAGAIN: The user space value changed.
85dc28fa4ec058 Peter Zijlstra 2021-09-23   976                           */
85dc28fa4ec058 Peter Zijlstra 2021-09-23   977                          
futex_q_unlock(hb);
85dc28fa4ec058 Peter Zijlstra 2021-09-23   978                          /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23   979                           * 
Handle the case where the owner is in the middle of
85dc28fa4ec058 Peter Zijlstra 2021-09-23   980                           * 
exiting. Wait for the exit to complete otherwise
85dc28fa4ec058 Peter Zijlstra 2021-09-23   981                           * this 
task might loop forever, aka. live lock.
85dc28fa4ec058 Peter Zijlstra 2021-09-23   982                           */
85dc28fa4ec058 Peter Zijlstra 2021-09-23   983                          
wait_for_owner_exiting(ret, exiting);
85dc28fa4ec058 Peter Zijlstra 2021-09-23   984                          
cond_resched();
85dc28fa4ec058 Peter Zijlstra 2021-09-23   985                          goto 
retry;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   986                  default:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   987                          goto 
out_unlock_put_key;
85dc28fa4ec058 Peter Zijlstra 2021-09-23   988                  }
85dc28fa4ec058 Peter Zijlstra 2021-09-23   989          }
85dc28fa4ec058 Peter Zijlstra 2021-09-23   990  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   991          WARN_ON(!q.pi_state);
85dc28fa4ec058 Peter Zijlstra 2021-09-23   992  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   993          /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23   994           * Only actually queue 
now that the atomic ops are done:
85dc28fa4ec058 Peter Zijlstra 2021-09-23   995           */
85dc28fa4ec058 Peter Zijlstra 2021-09-23   996          __futex_queue(&q, hb);
85dc28fa4ec058 Peter Zijlstra 2021-09-23   997  
85dc28fa4ec058 Peter Zijlstra 2021-09-23   998          if (trylock) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23   999                  ret = 
rt_mutex_futex_trylock(&q.pi_state->pi_mutex);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1000                  /* Fixup the 
trylock return value: */
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1001                  ret = ret ? 0 : 
-EWOULDBLOCK;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1002                  goto no_block;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1003          }
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1004  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1005          
rt_mutex_init_waiter(&rt_waiter);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1006  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1007          /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1008           * On PREEMPT_RT_FULL, 
when hb->lock becomes an rt_mutex, we must not
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1009           * hold it while doing 
rt_mutex_start_proxy(), because then it will
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1010           * include hb->lock in 
the blocking chain, even through we'll not in
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1011           * fact hold it while 
blocking. This will lead it to report -EDEADLK
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1012           * and BUG when 
futex_unlock_pi() interleaves with this.
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1013           *
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1014           * Therefore acquire 
wait_lock while holding hb->lock, but drop the
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1015           * latter before 
calling __rt_mutex_start_proxy_lock(). This
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1016           * interleaves with 
futex_unlock_pi() -- which does a similar lock
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1017           * handoff -- such that 
the latter can observe the futex_q::pi_state
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1018           * before 
__rt_mutex_start_proxy_lock() is done.
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1019           */
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1020          
raw_spin_lock_irq(&q.pi_state->pi_mutex.wait_lock);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1021          spin_unlock(q.lock_ptr);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1022          /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1023           * 
__rt_mutex_start_proxy_lock() unconditionally enqueues the @rt_waiter
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1024           * such that 
futex_unlock_pi() is guaranteed to observe the waiter when
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1025           * it sees the 
futex_q::pi_state.
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1026           */
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1027          ret = 
__rt_mutex_start_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter, current);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1028          
raw_spin_unlock_irq(&q.pi_state->pi_mutex.wait_lock);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1029  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1030          if (ret) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1031                  if (ret == 1)
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1032                          ret = 0;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1033                  goto cleanup;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1034          }
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1035  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1036          if (unlikely(to))
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1037                  
hrtimer_sleeper_start_expires(to, HRTIMER_MODE_ABS);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1038  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1039          ret = 
rt_mutex_wait_proxy_lock(&q.pi_state->pi_mutex, to, &rt_waiter);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1040  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1041  cleanup:
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1042          spin_lock(q.lock_ptr);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1043          /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1044           * If we failed to 
acquire the lock (deadlock/signal/timeout), we must
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1045           * first acquire the 
hb->lock before removing the lock from the
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1046           * rt_mutex waitqueue, 
such that we can keep the hb and rt_mutex wait
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1047           * lists consistent.
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1048           *
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1049           * In particular; it is 
important that futex_unlock_pi() can not
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1050           * observe this 
inconsistency.
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1051           */
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1052          if (ret && 
!rt_mutex_cleanup_proxy_lock(&q.pi_state->pi_mutex, &rt_waiter))
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1053                  ret = 0;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1054  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1055  no_block:
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1056          /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1057           * Fixup the pi_state 
owner and possibly acquire the lock if we
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1058           * haven't already.
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1059           */
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1060          res = 
fixup_pi_owner(uaddr, &q, !ret);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1061          /*
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1062           * If fixup_pi_owner() 
returned an error, propagate that.  If it acquired
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1063           * the lock, clear our 
-ETIMEDOUT or -EINTR.
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1064           */
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1065          if (res)
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1066                  ret = (res < 0) 
? res : 0;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1067  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1068          futex_unqueue_pi(&q);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1069          spin_unlock(q.lock_ptr);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1070          goto out;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1071  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1072  out_unlock_put_key:
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1073          futex_q_unlock(hb);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1074  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1075  out:
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1076          if (to) {
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1077                  
hrtimer_cancel(&to->timer);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1078                  
destroy_hrtimer_on_stack(&to->timer);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1079          }
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1080          return ret != -EINTR ? 
ret : -ERESTARTNOINTR;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1081  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1082  uaddr_faulted:
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1083          futex_q_unlock(hb);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1084  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1085          ret = 
fault_in_user_writeable(uaddr);
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1086          if (ret)
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1087                  goto out;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1088  
85dc28fa4ec058 Peter Zijlstra 2021-09-23 @1089          if (!(flags & 
FLAGS_SHARED))
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1090                  goto 
retry_private;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1091  
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1092          goto retry;
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1093  }
85dc28fa4ec058 Peter Zijlstra 2021-09-23  1094  

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-...@lists.01.org

.config.gz
Description: application/gzip

_______________________________________________
kbuild mailing list -- kbuild@lists.01.org
To unsubscribe send an email to kbuild-le...@lists.01.org