CC: [email protected] CC: [email protected] In-Reply-To: <[email protected]> References: <[email protected]> TO: Pasha Tatashin <[email protected]> TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected]
Hi Pasha, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on hnaz-mm/master] [also build test WARNING on rostedt-trace/for-next geert-m68k/for-next linux/master linus/master v5.16-rc7 next-20211224] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Pasha-Tatashin/Hardening-page-_refcount/20211221-230439 base: https://github.com/hnaz/linux-mm master :::::: branch date: 12 days ago :::::: commit date: 12 days ago config: x86_64-randconfig-c007-20211231 (https://download.01.org/0day-ci/archive/20220102/[email protected]/config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 7cd109b92c72855937273a6c8ab19016fbe27d33) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/0day-ci/linux/commit/2add304c6e5eb6206507d871ccfd11349cc32586 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Pasha-Tatashin/Hardening-page-_refcount/20211221-230439 git checkout 2add304c6e5eb6206507d871ccfd11349cc32586 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) mm/page_alloc.c:5287:3: note: Taking false branch if (unlikely(!page)) { ^ mm/page_alloc.c:5296:7: note: Assuming 'page_list' is null if (page_list) ^~~~~~~~~ mm/page_alloc.c:5296:3: note: Taking false branch if (page_list) ^ mm/page_alloc.c:5299:29: note: Array access (from variable 'page_array') results in a null pointer dereference page_array[nr_populated] = page; ~~~~~~~~~~ ^ mm/page_alloc.c:5320:29: warning: Array access (from variable 'page_array') results in a null pointer dereference [clang-analyzer-core.NullDereference] page_array[nr_populated] = page; ~~~~~~~~~~ ^ mm/page_alloc.c:5205:9: note: Assuming 'page_array' is null while (page_array && nr_populated < nr_pages && page_array[nr_populated]) ^~~~~~~~~~ mm/page_alloc.c:5205:20: note: Left side of '&&' is false while (page_array && nr_populated < nr_pages && page_array[nr_populated]) ^ mm/page_alloc.c:5209:15: note: Assuming 'nr_pages' is > 0 if (unlikely(nr_pages <= 0)) ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ mm/page_alloc.c:5209:2: note: Taking false branch if (unlikely(nr_pages <= 0)) ^ mm/page_alloc.c:5213:15: note: 'page_array' is null if (unlikely(page_array && nr_pages - nr_populated == 0)) ^ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ mm/page_alloc.c:5213:26: note: Left side of '&&' is false if (unlikely(page_array && nr_pages - nr_populated == 0)) ^ mm/page_alloc.c:5213:2: note: Taking false branch if (unlikely(page_array && nr_pages - nr_populated == 0)) ^ mm/page_alloc.c:5217:6: note: Calling 'memcg_kmem_enabled' if (memcg_kmem_enabled() && (gfp & __GFP_ACCOUNT)) ^~~~~~~~~~~~~~~~~~~~ include/linux/memcontrol.h:1714:9: note: Left side of '&&' is false return static_branch_likely(&memcg_kmem_enabled_key); ^ include/linux/jump_label.h:507:49: note: expanded from macro 'static_branch_likely' #define static_branch_likely(x) likely_notrace(static_key_enabled(&(x)->key)) ^ include/linux/jump_label.h:416:67: note: expanded from macro 'static_key_enabled' if (!__builtin_types_compatible_p(typeof(*x), struct static_key) && \ ^ include/linux/memcontrol.h:1714:9: note: Assuming the condition is true return static_branch_likely(&memcg_kmem_enabled_key); ^ include/linux/jump_label.h:507:49: note: expanded from macro 'static_branch_likely' #define static_branch_likely(x) likely_notrace(static_key_enabled(&(x)->key)) ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/jump_label.h:420:2: note: expanded from macro 'static_key_enabled' static_key_count((struct static_key *)x) > 0; \ ^ include/linux/compiler.h:79:35: note: expanded from macro 'likely_notrace' # define likely_notrace(x) likely(x) ~~~~~~~^~ include/linux/compiler.h:77:40: note: expanded from macro 'likely' # define likely(x) __builtin_expect(!!(x), 1) ^ include/linux/memcontrol.h:1714:2: note: Returning the value 1, which participates in a condition later return static_branch_likely(&memcg_kmem_enabled_key); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mm/page_alloc.c:5217:6: note: Returning from 'memcg_kmem_enabled' if (memcg_kmem_enabled() && (gfp & __GFP_ACCOUNT)) ^~~~~~~~~~~~~~~~~~~~ mm/page_alloc.c:5217:6: note: Left side of '&&' is true mm/page_alloc.c:5217:31: note: Assuming the condition is true if (memcg_kmem_enabled() && (gfp & __GFP_ACCOUNT)) ^~~~~~~~~~~~~~~~~~~ mm/page_alloc.c:5217:2: note: Taking true branch if (memcg_kmem_enabled() && (gfp & __GFP_ACCOUNT)) ^ mm/page_alloc.c:5218:3: note: Control jumps to line 5315 goto failed; ^ mm/page_alloc.c:5316:6: note: Assuming 'page' is non-null if (page) { ^~~~ mm/page_alloc.c:5316:2: note: Taking true branch if (page) { ^ mm/page_alloc.c:5317:7: note: Assuming 'page_list' is null if (page_list) ^~~~~~~~~ mm/page_alloc.c:5317:3: note: Taking false branch if (page_list) ^ mm/page_alloc.c:5320:29: note: Array access (from variable 'page_array') results in a null pointer dereference page_array[nr_populated] = page; ~~~~~~~~~~ ^ >> mm/page_alloc.c:5559:3: warning: Value stored to 'refcnt' is never read >> [clang-analyzer-deadcode.DeadStores] refcnt = page_ref_add_return(page, PAGE_FRAG_CACHE_MAX_SIZE + 1); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mm/page_alloc.c:5559:3: note: Value stored to 'refcnt' is never read refcnt = page_ref_add_return(page, PAGE_FRAG_CACHE_MAX_SIZE + 1); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mm/page_alloc.c:8380:3: warning: Division by zero [clang-analyzer-core.DivideZero] do_div(tmp, lowmem_pages); ^ include/asm-generic/div64.h:48:26: note: expanded from macro 'do_div' __rem = ((uint64_t)(n)) % __base; \ ^ mm/page_alloc.c:8533:6: note: Assuming 'rc' is 0 if (rc) ^~ mm/page_alloc.c:8533:2: note: Taking false branch if (rc) ^ mm/page_alloc.c:8536:6: note: Assuming 'write' is not equal to 0 if (write) ^~~~~ mm/page_alloc.c:8536:2: note: Taking true branch if (write) ^ mm/page_alloc.c:8537:3: note: Calling 'setup_per_zone_wmarks' setup_per_zone_wmarks(); ^~~~~~~~~~~~~~~~~~~~~~~ mm/page_alloc.c:8437:2: note: Calling '__setup_per_zone_wmarks' __setup_per_zone_wmarks(); ^~~~~~~~~~~~~~~~~~~~~~~~~ mm/page_alloc.c:8365:2: note: 'lowmem_pages' initialized to 0 unsigned long lowmem_pages = 0; ^~~~~~~~~~~~~~~~~~~~~~~~~~ mm/page_alloc.c:8370:2: note: Loop condition is false. Execution continues on line 8375 for_each_zone(zone) { ^ include/linux/mmzone.h:1122:2: note: expanded from macro 'for_each_zone' for (zone = (first_online_pgdat())->node_zones; \ ^ mm/page_alloc.c:8375:2: note: Loop condition is true. Entering loop body for_each_zone(zone) { ^ include/linux/mmzone.h:1122:2: note: expanded from macro 'for_each_zone' for (zone = (first_online_pgdat())->node_zones; \ ^ mm/page_alloc.c:8378:3: note: Loop condition is false. Exiting loop spin_lock_irqsave(&zone->lock, flags); ^ include/linux/spinlock.h:397:2: note: expanded from macro 'spin_lock_irqsave' raw_spin_lock_irqsave(spinlock_check(lock), flags); \ ^ include/linux/spinlock.h:253:2: note: expanded from macro 'raw_spin_lock_irqsave' do { \ ^ mm/page_alloc.c:8378:3: note: Loop condition is false. Exiting loop spin_lock_irqsave(&zone->lock, flags); ^ include/linux/spinlock.h:395:43: note: expanded from macro 'spin_lock_irqsave' #define spin_lock_irqsave(lock, flags) \ ^ mm/page_alloc.c:8380:3: note: '__base' initialized to 0 do_div(tmp, lowmem_pages); ^ include/asm-generic/div64.h:46:2: note: expanded from macro 'do_div' uint32_t __base = (base); \ ^~~~~~~~~~~~~~~ mm/page_alloc.c:8380:3: note: Division by zero do_div(tmp, lowmem_pages); ^ include/asm-generic/div64.h:48:26: note: expanded from macro 'do_div' __rem = ((uint64_t)(n)) % __base; \ ~~~~~~~~~~~~~~~~^~~~~~~~ Suppressed 12 warnings (11 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 15 warnings generated. drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c:1489:2: warning: Value stored to 'r' is never read [clang-analyzer-deadcode.DeadStores] r = amdgpu_atomfirmware_get_vram_info(adev, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c:1489:2: note: Value stored to 'r' is never read r = amdgpu_atomfirmware_get_vram_info(adev, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 14 warnings (14 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 14 warnings generated. Suppressed 14 warnings (14 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 14 warnings generated. Suppressed 14 warnings (14 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 14 warnings generated. Suppressed 14 warnings (14 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 14 warnings generated. Suppressed 14 warnings (14 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 15 warnings generated. drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c:852:3: warning: Value stored to 'r' is never read [clang-analyzer-deadcode.DeadStores] r = amdgpu_atomfirmware_get_vram_info(adev, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c:852:3: note: Value stored to 'r' is never read r = amdgpu_atomfirmware_get_vram_info(adev, vim +/refcnt +5559 mm/page_alloc.c 44fdffd70504c1 Alexander Duyck 2016-12-14 5511 b358e2122b9d7a Kevin Hao 2021-02-04 5512 void *page_frag_alloc_align(struct page_frag_cache *nc, b358e2122b9d7a Kevin Hao 2021-02-04 5513 unsigned int fragsz, gfp_t gfp_mask, b358e2122b9d7a Kevin Hao 2021-02-04 5514 unsigned int align_mask) b63ae8ca096dfd Alexander Duyck 2015-05-06 5515 { b63ae8ca096dfd Alexander Duyck 2015-05-06 5516 unsigned int size = PAGE_SIZE; b63ae8ca096dfd Alexander Duyck 2015-05-06 5517 struct page *page; b63ae8ca096dfd Alexander Duyck 2015-05-06 5518 int offset; 2add304c6e5eb6 Pasha Tatashin 2021-12-21 5519 int refcnt; b63ae8ca096dfd Alexander Duyck 2015-05-06 5520 b63ae8ca096dfd Alexander Duyck 2015-05-06 5521 if (unlikely(!nc->va)) { b63ae8ca096dfd Alexander Duyck 2015-05-06 5522 refill: 2976db8018532b Alexander Duyck 2017-01-10 5523 page = __page_frag_cache_refill(nc, gfp_mask); b63ae8ca096dfd Alexander Duyck 2015-05-06 5524 if (!page) b63ae8ca096dfd Alexander Duyck 2015-05-06 5525 return NULL; b63ae8ca096dfd Alexander Duyck 2015-05-06 5526 b63ae8ca096dfd Alexander Duyck 2015-05-06 5527 #if (PAGE_SIZE < PAGE_FRAG_CACHE_MAX_SIZE) b63ae8ca096dfd Alexander Duyck 2015-05-06 5528 /* if size can vary use size else just use PAGE_SIZE */ b63ae8ca096dfd Alexander Duyck 2015-05-06 5529 size = nc->size; b63ae8ca096dfd Alexander Duyck 2015-05-06 5530 #endif b63ae8ca096dfd Alexander Duyck 2015-05-06 5531 /* Even if we own the page, we do not use atomic_set(). b63ae8ca096dfd Alexander Duyck 2015-05-06 5532 * This would break get_page_unless_zero() users. b63ae8ca096dfd Alexander Duyck 2015-05-06 5533 */ 8644772637deb1 Alexander Duyck 2019-02-15 5534 page_ref_add(page, PAGE_FRAG_CACHE_MAX_SIZE); b63ae8ca096dfd Alexander Duyck 2015-05-06 5535 b63ae8ca096dfd Alexander Duyck 2015-05-06 5536 /* reset page count bias and offset to start of new frag */ 2f064f3485cd29 Michal Hocko 2015-08-21 5537 nc->pfmemalloc = page_is_pfmemalloc(page); 8644772637deb1 Alexander Duyck 2019-02-15 5538 nc->pagecnt_bias = PAGE_FRAG_CACHE_MAX_SIZE + 1; b63ae8ca096dfd Alexander Duyck 2015-05-06 5539 nc->offset = size; b63ae8ca096dfd Alexander Duyck 2015-05-06 5540 } b63ae8ca096dfd Alexander Duyck 2015-05-06 5541 b63ae8ca096dfd Alexander Duyck 2015-05-06 5542 offset = nc->offset - fragsz; b63ae8ca096dfd Alexander Duyck 2015-05-06 5543 if (unlikely(offset < 0)) { b63ae8ca096dfd Alexander Duyck 2015-05-06 5544 page = virt_to_page(nc->va); b63ae8ca096dfd Alexander Duyck 2015-05-06 5545 fe896d1878949e Joonsoo Kim 2016-03-17 5546 if (!page_ref_sub_and_test(page, nc->pagecnt_bias)) b63ae8ca096dfd Alexander Duyck 2015-05-06 5547 goto refill; b63ae8ca096dfd Alexander Duyck 2015-05-06 5548 d8c19014bba8f5 Dongli Zhang 2020-11-15 5549 if (unlikely(nc->pfmemalloc)) { d8c19014bba8f5 Dongli Zhang 2020-11-15 5550 free_the_page(page, compound_order(page)); d8c19014bba8f5 Dongli Zhang 2020-11-15 5551 goto refill; d8c19014bba8f5 Dongli Zhang 2020-11-15 5552 } d8c19014bba8f5 Dongli Zhang 2020-11-15 5553 b63ae8ca096dfd Alexander Duyck 2015-05-06 5554 #if (PAGE_SIZE < PAGE_FRAG_CACHE_MAX_SIZE) b63ae8ca096dfd Alexander Duyck 2015-05-06 5555 /* if size can vary use size else just use PAGE_SIZE */ b63ae8ca096dfd Alexander Duyck 2015-05-06 5556 size = nc->size; b63ae8ca096dfd Alexander Duyck 2015-05-06 5557 #endif 2add304c6e5eb6 Pasha Tatashin 2021-12-21 5558 /* page count is 0, set it to PAGE_FRAG_CACHE_MAX_SIZE + 1 */ 2add304c6e5eb6 Pasha Tatashin 2021-12-21 @5559 refcnt = page_ref_add_return(page, PAGE_FRAG_CACHE_MAX_SIZE + 1); 2add304c6e5eb6 Pasha Tatashin 2021-12-21 5560 VM_BUG_ON_PAGE(refcnt != PAGE_FRAG_CACHE_MAX_SIZE + 1, page); b63ae8ca096dfd Alexander Duyck 2015-05-06 5561 b63ae8ca096dfd Alexander Duyck 2015-05-06 5562 /* reset page count bias and offset to start of new frag */ 8644772637deb1 Alexander Duyck 2019-02-15 5563 nc->pagecnt_bias = PAGE_FRAG_CACHE_MAX_SIZE + 1; b63ae8ca096dfd Alexander Duyck 2015-05-06 5564 offset = size - fragsz; b63ae8ca096dfd Alexander Duyck 2015-05-06 5565 } b63ae8ca096dfd Alexander Duyck 2015-05-06 5566 b63ae8ca096dfd Alexander Duyck 2015-05-06 5567 nc->pagecnt_bias--; b358e2122b9d7a Kevin Hao 2021-02-04 5568 offset &= align_mask; b63ae8ca096dfd Alexander Duyck 2015-05-06 5569 nc->offset = offset; b63ae8ca096dfd Alexander Duyck 2015-05-06 5570 b63ae8ca096dfd Alexander Duyck 2015-05-06 5571 return nc->va + offset; b63ae8ca096dfd Alexander Duyck 2015-05-06 5572 } b358e2122b9d7a Kevin Hao 2021-02-04 5573 EXPORT_SYMBOL(page_frag_alloc_align); b63ae8ca096dfd Alexander Duyck 2015-05-06 5574 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
