This fixes the following sparse error when using
CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)
Cc: Al Viro <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Davide Libenzi <[email protected]>
Cc: Eric Dumazet <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Signed-off-by: Eric Wong <[email protected]>
---
Oleg: I found this error since I was working on an unrelated patch
to convert wakeup_source users to RCU in epoll. This was introduced
in:
commit 971316f0503a5c50633d07b83b6db2f15a3a5b00
(epoll: ep_unregister_pollwait() can use the freed pwq->whead)
fs/eventpoll.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 9fec183..1326409 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -228,7 +228,7 @@ struct eppoll_entry {
wait_queue_t wait;
/* The wait queue head that linked the "wait" wait queue item */
- wait_queue_head_t *whead;
+ wait_queue_head_t __rcu *whead;
};
/* Wrapper struct used by poll queueing */
@@ -929,7 +929,7 @@ static int ep_poll_callback(wait_queue_t *wait, unsigned mode, int sync, void *k
struct eventpoll *ep = epi->ep;
if ((unsigned long)key & POLLFREE) {
- ep_pwq_from_wait(wait)->whead = NULL;
+ RCU_INIT_POINTER(ep_pwq_from_wait(wait)->whead, NULL);
/*
* whead = NULL above can race with ep_remove_wait_queue()
* which can do another remove_wait_queue() after us, so we
@@ -1018,7 +1018,7 @@ static void ep_ptable_queue_proc(struct file *file, wait_queue_head_t *whead,
if (epi->nwait >= 0 && (pwq = kmem_cache_alloc(pwq_cache, GFP_KERNEL))) {
init_waitqueue_func_entry(&pwq->wait, ep_poll_callback);
- pwq->whead = whead;
+ RCU_INIT_POINTER(pwq->whead, whead);
pwq->base = epi;
add_wait_queue(whead, &pwq->wait);
list_add_tail(&pwq->llink, &epi->pwqlist);
--
Eric Wong
On 03/10, Eric Wong wrote:
>
> This fixes the following sparse error when using
> CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
>
> fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)
ep_remove_wait_queue() does rcu_dereference(pwq->whead) and
rcu_dereference_sparse(__rcu) complains, I guess.
> --- a/fs/eventpoll.c
> +++ b/fs/eventpoll.c
> @@ -228,7 +228,7 @@ struct eppoll_entry {
> wait_queue_t wait;
>
> /* The wait queue head that linked the "wait" wait queue item */
> - wait_queue_head_t *whead;
> + wait_queue_head_t __rcu *whead;
Well, perhaps this change is fine... but otoh this this a bit misleading.
It is not actually __rcu. The special case is sighand->signalfd_wqh, and
the commemt in ep_remove_wait_queue() means: if ->whead is not stable then
we can only race with signalfd_cleanup(), and rcu_read_lock() ensures this
memory can't go away.
We do not even need smp_read_barrier_depends() here, ACCESS_ONCE() should
be enough.
Perhaps it would be better to simply shut up this warning somehow...
> };
>
> /* Wrapper struct used by poll queueing */
> @@ -929,7 +929,7 @@ static int ep_poll_callback(wait_queue_t *wait, unsigned mode, int sync, void *k
> struct eventpoll *ep = epi->ep;
>
> if ((unsigned long)key & POLLFREE) {
> - ep_pwq_from_wait(wait)->whead = NULL;
> + RCU_INIT_POINTER(ep_pwq_from_wait(wait)->whead, NULL);
> /*
> * whead = NULL above can race with ep_remove_wait_queue()
> * which can do another remove_wait_queue() after us, so we
> @@ -1018,7 +1018,7 @@ static void ep_ptable_queue_proc(struct file *file, wait_queue_head_t *whead,
>
> if (epi->nwait >= 0 && (pwq = kmem_cache_alloc(pwq_cache, GFP_KERNEL))) {
> init_waitqueue_func_entry(&pwq->wait, ep_poll_callback);
> - pwq->whead = whead;
> + RCU_INIT_POINTER(pwq->whead, whead);
> pwq->base = epi;
> add_wait_queue(whead, &pwq->wait);
> list_add_tail(&pwq->llink, &epi->pwqlist);
> --
> Eric Wong
Oleg Nesterov <[email protected]> wrote:
> On 03/10, Eric Wong wrote:
> >
> > This fixes the following sparse error when using
> > CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
> >
> > fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)
>
> ep_remove_wait_queue() does rcu_dereference(pwq->whead) and
> rcu_dereference_sparse(__rcu) complains, I guess.
>
> > --- a/fs/eventpoll.c
> > +++ b/fs/eventpoll.c
> > @@ -228,7 +228,7 @@ struct eppoll_entry {
> > wait_queue_t wait;
> >
> > /* The wait queue head that linked the "wait" wait queue item */
> > - wait_queue_head_t *whead;
> > + wait_queue_head_t __rcu *whead;
>
> Well, perhaps this change is fine... but otoh this this a bit misleading.
> It is not actually __rcu. The special case is sighand->signalfd_wqh, and
> the commemt in ep_remove_wait_queue() means: if ->whead is not stable then
> we can only race with signalfd_cleanup(), and rcu_read_lock() ensures this
> memory can't go away.
>
> We do not even need smp_read_barrier_depends() here, ACCESS_ONCE() should
> be enough.
>
> Perhaps it would be better to simply shut up this warning somehow...
Hi, I've been hoping others would give a reply and offer a better
solution than min.
Without my proposed patch, sparse _errors_ out on me, so it prevent sparse
from reporting the many other warnings I create in my patches.
On 03/14, Eric Wong wrote:
>
> Oleg Nesterov <[email protected]> wrote:
> > On 03/10, Eric Wong wrote:
> > >
> > > This fixes the following sparse error when using
> > > CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
> > >
> > > fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)
> >
> > ep_remove_wait_queue() does rcu_dereference(pwq->whead) and
> > rcu_dereference_sparse(__rcu) complains, I guess.
> >
> > > --- a/fs/eventpoll.c
> > > +++ b/fs/eventpoll.c
> > > @@ -228,7 +228,7 @@ struct eppoll_entry {
> > > wait_queue_t wait;
> > >
> > > /* The wait queue head that linked the "wait" wait queue item */
> > > - wait_queue_head_t *whead;
> > > + wait_queue_head_t __rcu *whead;
> >
> > Well, perhaps this change is fine... but otoh this this a bit misleading.
> > It is not actually __rcu. The special case is sighand->signalfd_wqh, and
> > the commemt in ep_remove_wait_queue() means: if ->whead is not stable then
> > we can only race with signalfd_cleanup(), and rcu_read_lock() ensures this
> > memory can't go away.
> >
> > We do not even need smp_read_barrier_depends() here, ACCESS_ONCE() should
> > be enough.
> >
> > Perhaps it would be better to simply shut up this warning somehow...
>
> Hi, I've been hoping others would give a reply and offer a better
> solution than min.
Me too ;)
OK, probably we should use your patch, although personally I'd prefer
to simply shut up the warning, say
- whead = rcu_dereference(pwq->whead);
+ whead = rcu_dereference((void __rcu*)pwq->whead);
> Without my proposed patch, sparse _errors_ out on me,
it is only sparse...
But OK, I won't argue with you patch.
Oleg.
Oleg Nesterov <[email protected]> wrote:
> On 03/14, Eric Wong wrote:
> > Oleg Nesterov <[email protected]> wrote:
> > > On 03/10, Eric Wong wrote:
> > > >
> > > > This fixes the following sparse error when using
> > > > CONFIG_SPARSE_RCU_POINTER=y and "make C=2 fs/eventpoll.o"
> > > >
> > > > fs/eventpoll.c:514:17: error: incompatible types in comparison expression (different address spaces)
> > >
> > > ep_remove_wait_queue() does rcu_dereference(pwq->whead) and
> > > rcu_dereference_sparse(__rcu) complains, I guess.
> > >
> > > > --- a/fs/eventpoll.c
> > > > +++ b/fs/eventpoll.c
> > > > @@ -228,7 +228,7 @@ struct eppoll_entry {
> > > > wait_queue_t wait;
> > > >
> > > > /* The wait queue head that linked the "wait" wait queue item */
> > > > - wait_queue_head_t *whead;
> > > > + wait_queue_head_t __rcu *whead;
> > >
> > > Well, perhaps this change is fine... but otoh this this a bit misleading.
> > > It is not actually __rcu. The special case is sighand->signalfd_wqh, and
> > > the commemt in ep_remove_wait_queue() means: if ->whead is not stable then
> > > we can only race with signalfd_cleanup(), and rcu_read_lock() ensures this
> > > memory can't go away.
> > >
> > > We do not even need smp_read_barrier_depends() here, ACCESS_ONCE() should
> > > be enough.
> > >
> > > Perhaps it would be better to simply shut up this warning somehow...
> >
> > Hi, I've been hoping others would give a reply and offer a better
> > solution than min.
>
> Me too ;)
>
> OK, probably we should use your patch, although personally I'd prefer
> to simply shut up the warning, say
>
> - whead = rcu_dereference(pwq->whead);
> + whead = rcu_dereference((void __rcu*)pwq->whead);
I just tried the above and it does not build:
$ make C=2 fs/eventpoll.o
make[1]: Nothing to be done for `all'.
make[1]: Nothing to be done for `relocs'.
CHK include/generated/uapi/linux/version.h
CHK include/generated/utsrelease.h
CALL scripts/checksyscalls.sh
CHECK scripts/mod/empty.c
CHECK fs/eventpoll.c
fs/eventpoll.c:516:17: error: not addressable
CC fs/eventpoll.o
fs/eventpoll.c: In function ‘ep_remove_wait_queue’:
fs/eventpoll.c:516: error: lvalue required as unary ‘&’ operand
make[1]: *** [fs/eventpoll.o] Error 1
make: *** [fs/eventpoll.o] Error 2
> > Without my proposed patch, sparse _errors_ out on me,
>
> it is only sparse...
>
> But OK, I won't argue with you patch.
Thanks. I think my patch is the best way to address the issue and help
prevent myself from introducing new bugs while working on epoll.
I will continue to wait for comments from others.