tree/branch: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
branch HEAD: cc5fef71a1c741473eebb1aa6f7056ceb49bc33d ext4: replace snprintf in show functions with sysfs_emit
Error/Warning reports:
https://lore.kernel.org/linux-ext4/[email protected]
possible Error/Warning in current branch (please contact us if interested):
fs/ext4/super.c:2640:22-40: ERROR: reference preceded by free on line 2639
Error/Warning ids grouped by kconfigs:
gcc_recent_errors
|-- i386-randconfig-c021-20211225
| `-- fs-ext4-super.c:ERROR:reference-preceded-by-free-on-line
|-- ia64-randconfig-c004-20211225
| `-- fs-ext4-super.c:ERROR:reference-preceded-by-free-on-line
|-- ia64-randconfig-s032-20211225
| |-- fs-ext4-super.c:sparse:sparse:incorrect-type-in-argument-(different-address-spaces)-expected-char-const-got-char-noderef-__rcu
| `-- fs-ext4-super.c:sparse:sparse:incorrect-type-in-argument-(different-address-spaces)-expected-void-const-objp-got-char-noderef-__rcu
|-- powerpc-randconfig-c023-20211225
| `-- fs-ext4-super.c:ERROR:reference-preceded-by-free-on-line
|-- x86_64-randconfig-c002-20211225
| `-- fs-ext4-super.c:ERROR:reference-preceded-by-free-on-line
`-- x86_64-randconfig-c022-20211225
`-- fs-ext4-super.c:ERROR:reference-preceded-by-free-on-line
elapsed time: 722m
configs tested: 99
configs skipped: 3
gcc tested configs:
arm defconfig
arm allyesconfig
arm allmodconfig
arm64 defconfig
arm64 allyesconfig
i386 randconfig-c001-20211225
ia64 zx1_defconfig
powerpc makalu_defconfig
sh sh7785lcr_32bit_defconfig
powerpc mpc83xx_defconfig
arm pxa_defconfig
ia64 tiger_defconfig
mips rm200_defconfig
arm aspeed_g5_defconfig
i386 defconfig
powerpc acadia_defconfig
xtensa xip_kc705_defconfig
powerpc allyesconfig
nios2 defconfig
m68k m5275evb_defconfig
arm mini2440_defconfig
sh se7721_defconfig
powerpc pmac32_defconfig
sparc allyesconfig
arm randconfig-c002-20211225
ia64 allmodconfig
ia64 defconfig
ia64 allyesconfig
m68k allmodconfig
m68k allyesconfig
m68k defconfig
nds32 defconfig
csky defconfig
alpha defconfig
alpha allyesconfig
nios2 allyesconfig
h8300 allyesconfig
arc defconfig
sh allmodconfig
xtensa allyesconfig
parisc defconfig
s390 allmodconfig
parisc allyesconfig
s390 allyesconfig
s390 defconfig
i386 allyesconfig
i386 debian-10.3
sparc defconfig
i386 debian-10.3-kselftests
nds32 allnoconfig
arc allyesconfig
mips allmodconfig
mips allyesconfig
powerpc allnoconfig
powerpc allmodconfig
x86_64 randconfig-a013-20211225
x86_64 randconfig-a014-20211225
x86_64 randconfig-a015-20211225
x86_64 randconfig-a011-20211225
x86_64 randconfig-a012-20211225
x86_64 randconfig-a016-20211225
i386 randconfig-a012-20211225
i386 randconfig-a011-20211225
i386 randconfig-a013-20211225
i386 randconfig-a014-20211225
i386 randconfig-a016-20211225
i386 randconfig-a015-20211225
arc randconfig-r043-20211225
riscv randconfig-r042-20211225
s390 randconfig-r044-20211225
riscv nommu_k210_defconfig
riscv allyesconfig
riscv allnoconfig
riscv defconfig
riscv rv32_defconfig
riscv allmodconfig
riscv nommu_virt_defconfig
x86_64 rhel-8.3-kselftests
um i386_defconfig
um x86_64_defconfig
x86_64 allyesconfig
x86_64 rhel-8.3
x86_64 rhel-8.3-func
x86_64 kexec
x86_64 defconfig
clang tested configs:
i386 randconfig-a002-20211225
i386 randconfig-a003-20211225
i386 randconfig-a005-20211225
i386 randconfig-a001-20211225
i386 randconfig-a004-20211225
i386 randconfig-a006-20211225
x86_64 randconfig-a003-20211225
x86_64 randconfig-a001-20211225
x86_64 randconfig-a005-20211225
x86_64 randconfig-a006-20211225
x86_64 randconfig-a004-20211225
x86_64 randconfig-a002-20211225
hexagon randconfig-r041-20211225
hexagon randconfig-r045-20211225
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/[email protected]
On Sat, Dec 25, 2021 at 11:27:04PM +0800, kernel test robot wrote:
> tree/branch: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
> branch HEAD: cc5fef71a1c741473eebb1aa6f7056ceb49bc33d ext4: replace snprintf in show functions with sysfs_emit
>
> Error/Warning reports:
>
> https://lore.kernel.org/linux-ext4/[email protected]
>
> possible Error/Warning in current branch (please contact us if interested):
>
> fs/ext4/super.c:2640:22-40: ERROR: reference preceded by free on line 2639
The Intel test robot mis-identified the commit which introduced this
problem (it looks like the first commit with the problem is commit
e6e268cb6822 ("ext4: move quota configuration out of
handle_mount_opt()"), but it caused me to take a closer look, and this
looks... wrong.
From ext4_apply_quota_options() in fs/extr4/super.c:
qname = ctx->s_qf_names[i]; /* May be NULL */
ctx->s_qf_names[i] = NULL;
kfree(sbi->s_qf_names[i]);
rcu_assign_pointer(sbi->s_qf_names[i], qname);
set_opt(sb, QUOTA);
sbi->s_qf_names[i] is an RCU protected pointer, which is used via
rcu_derference(). So how can it be safe to kfree() the pointer;
should that be kfree_rcu() at the very least?
Lukas, can you take a look and let me know? Thanks!
- Ted
On Sun, Dec 26, 2021 at 08:12:47PM -0500, Theodore Ts'o wrote:
> On Sat, Dec 25, 2021 at 11:27:04PM +0800, kernel test robot wrote:
> > tree/branch: https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git dev
> > branch HEAD: cc5fef71a1c741473eebb1aa6f7056ceb49bc33d ext4: replace snprintf in show functions with sysfs_emit
> >
> > Error/Warning reports:
> >
> > https://lore.kernel.org/linux-ext4/[email protected]
> >
> > possible Error/Warning in current branch (please contact us if interested):
> >
> > fs/ext4/super.c:2640:22-40: ERROR: reference preceded by free on line 2639
>
> The Intel test robot mis-identified the commit which introduced this
> problem (it looks like the first commit with the problem is commit
> e6e268cb6822 ("ext4: move quota configuration out of
> handle_mount_opt()"), but it caused me to take a closer look, and this
> looks... wrong.
>
> From ext4_apply_quota_options() in fs/extr4/super.c:
>
> qname = ctx->s_qf_names[i]; /* May be NULL */
> ctx->s_qf_names[i] = NULL;
> kfree(sbi->s_qf_names[i]);
> rcu_assign_pointer(sbi->s_qf_names[i], qname);
> set_opt(sb, QUOTA);
>
> sbi->s_qf_names[i] is an RCU protected pointer, which is used via
> rcu_derference(). So how can it be safe to kfree() the pointer;
> should that be kfree_rcu() at the very least?
>
> Lukas, can you take a look and let me know? Thanks!
>
> - Ted
Hi Ted,
yes indeed this is a bug. Something like this untested patch should fix
it I believe.
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index b72d989b77fb..6f52609a334c 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2633,8 +2633,10 @@ static void ext4_apply_quota_options(struct fs_context *fc,
qname = ctx->s_qf_names[i]; /* May be NULL */
ctx->s_qf_names[i] = NULL;
- kfree(sbi->s_qf_names[i]);
- rcu_assign_pointer(sbi->s_qf_names[i], qname);
+ qname = rcu_replace_pointer(sbi->s_qf_names[i], qname,
+ lockdep_is_held(&sb->s_umount));
+ if (qname)
+ kfree_rcu(qname);
set_opt(sb, QUOTA);
}
}
There is also a question of the other warning where we pass the pointer
to strcmp which we should silence as well. I'll send a proper patch.
Thanks!
-Lukas