-Wignored-attributes in fs/exofs/* #58
Assignees
Labels
-Wignored-attributes
[BUG] linux
A bug that should be fixed in the mainline kernel.
[FIXED][LINUX] 5.1
This bug was fixed in Linux 5.1
Comments
nickdesaulniers
added
help wanted
good first issue
|
https://godbolt.org/z/txZ1bd shows that it is the positioning of the attribute that Clang is complaining about here. If you move it after the actual structure name, Clang doesn't generate a diagnostic. I'm not sure whether this is something that is wrong with Clang or the code as written. |
|
There are many uses of |
nickdesaulniers
changed the title
|
This is the best I could come up with: $ rg "__weak" | rg "struct" | rg ";"
include/scsi/osd_types.h:static const struct __weak osd_obj_id osd_root_object = {0, 0};
drivers/pci/pci-driver.c:struct dev_pm_ops __weak pcibios_pm_ops;
drivers/pci/pci-sysfs.c:int __weak pci_create_resource_files(struct pci_dev *dev) { return 0; }
drivers/pci/pci-sysfs.c:void __weak pci_remove_resource_files(struct pci_dev *dev) { return; }
kernel/bpf/core.c:const struct bpf_func_proto bpf_map_lookup_elem_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_map_update_elem_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_map_delete_elem_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_get_prandom_u32_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_get_smp_processor_id_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_get_numa_node_id_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_ktime_get_ns_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_get_current_pid_tgid_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_get_current_comm_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_sock_map_update_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_sock_hash_update_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_get_current_cgroup_id_proto __weak;
kernel/bpf/core.c:const struct bpf_func_proto bpf_get_local_storage_proto __weak;
tools/perf/util/unwind-libunwind.c:struct unwind_libunwind_ops __weak *local_unwind_libunwind_ops;
tools/perf/util/unwind-libunwind.c:struct unwind_libunwind_ops __weak *x86_32_unwind_libunwind_ops;
tools/perf/util/unwind-libunwind.c:struct unwind_libunwind_ops __weak *arm64_unwind_libunwind_ops;
arch/arc/kernel/smp.c:struct plat_smp_ops __weak plat_smp_ops;
arch/mips/oprofile/common.c:extern struct op_mips_model op_model_mipsxx_ops __weak;
arch/mips/oprofile/common.c:extern struct op_mips_model op_model_loongson2_ops __weak;
arch/mips/oprofile/common.c:extern struct op_mips_model op_model_loongson3_ops __weak;
$ rg "__weak" | rg "struct" | rg "="
include/scsi/osd_types.h:static const struct __weak osd_obj_id osd_root_object = {0, 0};
fs/exofs/common.h:static const struct __weak osd_attr g_attr_inode_data = ATTR_DEF(
tools/perf/tests/builtin-test.c:struct test __weak arch_tests[] = {
tools/perf/util/perf_regs.c:const struct sample_reg __weak sample_reg_masks[] = {The only two who deviate from the accepted pattern are I believe Nick's correct that GCC is silently dropping the attribute as well because this diff diff --git a/fs/exofs/common.h b/fs/exofs/common.h
index 7d88ef566213..b7e7da4037a1 100644
--- a/fs/exofs/common.h
+++ b/fs/exofs/common.h
@@ -183,7 +183,7 @@ struct exofs_fcb {
#define EXOFS_INO_ATTR_SIZE sizeof(struct exofs_fcb)
/* This is the Attribute the fcb is stored in */
-static const struct __weak osd_attr g_attr_inode_data = ATTR_DEF(
+static const struct osd_attr __weak g_attr_inode_data = ATTR_DEF(
EXOFS_APAGE_FS_DATA,
EXOFS_ATTR_INODE_DATA,
EXOFS_INO_ATTR_SIZE);
diff --git a/include/scsi/osd_types.h b/include/scsi/osd_types.h
index 48e8a165e136..67ec374bcf7b 100644
--- a/include/scsi/osd_types.h
+++ b/include/scsi/osd_types.h
@@ -28,7 +28,7 @@ struct osd_obj_id {
osd_id id;
};
-static const struct __weak osd_obj_id osd_root_object = {0, 0};
+static const struct osd_obj_id __weak osd_root_object = {0, 0};
struct osd_attr {
u32 attr_page;massively fails on both GCC: In file included from ./include/scsi/osd_initiator.h:18,
from ./include/scsi/osd_ore.h:25,
from fs/exofs/exofs.h:39,
from fs/exofs/dir.c:35:
./include/scsi/osd_types.h:31:39: error: weak declaration of ‘osd_root_object’ must be public
static const struct osd_obj_id __weak osd_root_object = {0, 0};
^~~~~~~~~~~~~~~
In file included from fs/exofs/exofs.h:41,
from fs/exofs/dir.c:35:
fs/exofs/common.h:186:30: error: weak declaration of ‘g_attr_inode_data’ must be public
static const struct osd_attr g_attr_inode_data __weak = ATTR_DEF(
^~~~~~~~~~~~~~~~~
make[1]: *** [scripts/Makefile.build:296: fs/exofs/dir.o] Error 1
make: *** [Makefile:1513: _module_fs/exofs] Error 2and Clang: In file included from fs/exofs/namei.c:34:
In file included from fs/exofs/exofs.h:41:
fs/exofs/common.h:186:30: error: weak declaration cannot have internal linkage
static const struct osd_attr __weak g_attr_inode_data = ATTR_DEF(
^
./include/linux/compiler_types.h:214:33: note: expanded from macro '__weak'
#define __weak __attribute__((weak))
^
49 warnings and 2 errors generated.If GCC were accepting it, we should be seeing the same errors without that diff, no? I'll post the following patches removing |
|
Nice patches! Thanks for checking through the sources to take care of these. |
nathanchance
added
[PATCH] Submitted
|
@nathanchance can you please re-ping these threads? |
|
Sure, I'll do it now. |
|
I forgot the scsi warnings were folded into this issue too. That patch has been resent as well: https://lore.kernel.org/lkml/20190126064740.12949-1-natechancellor@gmail.com/ |
|
heh, good note, too. |
|
These warnings will be fixed with the removal of the code, which has hit -next: |
nathanchance
added
[PATCH] Accepted
|
Finally! |
|
Removal of https://git.kernel.org/torvalds/c/80f2121380caa14895638b24b81800158c0844f2 https://git.kernel.org/torvalds/c/19fcae3d4f2dd513d472055fb694d802e9a21b91 |
nathanchance
added
[FIXED][LINUX] 5.1
nathanchance
pushed a commit
that referenced
this issue
Sep 18, 2019
…1 if 0. Syzbot reported divide error in vivid_thread_vid_cap, which has been seen only once and does not have a reproducer. This patch adds sanity checks for the denominator value with WARN_ON if it is 0 and replaces it with 1. divide error: 0000 [#1] PREEMPT SMP KASAN kobject: 'tx-0' (0000000017161f7f): kobject_uevent_env CPU: 0 PID: 23689 Comm: vivid-003-vid-c Not tainted 5.0.0-rc4+ #58 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:vivid_cap_update_frame_period drivers/media/platform/vivid/vivid-kthread-cap.c:661 [inline] RIP: 0010:vivid_thread_vid_cap+0x221/0x284 drivers/media/platform/vivid/vivid-kthread-cap.c:789 Code: 48 c1 e9 03 0f b6 0c 11 48 89 f2 48 69 c0 00 ca 9a 3b 83 c2 03 38 ca 7c 08 84 c9 0f 85 f0 1e 00 00 41 8b 8f 24 64 00 00 31 d2 <48> f7 f1 49 89 c4 48 89 c3 49 8d 87 28 64 00 00 48 89 c2 48 89 45 RSP: 0018:ffff88808b4afd68 EFLAGS: 00010246 kobject: 'tx-0' (0000000017161f7f): fill_kobj_path: path = '/devices/virtual/net/gre0/queues/tx-0' RAX: 000000de5a6f8e00 RBX: 0000000100047b22 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 RBP: ffff88808b4aff00 R08: ffff88804862e1c0 R09: ffffffff89997008 R10: ffffffff89997010 R11: 0000000000000001 R12: 00000000fffffffc R13: ffff8880a17e0500 R14: ffff88803e40f760 R15: ffff8882182b0140 FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004cdc90 CR3: 000000005d827000 CR4: 00000000001426f0 Call Trace: kobject: 'gretap0' (00000000d7549098): kobject_add_internal: parent: 'net', set: 'devices' kobject: 'loop2' (0000000094ed4ee4): kobject_uevent_env kobject: 'loop2' (0000000094ed4ee4): fill_kobj_path: path = '/devices/virtual/block/loop2' kthread+0x357/0x430 kernel/kthread.c:246 kobject: 'gretap0' (00000000d7549098): kobject_uevent_env ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:352 Modules linked in: kobject: 'gretap0' (00000000d7549098): fill_kobj_path: path = '/devices/virtual/net/gretap0' ---[ end trace bc5c8b25b64d768f ]--- kobject: 'loop1' (0000000032036b86): kobject_uevent_env RIP: 0010:vivid_cap_update_frame_period drivers/media/platform/vivid/vivid-kthread-cap.c:661 [inline] RIP: 0010:vivid_thread_vid_cap+0x221/0x2840 drivers/media/platform/vivid/vivid-kthread-cap.c:789 kobject: 'loop1' (0000000032036b86): fill_kobj_path: path = '/devices/virtual/block/loop1' Code: 48 c1 e9 03 0f b6 0c 11 48 89 f2 48 69 c0 00 ca 9a 3b 83 c2 03 38 ca 7c 08 84 c9 0f 85 f0 1e 00 00 41 8b 8f 24 64 00 00 31 d2 <48> f7 f1 49 89 c4 48 89 c3 49 8d 87 28 64 00 00 48 89 c2 48 89 45 kobject: 'loop0' (00000000dd9927c3): kobject_uevent_env RSP: 0018:ffff88808b4afd68 EFLAGS: 00010246 RAX: 000000de5a6f8e00 RBX: 0000000100047b22 RCX: 0000000000000000 kobject: 'queues' (000000007ed20666): kobject_add_internal: parent: 'gretap0', set: '<NULL>' RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000004 RBP: ffff88808b4aff00 R08: ffff88804862e1c0 R09: ffffffff89997008 kobject: 'loop0' (00000000dd9927c3): fill_kobj_path: path = '/devices/virtual/block/loop0' R10: ffffffff89997010 R11: 0000000000000001 R12: 00000000fffffffc kobject: 'queues' (000000007ed20666): kobject_uevent_env R13: ffff8880a17e0500 R14: ffff88803e40f760 R15: ffff8882182b0140 FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 kobject: 'loop5' (00000000a41f9e79): kobject_uevent_env CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kobject: 'queues' (000000007ed20666): kobject_uevent_env: filter function caused the event to drop! CR2: 00000000004cdc90 CR3: 000000005d827000 CR4: 00000000001426f0 kobject: 'loop5' (00000000a41f9e79): fill_kobj_path: path = '/devices/virtual/block/loop5' Reported-by: syz...@syzkaller.appspotmail.com Signed-off-by: Vandana BN <bnvandana@gmail.com> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
nathanchance
pushed a commit
that referenced
this issue
Apr 30, 2020
Here's the KASAN report: BUG: KASAN: use-after-free in aead_crypt_done+0x60/0xd8 Read of size 1 at addr ffff00002303f014 by task swapper/0/0 CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.6.0-rc1-00162-gfcb90d5 #58 Hardware name: LS1046A RDB Board (DT) Call trace: dump_backtrace+0x0/0x260 show_stack+0x14/0x20 dump_stack+0xe8/0x144 print_address_description.isra.11+0x64/0x348 __kasan_report+0x11c/0x230 kasan_report+0xc/0x18 __asan_load1+0x5c/0x68 aead_crypt_done+0x60/0xd8 caam_jr_dequeue+0x390/0x608 tasklet_action_common.isra.13+0x1ec/0x230 tasklet_action+0x24/0x30 efi_header_end+0x1a4/0x370 irq_exit+0x114/0x128 __handle_domain_irq+0x80/0xe0 gic_handle_irq+0x50/0xa0 el1_irq+0xb8/0x180 _raw_spin_unlock_irq+0x2c/0x78 finish_task_switch+0xa4/0x2f8 __schedule+0x3a4/0x890 schedule_idle+0x28/0x50 do_idle+0x22c/0x338 cpu_startup_entry+0x24/0x40 rest_init+0xf8/0x10c arch_call_rest_init+0xc/0x14 start_kernel+0x774/0x7b4 Allocated by task 263: save_stack+0x24/0xb0 __kasan_kmalloc.isra.10+0xc4/0xe0 kasan_kmalloc+0xc/0x18 __kmalloc+0x178/0x2b8 aead_edesc_alloc+0x1b4/0xbf0 ipsec_gcm_encrypt+0xd4/0x140 crypto_aead_encrypt+0x50/0x68 test_aead_vec_cfg+0x498/0xec0 test_aead_vec+0x110/0x200 alg_test_aead+0xfc/0x680 alg_test.part.44+0x114/0x4a0 alg_test+0x1c/0x60 cryptomgr_test+0x34/0x58 kthread+0x1b8/0x1c0 ret_from_fork+0x10/0x18 Freed by task 0: save_stack+0x24/0xb0 __kasan_slab_free+0x10c/0x188 kasan_slab_free+0x10/0x18 kfree+0x7c/0x298 aead_crypt_done+0x58/0xd8 caam_jr_dequeue+0x390/0x608 tasklet_action_common.isra.13+0x1ec/0x230 tasklet_action+0x24/0x30 efi_header_end+0x1a4/0x370 The buggy address belongs to the object at ffff00002303f000 which belongs to the cache dma-kmalloc-128 of size 128 The buggy address is located 20 bytes inside of 128-byte region [ffff00002303f000, ffff00002303f080) The buggy address belongs to the page: page:fffffe00006c0fc0 refcount:1 mapcount:0 mapping:ffff00093200c000 index:0x0 flags: 0xffff00000000200(slab) raw: 0ffff00000000200 dead000000000100 dead000000000122 ffff00093200c000 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff00002303ef00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff00002303ef80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff00002303f000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff00002303f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff00002303f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Fixes: 1c24022 ("crypto: caam - add crypto_engine support for AEAD algorithms") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
nathanchance
pushed a commit
that referenced
this issue
Nov 19, 2020
fast_second_level_miss handler for the TLBTEMP area has an assumption that page table directory entry for the TLBTEMP address range is 0. For it to be true the TLBTEMP area must be aligned to 4MB boundary and not share its 4MB region with anything that may use a page table. This is not true currently: TLBTEMP shares space with vmalloc space which results in the following kinds of runtime errors when fast_second_level_miss loads page table directory entry for the vmalloc space instead of fixing up the TLBTEMP area: Unable to handle kernel paging request at virtual address c7ff0e00 pc = d0009275, ra = 90009478 Oops: sig: 9 [#1] PREEMPT CPU: 1 PID: 61 Comm: kworker/u9:2 Not tainted 5.10.0-rc3-next-20201110-00007-g1fe4962fa983-dirty #58 Workqueue: xprtiod xs_stream_data_receive_workfn a00: 90009478 d11e1dc0 c7ff0e00 00000020 c7ff0000 00000001 7f8b8107 00000000 a08: 900c5992 d11e1d9 d0cc88b8 5506e97c 00000000 5506e97c d06c8074 d11e1d9 pc: d0009275, ps: 00060310, depc: 00000014, excvaddr: c7ff0e00 lbeg: d0009275, lend: d0009287 lcount: 00000003, sar: 00000010 Call Trace: xs_stream_data_receive_workfn+0x43c/0x770 process_one_work+0x1a1/0x324 worker_thread+0x1cc/0x3c0 kthread+0x10d/0x124 ret_from_kernel_thread+0xc/0x18 Cc: stable@vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
few cases of:
I think it should be straightforward to remove the
__weak, but it would be interesting if clang was actually wrong and gcc supported__attribute__((weak))on structs. I wonder what gcc's docs says about that attribute and structs?The text was updated successfully, but these errors were encountered: