Re: [PATCH v2] mm/mempolicy: fix mpol_new leak in shared_policy_replace

From: kernel test robot
Date: Mon Mar 21 2022 - 16:01:41 EST

Hi Miaohe,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linux/master]
[also build test ERROR on linus/master v5.17]
[cannot apply to hnaz-mm/master next-20220321]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url: https://github.com/0day-ci/linux/commits/Miaohe-Lin/mm-mempolicy-fix-mpol_new-leak-in-shared_policy_replace/20220321-200100
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 2c271fe77d52a0555161926c232cd5bc07178b39
config: x86_64-randconfig-a002-20220321 (https://download.01.org/0day-ci/archive/20220322/202203220336.VpfVL4ng-lkp@xxxxxxxxx/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 85e9b2687a13d1908aa86d1b89c5ce398a06cd39)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/9a91a8a7964a3af0b60f08dc38b7815e5118206a
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Miaohe-Lin/mm-mempolicy-fix-mpol_new-leak-in-shared_policy_replace/20220321-200100
git checkout 9a91a8a7964a3af0b60f08dc38b7815e5118206a
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

All errors (new ones prefixed by >>):

>> mm/mempolicy.c:2745:15: error: incompatible pointer types passing 'atomic_t *' to parameter of type 'refcount_t *' (aka 'struct refcount_struct *') [-Werror,-Wincompatible-pointer-types]
refcount_set(&mpol_new->refcnt, 1);
^~~~~~~~~~~~~~~~~
include/linux/refcount.h:134:45: note: passing argument to parameter 'r' here
static inline void refcount_set(refcount_t *r, int n)
^
1 error generated.


vim +2745 mm/mempolicy.c

2681
2682 /* Replace a policy range. */
2683 static int shared_policy_replace(struct shared_policy *sp, unsigned long start,
2684 unsigned long end, struct sp_node *new)
2685 {
2686 struct sp_node *n;
2687 struct sp_node *n_new = NULL;
2688 struct mempolicy *mpol_new = NULL;
2689 int ret = 0;
2690
2691 restart:
2692 write_lock(&sp->lock);
2693 n = sp_lookup(sp, start, end);
2694 /* Take care of old policies in the same range. */
2695 while (n && n->start < end) {
2696 struct rb_node *next = rb_next(&n->nd);
2697 if (n->start >= start) {
2698 if (n->end <= end)
2699 sp_delete(sp, n);
2700 else
2701 n->start = end;
2702 } else {
2703 /* Old policy spanning whole new range. */
2704 if (n->end > end) {
2705 if (!n_new)
2706 goto alloc_new;
2707
2708 *mpol_new = *n->policy;
2709 atomic_set(&mpol_new->refcnt, 1);
2710 sp_node_init(n_new, end, n->end, mpol_new);
2711 n->end = start;
2712 sp_insert(sp, n_new);
2713 n_new = NULL;
2714 mpol_new = NULL;
2715 break;
2716 } else
2717 n->end = start;
2718 }
2719 if (!next)
2720 break;
2721 n = rb_entry(next, struct sp_node, nd);
2722 }
2723 if (new)
2724 sp_insert(sp, new);
2725 write_unlock(&sp->lock);
2726 ret = 0;
2727
2728 err_out:
2729 if (mpol_new)
2730 mpol_put(mpol_new);
2731 if (n_new)
2732 kmem_cache_free(sn_cache, n_new);
2733
2734 return ret;
2735
2736 alloc_new:
2737 write_unlock(&sp->lock);
2738 ret = -ENOMEM;
2739 n_new = kmem_cache_alloc(sn_cache, GFP_KERNEL);
2740 if (!n_new)
2741 goto err_out;
2742 mpol_new = kmem_cache_alloc(policy_cache, GFP_KERNEL);
2743 if (!mpol_new)
2744 goto err_out;
> 2745 refcount_set(&mpol_new->refcnt, 1);
2746 goto restart;
2747 }
2748

--
0-DAY CI Kernel Test Service
https://01.org/lkp