[linux-next:master 6990/7953] mm/userfaultfd.c:1438 uffd_move_lock() error: we previously assumed '*src_vmap' could be null (see line 1423)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [linux-next:master 6990/7953] mm/userfaultfd.c:1438 uffd_move_lock() error: we previously assumed '*src_vmap' could be null (see line 1423)
Date: Mon, 19 Feb 2024 19:16:11 +0800	[thread overview]
Message-ID: <202402191900.1xNdILAX-lkp@intel.com> (raw)

BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Lokesh Gidra <lokeshgidra@google.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
CC: "Liam R. Howlett" <Liam.Howlett@oracle.com>

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   35a4fdde2466b9d90af297f249436a270ef9d30e
commit: 17464ec6a91f3d4645b9795c5cb58d98bd643cf7 [6990/7953] userfaultfd: use per-vma locks in userfaultfd operations
:::::: branch date: 6 hours ago
:::::: commit date: 3 days ago
config: arm64-randconfig-r081-20240216 (https://download.01.org/0day-ci/archive/20240219/202402191900.1xNdILAX-lkp@intel.com/config)
compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project 36adfec155de366d722f2bac8ff9162289dcf06c)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202402191900.1xNdILAX-lkp@intel.com/

smatch warnings:
mm/userfaultfd.c:1438 uffd_move_lock() error: we previously assumed '*src_vmap' could be null (see line 1423)

vim +1438 mm/userfaultfd.c

17464ec6a91f3d Lokesh Gidra     2024-02-15  1385  
17464ec6a91f3d Lokesh Gidra     2024-02-15  1386  #ifdef CONFIG_PER_VMA_LOCK
17464ec6a91f3d Lokesh Gidra     2024-02-15  1387  static int uffd_move_lock(struct mm_struct *mm,
17464ec6a91f3d Lokesh Gidra     2024-02-15  1388  			  unsigned long dst_start,
17464ec6a91f3d Lokesh Gidra     2024-02-15  1389  			  unsigned long src_start,
17464ec6a91f3d Lokesh Gidra     2024-02-15  1390  			  struct vm_area_struct **dst_vmap,
17464ec6a91f3d Lokesh Gidra     2024-02-15  1391  			  struct vm_area_struct **src_vmap)
17464ec6a91f3d Lokesh Gidra     2024-02-15  1392  {
17464ec6a91f3d Lokesh Gidra     2024-02-15  1393  	struct vm_area_struct *vma;
17464ec6a91f3d Lokesh Gidra     2024-02-15  1394  	int err;
17464ec6a91f3d Lokesh Gidra     2024-02-15  1395  
17464ec6a91f3d Lokesh Gidra     2024-02-15  1396  	vma = lock_vma(mm, dst_start);
17464ec6a91f3d Lokesh Gidra     2024-02-15  1397  	if (IS_ERR(vma))
17464ec6a91f3d Lokesh Gidra     2024-02-15  1398  		return PTR_ERR(vma);
17464ec6a91f3d Lokesh Gidra     2024-02-15  1399  
17464ec6a91f3d Lokesh Gidra     2024-02-15  1400  	*dst_vmap = vma;
adef440691bab8 Andrea Arcangeli 2023-12-06  1401  	/*
17464ec6a91f3d Lokesh Gidra     2024-02-15  1402  	 * Skip finding src_vma if src_start is in dst_vma. This also ensures
17464ec6a91f3d Lokesh Gidra     2024-02-15  1403  	 * that we don't lock the same vma twice.
adef440691bab8 Andrea Arcangeli 2023-12-06  1404  	 */
17464ec6a91f3d Lokesh Gidra     2024-02-15  1405  	if (src_start >= vma->vm_start && src_start < vma->vm_end) {
17464ec6a91f3d Lokesh Gidra     2024-02-15  1406  		*src_vmap = vma;
17464ec6a91f3d Lokesh Gidra     2024-02-15  1407  		return 0;
17464ec6a91f3d Lokesh Gidra     2024-02-15  1408  	}
adef440691bab8 Andrea Arcangeli 2023-12-06  1409  
17464ec6a91f3d Lokesh Gidra     2024-02-15  1410  	/*
17464ec6a91f3d Lokesh Gidra     2024-02-15  1411  	 * Using lock_vma() to get src_vma can lead to following deadlock:
17464ec6a91f3d Lokesh Gidra     2024-02-15  1412  	 *
17464ec6a91f3d Lokesh Gidra     2024-02-15  1413  	 * Thread1				Thread2
17464ec6a91f3d Lokesh Gidra     2024-02-15  1414  	 * -------				-------
17464ec6a91f3d Lokesh Gidra     2024-02-15  1415  	 * vma_start_read(dst_vma)
17464ec6a91f3d Lokesh Gidra     2024-02-15  1416  	 *					mmap_write_lock(mm)
17464ec6a91f3d Lokesh Gidra     2024-02-15  1417  	 *					vma_start_write(src_vma)
17464ec6a91f3d Lokesh Gidra     2024-02-15  1418  	 * vma_start_read(src_vma)
17464ec6a91f3d Lokesh Gidra     2024-02-15  1419  	 * mmap_read_lock(mm)
17464ec6a91f3d Lokesh Gidra     2024-02-15  1420  	 *					vma_start_write(dst_vma)
17464ec6a91f3d Lokesh Gidra     2024-02-15  1421  	 */
17464ec6a91f3d Lokesh Gidra     2024-02-15  1422  	*src_vmap = lock_vma_under_rcu(mm, src_start);
17464ec6a91f3d Lokesh Gidra     2024-02-15 @1423  	if (likely(*src_vmap))
adef440691bab8 Andrea Arcangeli 2023-12-06  1424  		return 0;
17464ec6a91f3d Lokesh Gidra     2024-02-15  1425  
17464ec6a91f3d Lokesh Gidra     2024-02-15  1426  	/* Undo any locking and retry in mmap_lock critical section */
17464ec6a91f3d Lokesh Gidra     2024-02-15  1427  	vma_end_read(*dst_vmap);
17464ec6a91f3d Lokesh Gidra     2024-02-15  1428  
17464ec6a91f3d Lokesh Gidra     2024-02-15  1429  	mmap_read_lock(mm);
17464ec6a91f3d Lokesh Gidra     2024-02-15  1430  	err = find_vmas_mm_locked(mm, dst_start, src_start, dst_vmap, src_vmap);
17464ec6a91f3d Lokesh Gidra     2024-02-15  1431  	if (!err) {
17464ec6a91f3d Lokesh Gidra     2024-02-15  1432  		/*
17464ec6a91f3d Lokesh Gidra     2024-02-15  1433  		 * See comment in lock_vma() as to why not using
17464ec6a91f3d Lokesh Gidra     2024-02-15  1434  		 * vma_start_read() here.
17464ec6a91f3d Lokesh Gidra     2024-02-15  1435  		 */
17464ec6a91f3d Lokesh Gidra     2024-02-15  1436  		down_read(&(*dst_vmap)->vm_lock->lock);
17464ec6a91f3d Lokesh Gidra     2024-02-15  1437  		if (*dst_vmap != *src_vmap)
17464ec6a91f3d Lokesh Gidra     2024-02-15 @1438  			down_read(&(*src_vmap)->vm_lock->lock);
17464ec6a91f3d Lokesh Gidra     2024-02-15  1439  	}
17464ec6a91f3d Lokesh Gidra     2024-02-15  1440  	mmap_read_unlock(mm);
17464ec6a91f3d Lokesh Gidra     2024-02-15  1441  	return err;
17464ec6a91f3d Lokesh Gidra     2024-02-15  1442  }
17464ec6a91f3d Lokesh Gidra     2024-02-15  1443  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

                 reply	other threads:[~2024-02-19 11:16 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202402191900.1xNdILAX-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=error27@gmail.com \
    --cc=oe-kbuild@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.