* [linux-next:master 6780/8260] mm/userfaultfd.c:740 mfill_atomic() warn: inconsistent returns '&ctx->map_changing_lock'.
@ 2024-02-21 1:02 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2024-02-21 1:02 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp, Dan Carpenter
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Lokesh Gidra <lokeshgidra@google.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
CC: "Mike Rapoport (IBM)" <rppt@kernel.org>
CC: "Liam R. Howlett" <Liam.Howlett@oracle.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 2d5c7b7eb345249cb34d42cbc2b97b4c57ea944e
commit: 973edec7cc120e3bf429b8183b62c2292b728bde [6780/8260] userfaultfd: protect mmap_changing with rw_sem in userfaulfd_ctx
:::::: branch date: 20 hours ago
:::::: commit date: 5 days ago
config: arm64-randconfig-r081-20240216 (https://download.01.org/0day-ci/archive/20240221/202402210841.xeePYHbo-lkp@intel.com/config)
compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project 36adfec155de366d722f2bac8ff9162289dcf06c)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202402210841.xeePYHbo-lkp@intel.com/
smatch warnings:
mm/userfaultfd.c:740 mfill_atomic() warn: inconsistent returns '&ctx->map_changing_lock'.
vim +740 mm/userfaultfd.c
3217d3c79b5d7a Mike Rapoport 2017-09-06 570
973edec7cc120e Lokesh Gidra 2024-02-15 571 static __always_inline ssize_t mfill_atomic(struct userfaultfd_ctx *ctx,
c1a4de99fada21 Andrea Arcangeli 2015-09-04 572 unsigned long dst_start,
c1a4de99fada21 Andrea Arcangeli 2015-09-04 573 unsigned long src_start,
c1a4de99fada21 Andrea Arcangeli 2015-09-04 574 unsigned long len,
d9712937037e0c Axel Rasmussen 2023-03-14 575 uffd_flags_t flags)
c1a4de99fada21 Andrea Arcangeli 2015-09-04 576 {
973edec7cc120e Lokesh Gidra 2024-02-15 577 struct mm_struct *dst_mm = ctx->mm;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 578 struct vm_area_struct *dst_vma;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 579 ssize_t err;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 580 pmd_t *dst_pmd;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 581 unsigned long src_addr, dst_addr;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 582 long copied;
d7be6d7eee1bbf ZhangPeng 2023-04-10 583 struct folio *folio;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 584
c1a4de99fada21 Andrea Arcangeli 2015-09-04 585 /*
c1a4de99fada21 Andrea Arcangeli 2015-09-04 586 * Sanitize the command parameters:
c1a4de99fada21 Andrea Arcangeli 2015-09-04 587 */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 588 BUG_ON(dst_start & ~PAGE_MASK);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 589 BUG_ON(len & ~PAGE_MASK);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 590
c1a4de99fada21 Andrea Arcangeli 2015-09-04 591 /* Does the address range wrap, or is the span zero-sized? */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 592 BUG_ON(src_start + len <= src_start);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 593 BUG_ON(dst_start + len <= dst_start);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 594
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 595 src_addr = src_start;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 596 dst_addr = dst_start;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 597 copied = 0;
d7be6d7eee1bbf ZhangPeng 2023-04-10 598 folio = NULL;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 599 retry:
d8ed45c5dcd455 Michel Lespinasse 2020-06-08 600 mmap_read_lock(dst_mm);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 601
df2cc96e77011c Mike Rapoport 2018-06-07 602 /*
df2cc96e77011c Mike Rapoport 2018-06-07 603 * If memory mappings are changing because of non-cooperative
df2cc96e77011c Mike Rapoport 2018-06-07 604 * operation (e.g. mremap) running in parallel, bail out and
df2cc96e77011c Mike Rapoport 2018-06-07 605 * request the user to retry later
df2cc96e77011c Mike Rapoport 2018-06-07 606 */
973edec7cc120e Lokesh Gidra 2024-02-15 607 down_read(&ctx->map_changing_lock);
df2cc96e77011c Mike Rapoport 2018-06-07 608 err = -EAGAIN;
973edec7cc120e Lokesh Gidra 2024-02-15 609 if (atomic_read(&ctx->mmap_changing))
df2cc96e77011c Mike Rapoport 2018-06-07 610 goto out_unlock;
df2cc96e77011c Mike Rapoport 2018-06-07 611
c1a4de99fada21 Andrea Arcangeli 2015-09-04 612 /*
c1a4de99fada21 Andrea Arcangeli 2015-09-04 613 * Make sure the vma is not shared, that the dst range is
c1a4de99fada21 Andrea Arcangeli 2015-09-04 614 * both valid and fully within a single existing vma.
c1a4de99fada21 Andrea Arcangeli 2015-09-04 615 */
27d02568f529e9 Mike Rapoport 2017-02-24 616 err = -ENOENT;
643aa36eadebdc Wei Yang 2019-11-30 617 dst_vma = find_dst_vma(dst_mm, dst_start, len);
26071cedc519b8 Mike Rapoport 2017-02-22 618 if (!dst_vma)
26071cedc519b8 Mike Rapoport 2017-02-22 619 goto out_unlock;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 620
27d02568f529e9 Mike Rapoport 2017-02-24 621 err = -EINVAL;
27d02568f529e9 Mike Rapoport 2017-02-24 622 /*
27d02568f529e9 Mike Rapoport 2017-02-24 623 * shmem_zero_setup is invoked in mmap for MAP_ANONYMOUS|MAP_SHARED but
27d02568f529e9 Mike Rapoport 2017-02-24 624 * it will overwrite vm_ops, so vma_is_anonymous must return false.
27d02568f529e9 Mike Rapoport 2017-02-24 625 */
27d02568f529e9 Mike Rapoport 2017-02-24 626 if (WARN_ON_ONCE(vma_is_anonymous(dst_vma) &&
27d02568f529e9 Mike Rapoport 2017-02-24 627 dst_vma->vm_flags & VM_SHARED))
27d02568f529e9 Mike Rapoport 2017-02-24 628 goto out_unlock;
27d02568f529e9 Mike Rapoport 2017-02-24 629
72981e0e7b609c Andrea Arcangeli 2020-04-06 630 /*
72981e0e7b609c Andrea Arcangeli 2020-04-06 631 * validate 'mode' now that we know the dst_vma: don't allow
72981e0e7b609c Andrea Arcangeli 2020-04-06 632 * a wrprotect copy if the userfaultfd didn't register as WP.
72981e0e7b609c Andrea Arcangeli 2020-04-06 633 */
d9712937037e0c Axel Rasmussen 2023-03-14 634 if ((flags & MFILL_ATOMIC_WP) && !(dst_vma->vm_flags & VM_UFFD_WP))
72981e0e7b609c Andrea Arcangeli 2020-04-06 635 goto out_unlock;
72981e0e7b609c Andrea Arcangeli 2020-04-06 636
60d4d2d2b40e44 Mike Kravetz 2017-02-22 637 /*
60d4d2d2b40e44 Mike Kravetz 2017-02-22 638 * If this is a HUGETLB vma, pass off to appropriate routine
60d4d2d2b40e44 Mike Kravetz 2017-02-22 639 */
60d4d2d2b40e44 Mike Kravetz 2017-02-22 640 if (is_vm_hugetlb_page(dst_vma))
973edec7cc120e Lokesh Gidra 2024-02-15 641 return mfill_atomic_hugetlb(ctx, dst_vma, dst_start,
973edec7cc120e Lokesh Gidra 2024-02-15 642 src_start, len, flags);
60d4d2d2b40e44 Mike Kravetz 2017-02-22 643
26071cedc519b8 Mike Rapoport 2017-02-22 644 if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma))
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 645 goto out_unlock;
d9712937037e0c Axel Rasmussen 2023-03-14 646 if (!vma_is_shmem(dst_vma) &&
d9712937037e0c Axel Rasmussen 2023-03-14 647 uffd_flags_mode_is(flags, MFILL_ATOMIC_CONTINUE))
f619147104c8ea Axel Rasmussen 2021-05-04 648 goto out_unlock;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 649
c1a4de99fada21 Andrea Arcangeli 2015-09-04 650 /*
c1a4de99fada21 Andrea Arcangeli 2015-09-04 651 * Ensure the dst_vma has a anon_vma or this page
c1a4de99fada21 Andrea Arcangeli 2015-09-04 652 * would get a NULL anon_vma when moved in the
c1a4de99fada21 Andrea Arcangeli 2015-09-04 653 * dst_vma.
c1a4de99fada21 Andrea Arcangeli 2015-09-04 654 */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 655 err = -ENOMEM;
5b51072e97d587 Andrea Arcangeli 2018-11-30 656 if (!(dst_vma->vm_flags & VM_SHARED) &&
5b51072e97d587 Andrea Arcangeli 2018-11-30 657 unlikely(anon_vma_prepare(dst_vma)))
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 658 goto out_unlock;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 659
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 660 while (src_addr < src_start + len) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 661 pmd_t dst_pmdval;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 662
c1a4de99fada21 Andrea Arcangeli 2015-09-04 663 BUG_ON(dst_addr >= dst_start + len);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 664
c1a4de99fada21 Andrea Arcangeli 2015-09-04 665 dst_pmd = mm_alloc_pmd(dst_mm, dst_addr);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 666 if (unlikely(!dst_pmd)) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 667 err = -ENOMEM;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 668 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 669 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 670
dab6e717429e5e Peter Zijlstra 2020-11-26 671 dst_pmdval = pmdp_get_lockless(dst_pmd);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 672 /*
c1a4de99fada21 Andrea Arcangeli 2015-09-04 673 * If the dst_pmd is mapped as THP don't
c1a4de99fada21 Andrea Arcangeli 2015-09-04 674 * override it and just be strict.
c1a4de99fada21 Andrea Arcangeli 2015-09-04 675 */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 676 if (unlikely(pmd_trans_huge(dst_pmdval))) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 677 err = -EEXIST;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 678 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 679 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 680 if (unlikely(pmd_none(dst_pmdval)) &&
4cf58924951ef8 Joel Fernandes (Google 2019-01-03 681) unlikely(__pte_alloc(dst_mm, dst_pmd))) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 682 err = -ENOMEM;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 683 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 684 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 685 /* If an huge pmd materialized from under us fail */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 686 if (unlikely(pmd_trans_huge(*dst_pmd))) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 687 err = -EFAULT;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 688 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 689 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 690
c1a4de99fada21 Andrea Arcangeli 2015-09-04 691 BUG_ON(pmd_none(*dst_pmd));
c1a4de99fada21 Andrea Arcangeli 2015-09-04 692 BUG_ON(pmd_trans_huge(*dst_pmd));
c1a4de99fada21 Andrea Arcangeli 2015-09-04 693
61c5004022f56c Axel Rasmussen 2023-03-14 694 err = mfill_atomic_pte(dst_pmd, dst_vma, dst_addr,
d7be6d7eee1bbf ZhangPeng 2023-04-10 695 src_addr, flags, &folio);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 696 cond_resched();
c1a4de99fada21 Andrea Arcangeli 2015-09-04 697
9e368259ad9883 Andrea Arcangeli 2018-11-30 698 if (unlikely(err == -ENOENT)) {
d7be6d7eee1bbf ZhangPeng 2023-04-10 699 void *kaddr;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 700
973edec7cc120e Lokesh Gidra 2024-02-15 701 up_read(&ctx->map_changing_lock);
d8ed45c5dcd455 Michel Lespinasse 2020-06-08 702 mmap_read_unlock(dst_mm);
d7be6d7eee1bbf ZhangPeng 2023-04-10 703 BUG_ON(!folio);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 704
d7be6d7eee1bbf ZhangPeng 2023-04-10 705 kaddr = kmap_local_folio(folio, 0);
d7be6d7eee1bbf ZhangPeng 2023-04-10 706 err = copy_from_user(kaddr,
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 707 (const void __user *) src_addr,
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 708 PAGE_SIZE);
d7be6d7eee1bbf ZhangPeng 2023-04-10 709 kunmap_local(kaddr);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 710 if (unlikely(err)) {
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 711 err = -EFAULT;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 712 goto out;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 713 }
d7be6d7eee1bbf ZhangPeng 2023-04-10 714 flush_dcache_folio(folio);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 715 goto retry;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 716 } else
d7be6d7eee1bbf ZhangPeng 2023-04-10 717 BUG_ON(folio);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 718
c1a4de99fada21 Andrea Arcangeli 2015-09-04 719 if (!err) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 720 dst_addr += PAGE_SIZE;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 721 src_addr += PAGE_SIZE;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 722 copied += PAGE_SIZE;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 723
c1a4de99fada21 Andrea Arcangeli 2015-09-04 724 if (fatal_signal_pending(current))
c1a4de99fada21 Andrea Arcangeli 2015-09-04 725 err = -EINTR;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 726 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 727 if (err)
c1a4de99fada21 Andrea Arcangeli 2015-09-04 728 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 729 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 730
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 731 out_unlock:
973edec7cc120e Lokesh Gidra 2024-02-15 732 up_read(&ctx->map_changing_lock);
d8ed45c5dcd455 Michel Lespinasse 2020-06-08 733 mmap_read_unlock(dst_mm);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 734 out:
d7be6d7eee1bbf ZhangPeng 2023-04-10 735 if (folio)
d7be6d7eee1bbf ZhangPeng 2023-04-10 736 folio_put(folio);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 737 BUG_ON(copied < 0);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 738 BUG_ON(err > 0);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 739 BUG_ON(!copied && !err);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 @740 return copied ? copied : err;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 741 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 742
:::::: The code at line 740 was first introduced by commit
:::::: c1a4de99fada21e2e9251e52cbb51eff5aadc757 userfaultfd: mcopy_atomic|mfill_zeropage: UFFDIO_COPY|UFFDIO_ZEROPAGE preparation
:::::: TO: Andrea Arcangeli <aarcange@redhat.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 2+ messages in thread
* [linux-next:master 6780/8260] mm/userfaultfd.c:740 mfill_atomic() warn: inconsistent returns '&ctx->map_changing_lock'.
@ 2024-02-21 17:20 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2024-02-21 17:20 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp, Dan Carpenter
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Lokesh Gidra <lokeshgidra@google.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
CC: "Mike Rapoport (IBM)" <rppt@kernel.org>
CC: "Liam R. Howlett" <Liam.Howlett@oracle.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 4893c639cc3659cefaa675bf1e59f4e7571afb5c
commit: 973edec7cc120e3bf429b8183b62c2292b728bde [6780/8260] userfaultfd: protect mmap_changing with rw_sem in userfaulfd_ctx
:::::: branch date: 12 hours ago
:::::: commit date: 6 days ago
config: arm64-randconfig-r081-20240216 (https://download.01.org/0day-ci/archive/20240222/202402220157.2bXde5Ji-lkp@intel.com/config)
compiler: clang version 19.0.0git (https://github.com/llvm/llvm-project 36adfec155de366d722f2bac8ff9162289dcf06c)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202402220157.2bXde5Ji-lkp@intel.com/
smatch warnings:
mm/userfaultfd.c:740 mfill_atomic() warn: inconsistent returns '&ctx->map_changing_lock'.
vim +740 mm/userfaultfd.c
3217d3c79b5d7a Mike Rapoport 2017-09-06 570
973edec7cc120e Lokesh Gidra 2024-02-15 571 static __always_inline ssize_t mfill_atomic(struct userfaultfd_ctx *ctx,
c1a4de99fada21 Andrea Arcangeli 2015-09-04 572 unsigned long dst_start,
c1a4de99fada21 Andrea Arcangeli 2015-09-04 573 unsigned long src_start,
c1a4de99fada21 Andrea Arcangeli 2015-09-04 574 unsigned long len,
d9712937037e0c Axel Rasmussen 2023-03-14 575 uffd_flags_t flags)
c1a4de99fada21 Andrea Arcangeli 2015-09-04 576 {
973edec7cc120e Lokesh Gidra 2024-02-15 577 struct mm_struct *dst_mm = ctx->mm;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 578 struct vm_area_struct *dst_vma;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 579 ssize_t err;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 580 pmd_t *dst_pmd;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 581 unsigned long src_addr, dst_addr;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 582 long copied;
d7be6d7eee1bbf ZhangPeng 2023-04-10 583 struct folio *folio;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 584
c1a4de99fada21 Andrea Arcangeli 2015-09-04 585 /*
c1a4de99fada21 Andrea Arcangeli 2015-09-04 586 * Sanitize the command parameters:
c1a4de99fada21 Andrea Arcangeli 2015-09-04 587 */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 588 BUG_ON(dst_start & ~PAGE_MASK);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 589 BUG_ON(len & ~PAGE_MASK);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 590
c1a4de99fada21 Andrea Arcangeli 2015-09-04 591 /* Does the address range wrap, or is the span zero-sized? */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 592 BUG_ON(src_start + len <= src_start);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 593 BUG_ON(dst_start + len <= dst_start);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 594
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 595 src_addr = src_start;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 596 dst_addr = dst_start;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 597 copied = 0;
d7be6d7eee1bbf ZhangPeng 2023-04-10 598 folio = NULL;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 599 retry:
d8ed45c5dcd455 Michel Lespinasse 2020-06-08 600 mmap_read_lock(dst_mm);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 601
df2cc96e77011c Mike Rapoport 2018-06-07 602 /*
df2cc96e77011c Mike Rapoport 2018-06-07 603 * If memory mappings are changing because of non-cooperative
df2cc96e77011c Mike Rapoport 2018-06-07 604 * operation (e.g. mremap) running in parallel, bail out and
df2cc96e77011c Mike Rapoport 2018-06-07 605 * request the user to retry later
df2cc96e77011c Mike Rapoport 2018-06-07 606 */
973edec7cc120e Lokesh Gidra 2024-02-15 607 down_read(&ctx->map_changing_lock);
df2cc96e77011c Mike Rapoport 2018-06-07 608 err = -EAGAIN;
973edec7cc120e Lokesh Gidra 2024-02-15 609 if (atomic_read(&ctx->mmap_changing))
df2cc96e77011c Mike Rapoport 2018-06-07 610 goto out_unlock;
df2cc96e77011c Mike Rapoport 2018-06-07 611
c1a4de99fada21 Andrea Arcangeli 2015-09-04 612 /*
c1a4de99fada21 Andrea Arcangeli 2015-09-04 613 * Make sure the vma is not shared, that the dst range is
c1a4de99fada21 Andrea Arcangeli 2015-09-04 614 * both valid and fully within a single existing vma.
c1a4de99fada21 Andrea Arcangeli 2015-09-04 615 */
27d02568f529e9 Mike Rapoport 2017-02-24 616 err = -ENOENT;
643aa36eadebdc Wei Yang 2019-11-30 617 dst_vma = find_dst_vma(dst_mm, dst_start, len);
26071cedc519b8 Mike Rapoport 2017-02-22 618 if (!dst_vma)
26071cedc519b8 Mike Rapoport 2017-02-22 619 goto out_unlock;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 620
27d02568f529e9 Mike Rapoport 2017-02-24 621 err = -EINVAL;
27d02568f529e9 Mike Rapoport 2017-02-24 622 /*
27d02568f529e9 Mike Rapoport 2017-02-24 623 * shmem_zero_setup is invoked in mmap for MAP_ANONYMOUS|MAP_SHARED but
27d02568f529e9 Mike Rapoport 2017-02-24 624 * it will overwrite vm_ops, so vma_is_anonymous must return false.
27d02568f529e9 Mike Rapoport 2017-02-24 625 */
27d02568f529e9 Mike Rapoport 2017-02-24 626 if (WARN_ON_ONCE(vma_is_anonymous(dst_vma) &&
27d02568f529e9 Mike Rapoport 2017-02-24 627 dst_vma->vm_flags & VM_SHARED))
27d02568f529e9 Mike Rapoport 2017-02-24 628 goto out_unlock;
27d02568f529e9 Mike Rapoport 2017-02-24 629
72981e0e7b609c Andrea Arcangeli 2020-04-06 630 /*
72981e0e7b609c Andrea Arcangeli 2020-04-06 631 * validate 'mode' now that we know the dst_vma: don't allow
72981e0e7b609c Andrea Arcangeli 2020-04-06 632 * a wrprotect copy if the userfaultfd didn't register as WP.
72981e0e7b609c Andrea Arcangeli 2020-04-06 633 */
d9712937037e0c Axel Rasmussen 2023-03-14 634 if ((flags & MFILL_ATOMIC_WP) && !(dst_vma->vm_flags & VM_UFFD_WP))
72981e0e7b609c Andrea Arcangeli 2020-04-06 635 goto out_unlock;
72981e0e7b609c Andrea Arcangeli 2020-04-06 636
60d4d2d2b40e44 Mike Kravetz 2017-02-22 637 /*
60d4d2d2b40e44 Mike Kravetz 2017-02-22 638 * If this is a HUGETLB vma, pass off to appropriate routine
60d4d2d2b40e44 Mike Kravetz 2017-02-22 639 */
60d4d2d2b40e44 Mike Kravetz 2017-02-22 640 if (is_vm_hugetlb_page(dst_vma))
973edec7cc120e Lokesh Gidra 2024-02-15 641 return mfill_atomic_hugetlb(ctx, dst_vma, dst_start,
973edec7cc120e Lokesh Gidra 2024-02-15 642 src_start, len, flags);
60d4d2d2b40e44 Mike Kravetz 2017-02-22 643
26071cedc519b8 Mike Rapoport 2017-02-22 644 if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma))
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 645 goto out_unlock;
d9712937037e0c Axel Rasmussen 2023-03-14 646 if (!vma_is_shmem(dst_vma) &&
d9712937037e0c Axel Rasmussen 2023-03-14 647 uffd_flags_mode_is(flags, MFILL_ATOMIC_CONTINUE))
f619147104c8ea Axel Rasmussen 2021-05-04 648 goto out_unlock;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 649
c1a4de99fada21 Andrea Arcangeli 2015-09-04 650 /*
c1a4de99fada21 Andrea Arcangeli 2015-09-04 651 * Ensure the dst_vma has a anon_vma or this page
c1a4de99fada21 Andrea Arcangeli 2015-09-04 652 * would get a NULL anon_vma when moved in the
c1a4de99fada21 Andrea Arcangeli 2015-09-04 653 * dst_vma.
c1a4de99fada21 Andrea Arcangeli 2015-09-04 654 */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 655 err = -ENOMEM;
5b51072e97d587 Andrea Arcangeli 2018-11-30 656 if (!(dst_vma->vm_flags & VM_SHARED) &&
5b51072e97d587 Andrea Arcangeli 2018-11-30 657 unlikely(anon_vma_prepare(dst_vma)))
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 658 goto out_unlock;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 659
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 660 while (src_addr < src_start + len) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 661 pmd_t dst_pmdval;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 662
c1a4de99fada21 Andrea Arcangeli 2015-09-04 663 BUG_ON(dst_addr >= dst_start + len);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 664
c1a4de99fada21 Andrea Arcangeli 2015-09-04 665 dst_pmd = mm_alloc_pmd(dst_mm, dst_addr);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 666 if (unlikely(!dst_pmd)) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 667 err = -ENOMEM;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 668 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 669 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 670
dab6e717429e5e Peter Zijlstra 2020-11-26 671 dst_pmdval = pmdp_get_lockless(dst_pmd);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 672 /*
c1a4de99fada21 Andrea Arcangeli 2015-09-04 673 * If the dst_pmd is mapped as THP don't
c1a4de99fada21 Andrea Arcangeli 2015-09-04 674 * override it and just be strict.
c1a4de99fada21 Andrea Arcangeli 2015-09-04 675 */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 676 if (unlikely(pmd_trans_huge(dst_pmdval))) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 677 err = -EEXIST;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 678 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 679 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 680 if (unlikely(pmd_none(dst_pmdval)) &&
4cf58924951ef8 Joel Fernandes (Google 2019-01-03 681) unlikely(__pte_alloc(dst_mm, dst_pmd))) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 682 err = -ENOMEM;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 683 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 684 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 685 /* If an huge pmd materialized from under us fail */
c1a4de99fada21 Andrea Arcangeli 2015-09-04 686 if (unlikely(pmd_trans_huge(*dst_pmd))) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 687 err = -EFAULT;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 688 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 689 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 690
c1a4de99fada21 Andrea Arcangeli 2015-09-04 691 BUG_ON(pmd_none(*dst_pmd));
c1a4de99fada21 Andrea Arcangeli 2015-09-04 692 BUG_ON(pmd_trans_huge(*dst_pmd));
c1a4de99fada21 Andrea Arcangeli 2015-09-04 693
61c5004022f56c Axel Rasmussen 2023-03-14 694 err = mfill_atomic_pte(dst_pmd, dst_vma, dst_addr,
d7be6d7eee1bbf ZhangPeng 2023-04-10 695 src_addr, flags, &folio);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 696 cond_resched();
c1a4de99fada21 Andrea Arcangeli 2015-09-04 697
9e368259ad9883 Andrea Arcangeli 2018-11-30 698 if (unlikely(err == -ENOENT)) {
d7be6d7eee1bbf ZhangPeng 2023-04-10 699 void *kaddr;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 700
973edec7cc120e Lokesh Gidra 2024-02-15 701 up_read(&ctx->map_changing_lock);
d8ed45c5dcd455 Michel Lespinasse 2020-06-08 702 mmap_read_unlock(dst_mm);
d7be6d7eee1bbf ZhangPeng 2023-04-10 703 BUG_ON(!folio);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 704
d7be6d7eee1bbf ZhangPeng 2023-04-10 705 kaddr = kmap_local_folio(folio, 0);
d7be6d7eee1bbf ZhangPeng 2023-04-10 706 err = copy_from_user(kaddr,
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 707 (const void __user *) src_addr,
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 708 PAGE_SIZE);
d7be6d7eee1bbf ZhangPeng 2023-04-10 709 kunmap_local(kaddr);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 710 if (unlikely(err)) {
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 711 err = -EFAULT;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 712 goto out;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 713 }
d7be6d7eee1bbf ZhangPeng 2023-04-10 714 flush_dcache_folio(folio);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 715 goto retry;
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 716 } else
d7be6d7eee1bbf ZhangPeng 2023-04-10 717 BUG_ON(folio);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 718
c1a4de99fada21 Andrea Arcangeli 2015-09-04 719 if (!err) {
c1a4de99fada21 Andrea Arcangeli 2015-09-04 720 dst_addr += PAGE_SIZE;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 721 src_addr += PAGE_SIZE;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 722 copied += PAGE_SIZE;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 723
c1a4de99fada21 Andrea Arcangeli 2015-09-04 724 if (fatal_signal_pending(current))
c1a4de99fada21 Andrea Arcangeli 2015-09-04 725 err = -EINTR;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 726 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 727 if (err)
c1a4de99fada21 Andrea Arcangeli 2015-09-04 728 break;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 729 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 730
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 731 out_unlock:
973edec7cc120e Lokesh Gidra 2024-02-15 732 up_read(&ctx->map_changing_lock);
d8ed45c5dcd455 Michel Lespinasse 2020-06-08 733 mmap_read_unlock(dst_mm);
b6ebaedb4cb1a1 Andrea Arcangeli 2015-09-04 734 out:
d7be6d7eee1bbf ZhangPeng 2023-04-10 735 if (folio)
d7be6d7eee1bbf ZhangPeng 2023-04-10 736 folio_put(folio);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 737 BUG_ON(copied < 0);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 738 BUG_ON(err > 0);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 739 BUG_ON(!copied && !err);
c1a4de99fada21 Andrea Arcangeli 2015-09-04 @740 return copied ? copied : err;
c1a4de99fada21 Andrea Arcangeli 2015-09-04 741 }
c1a4de99fada21 Andrea Arcangeli 2015-09-04 742
:::::: The code at line 740 was first introduced by commit
:::::: c1a4de99fada21e2e9251e52cbb51eff5aadc757 userfaultfd: mcopy_atomic|mfill_zeropage: UFFDIO_COPY|UFFDIO_ZEROPAGE preparation
:::::: TO: Andrea Arcangeli <aarcange@redhat.com>
:::::: CC: Linus Torvalds <torvalds@linux-foundation.org>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-02-21 17:21 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-21 1:02 [linux-next:master 6780/8260] mm/userfaultfd.c:740 mfill_atomic() warn: inconsistent returns '&ctx->map_changing_lock' kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2024-02-21 17:20 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.