[PATCH 1/2] mm/khugepaged: Fix an uninitialized variable bug

[PATCH 1/2] mm/khugepaged: Fix an uninitialized variable bug

[Dan Carpenter]

Smatch complains that "hpage" can be used uninitialized:

    mm/khugepaged.c:1234 collapse_huge_page()
    error: uninitialized symbol 'hpage'.

Initialized it on this path.

Fixes: 50ad2f24b3b4 ("mm/khugepaged: propagate enum scan_result codes back to callers")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
From static analysis.  Not tested.

 mm/khugepaged.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 0622f8a5175d..a25f5b7c3e7e 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1062,8 +1062,10 @@ static int alloc_charge_hpage(struct page **hpage, struct mm_struct *mm,
 	int node = hpage_collapse_find_target_node(cc);
 	struct folio *folio;
 
-	if (!hpage_collapse_alloc_folio(&folio, gfp, node, &cc->alloc_nmask))
+	if (!hpage_collapse_alloc_folio(&folio, gfp, node, &cc->alloc_nmask)) {
+		*hpage = NULL;
 		return SCAN_ALLOC_HUGE_PAGE_FAIL;
+	}
 
 	if (unlikely(mem_cgroup_charge(folio, mm, gfp))) {
 		folio_put(folio);
-- 
2.42.0

[PATCH 2/2] mm/khugepaged: Fix a NULL vs IS_ERR() bug in collapse_pte_mapped_thp()

[Dan Carpenter]

This was changed from find_lock_page() which returns NULL to
filemap_lock_folio() which returns error pointers.  Update the
error checking to match.

Fixes: 8f5654d233e3 ("mm/khugepaged: convert collapse_pte_mapped_thp() to use folios")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 mm/khugepaged.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index a25f5b7c3e7e..d977eb50704a 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1508,7 +1508,7 @@ int collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr,
 
 	folio = filemap_lock_folio(vma->vm_file->f_mapping,
 			       linear_page_index(vma, haddr));
-	if (!folio)
+	if (IS_ERR(folio))
 		return SCAN_PAGE_NULL;
 
 	if (folio_order(folio) != HPAGE_PMD_ORDER) {
-- 
2.42.0

Re: [PATCH 1/2] mm/khugepaged: Fix an uninitialized variable bug

[Andrew Morton]

On Fri, 20 Oct 2023 17:13:32 +0300 Dan Carpenter <dan.carpenter@linaro.org> wrote:

> Smatch complains that "hpage" can be used uninitialized:
> 
>     mm/khugepaged.c:1234 collapse_huge_page()
>     error: uninitialized symbol 'hpage'.
> 
> Initialized it on this path.
> 
> --- a/mm/khugepaged.c
> +++ b/mm/khugepaged.c
> @@ -1062,8 +1062,10 @@ static int alloc_charge_hpage(struct page **hpage, struct mm_struct *mm,
>  	int node = hpage_collapse_find_target_node(cc);
>  	struct folio *folio;
>  
> -	if (!hpage_collapse_alloc_folio(&folio, gfp, node, &cc->alloc_nmask))
> +	if (!hpage_collapse_alloc_folio(&folio, gfp, node, &cc->alloc_nmask)) {
> +		*hpage = NULL;
>  		return SCAN_ALLOC_HUGE_PAGE_FAIL;
> +	}
>  
>  	if (unlikely(mem_cgroup_charge(folio, mm, gfp))) {
>  		folio_put(folio);

Thanks.   Seems this was accidentally fixed by 

Author:     Peter Xu <peterx@redhat.com>
AuthorDate: Wed Feb 22 14:52:47 2023 -0500
Commit:     Andrew Morton <akpm@linux-foundation.org>
CommitDate: Tue Mar 28 16:20:06 2023 -0700

    mm/khugepaged: alloc_charge_hpage() take care of mem charge errors


Which was quite a long time ago.  Are you scanning old kernel versions?

Re: [PATCH 2/2] mm/khugepaged: Fix a NULL vs IS_ERR() bug in collapse_pte_mapped_thp()

[Andrew Morton]

On Fri, 20 Oct 2023 17:14:36 +0300 Dan Carpenter <dan.carpenter@linaro.org> wrote:

> This was changed from find_lock_page() which returns NULL to
> filemap_lock_folio() which returns error pointers.  Update the
> error checking to match.
> 
> --- a/mm/khugepaged.c
> +++ b/mm/khugepaged.c
> @@ -1508,7 +1508,7 @@ int collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr,
>  
>  	folio = filemap_lock_folio(vma->vm_file->f_mapping,
>  			       linear_page_index(vma, haddr));
> -	if (!folio)
> +	if (IS_ERR(folio))
>  		return SCAN_PAGE_NULL;
>  
>  	if (folio_order(folio) != HPAGE_PMD_ORDER) {

Also doesn't appear applicable to current kernels?

Re: [PATCH 2/2] mm/khugepaged: Fix a NULL vs IS_ERR() bug in collapse_pte_mapped_thp()

[Vishal Moola]

On Fri, Oct 20, 2023 at 9:36 AM Andrew Morton <akpm@linux-foundation.org> wrote:
>
> On Fri, 20 Oct 2023 17:14:36 +0300 Dan Carpenter <dan.carpenter@linaro.org> wrote:
>
> > This was changed from find_lock_page() which returns NULL to
> > filemap_lock_folio() which returns error pointers.  Update the
> > error checking to match.
> >
> > --- a/mm/khugepaged.c
> > +++ b/mm/khugepaged.c
> > @@ -1508,7 +1508,7 @@ int collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr,
> >
> >       folio = filemap_lock_folio(vma->vm_file->f_mapping,
> >                              linear_page_index(vma, haddr));
> > -     if (!folio)
> > +     if (IS_ERR(folio))
> >               return SCAN_PAGE_NULL;
> >
> >       if (folio_order(folio) != HPAGE_PMD_ORDER) {
>
> Also doesn't appear applicable to current kernels?

Thanks for these. Both these fix patches address issues introduced by my
khugepaged folio conversion patchset:
https://lore.kernel.org/linux-mm/20231018203213.50224-1-vishal.moola@gmail.com/T/#t

Andrew already dropped the patchset from current kernels so I can fix a
couple issues, v3 will include all these fixes.

Re: [PATCH 1/2] mm/khugepaged: Fix an uninitialized variable bug

[Dan Carpenter]

On Fri, Oct 20, 2023 at 09:34:07AM -0700, Andrew Morton wrote:
> On Fri, 20 Oct 2023 17:13:32 +0300 Dan Carpenter <dan.carpenter@linaro.org> wrote:
> 
> > Smatch complains that "hpage" can be used uninitialized:
> > 
> >     mm/khugepaged.c:1234 collapse_huge_page()
> >     error: uninitialized symbol 'hpage'.
> > 
> > Initialized it on this path.
> > 
> > --- a/mm/khugepaged.c
> > +++ b/mm/khugepaged.c
> > @@ -1062,8 +1062,10 @@ static int alloc_charge_hpage(struct page **hpage, struct mm_struct *mm,
> >  	int node = hpage_collapse_find_target_node(cc);
> >  	struct folio *folio;
> >  
> > -	if (!hpage_collapse_alloc_folio(&folio, gfp, node, &cc->alloc_nmask))
> > +	if (!hpage_collapse_alloc_folio(&folio, gfp, node, &cc->alloc_nmask)) {
> > +		*hpage = NULL;
> >  		return SCAN_ALLOC_HUGE_PAGE_FAIL;
> > +	}
> >  
> >  	if (unlikely(mem_cgroup_charge(folio, mm, gfp))) {
> >  		folio_put(folio);
> 
> Thanks.   Seems this was accidentally fixed by 
> 
> Author:     Peter Xu <peterx@redhat.com>
> AuthorDate: Wed Feb 22 14:52:47 2023 -0500
> Commit:     Andrew Morton <akpm@linux-foundation.org>
> CommitDate: Tue Mar 28 16:20:06 2023 -0700
> 
>     mm/khugepaged: alloc_charge_hpage() take care of mem charge errors
> 
> 
> Which was quite a long time ago.  Are you scanning old kernel versions?

There are two error paths.  Peter's patch changed the second
SCAN_CGROUP_CHARGE_FAIL error path but left the first
SCAN_ALLOC_HUGE_PAGE_FAIL error path.

To be honest, it's probably a better idea to just add a *hpage = NULL
at the start of the function.

regards,
dan carpenter

Re: [PATCH 2/2] mm/khugepaged: Fix a NULL vs IS_ERR() bug in collapse_pte_mapped_thp()

[Dan Carpenter]

On Fri, Oct 20, 2023 at 09:49:15AM -0700, Vishal Moola wrote:
> On Fri, Oct 20, 2023 at 9:36 AM Andrew Morton <akpm@linux-foundation.org> wrote:
> >
> > On Fri, 20 Oct 2023 17:14:36 +0300 Dan Carpenter <dan.carpenter@linaro.org> wrote:
> >
> > > This was changed from find_lock_page() which returns NULL to
> > > filemap_lock_folio() which returns error pointers.  Update the
> > > error checking to match.
> > >
> > > --- a/mm/khugepaged.c
> > > +++ b/mm/khugepaged.c
> > > @@ -1508,7 +1508,7 @@ int collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr,
> > >
> > >       folio = filemap_lock_folio(vma->vm_file->f_mapping,
> > >                              linear_page_index(vma, haddr));
> > > -     if (!folio)
> > > +     if (IS_ERR(folio))
> > >               return SCAN_PAGE_NULL;
> > >
> > >       if (folio_order(folio) != HPAGE_PMD_ORDER) {
> >
> > Also doesn't appear applicable to current kernels?
> 
> Thanks for these. Both these fix patches address issues introduced by my
> khugepaged folio conversion patchset:
> https://lore.kernel.org/linux-mm/20231018203213.50224-1-vishal.moola@gmail.com/T/#t
> 
> Andrew already dropped the patchset from current kernels so I can fix a
> couple issues, v3 will include all these fixes.


Only this one was introduced by your patchset.  The other bug is older.
I don't know why it only showed up as a new bug now.  I had guessed that
it was other changes I had made to Smatch which affected this.

regards,
dan carpenter

Re: [PATCH 2/2] mm/khugepaged: Fix a NULL vs IS_ERR() bug in collapse_pte_mapped_thp()

[Dan Carpenter]

On Mon, Oct 23, 2023 at 07:59:12AM +0300, Dan Carpenter wrote:
> On Fri, Oct 20, 2023 at 09:49:15AM -0700, Vishal Moola wrote:
> > On Fri, Oct 20, 2023 at 9:36 AM Andrew Morton <akpm@linux-foundation.org> wrote:
> > >
> > > On Fri, 20 Oct 2023 17:14:36 +0300 Dan Carpenter <dan.carpenter@linaro.org> wrote:
> > >
> > > > This was changed from find_lock_page() which returns NULL to
> > > > filemap_lock_folio() which returns error pointers.  Update the
> > > > error checking to match.
> > > >
> > > > --- a/mm/khugepaged.c
> > > > +++ b/mm/khugepaged.c
> > > > @@ -1508,7 +1508,7 @@ int collapse_pte_mapped_thp(struct mm_struct *mm, unsigned long addr,
> > > >
> > > >       folio = filemap_lock_folio(vma->vm_file->f_mapping,
> > > >                              linear_page_index(vma, haddr));
> > > > -     if (!folio)
> > > > +     if (IS_ERR(folio))
> > > >               return SCAN_PAGE_NULL;
> > > >
> > > >       if (folio_order(folio) != HPAGE_PMD_ORDER) {
> > >
> > > Also doesn't appear applicable to current kernels?
> > 
> > Thanks for these. Both these fix patches address issues introduced by my
> > khugepaged folio conversion patchset:
> > https://lore.kernel.org/linux-mm/20231018203213.50224-1-vishal.moola@gmail.com/T/#t
> > 
> > Andrew already dropped the patchset from current kernels so I can fix a
> > couple issues, v3 will include all these fixes.
> 
> 
> Only this one was introduced by your patchset.  The other bug is older.
> I don't know why it only showed up as a new bug now.  I had guessed that
> it was other changes I had made to Smatch which affected this.

Heh.  Nope.  I was wrong.  These were both introduces as part of the
folio conversion patchset.

Thanks for taking care of this, Vishal.

regards,
dan carpenter