From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AC68BC021A0 for ; Wed, 12 Feb 2025 15:13:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 14AAC6B0089; Wed, 12 Feb 2025 10:13:24 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0FB226B008A; Wed, 12 Feb 2025 10:13:24 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F04F86B008C; Wed, 12 Feb 2025 10:13:23 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D373C6B0089 for ; Wed, 12 Feb 2025 10:13:23 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 783514B4A2 for ; Wed, 12 Feb 2025 15:13:23 +0000 (UTC) X-FDA: 83111636286.13.C55B9C1 Received: from mail-ed1-f42.google.com (mail-ed1-f42.google.com [209.85.208.42]) by imf26.hostedemail.com (Postfix) with ESMTP id A1C2514000B for ; Wed, 12 Feb 2025 15:13:21 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=X0LWSVAm; spf=pass (imf26.hostedemail.com: domain of dan.carpenter@linaro.org designates 209.85.208.42 as permitted sender) smtp.mailfrom=dan.carpenter@linaro.org; dmarc=pass (policy=none) header.from=linaro.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739373201; a=rsa-sha256; cv=none; b=Rq/zXITh+vnvkxJ65DcHGh7ImgsHyEN1siiBvMc86Fo6RlQlXI9vVClKhLkKx3g4/gTRe2 YQrvwSIcAh2YDc1J3rNttT2WVjxTTB7XvMQcGGM79N8beZu19kNkPkpOxlAD1b9DWJAfSd dj7cz9Z5JMvDTHTZY8QKKt8bKA4SHaA= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=X0LWSVAm; spf=pass (imf26.hostedemail.com: domain of dan.carpenter@linaro.org designates 209.85.208.42 as permitted sender) smtp.mailfrom=dan.carpenter@linaro.org; dmarc=pass (policy=none) header.from=linaro.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739373201; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=GF+pDurYA55267lYgL9Tn5fF6TBXSwAl9FHSreg11ZM=; b=TUTVMXu3nNOcDWEmruUe9J4luMlnArmYuIAvBnEbDpbX0GqHIYNXxIeMYUR+kHp3TpGZIt CwrmG3s2oO/MMudC7XIbAqGjQDWtlgVbWvYqoCbKzDP+rNELuWmfgrSWmOd/rYYgMhrr+B hUvJFyiNXxw3jqp20DDXUbwRyYuzNFY= Received: by mail-ed1-f42.google.com with SMTP id 4fb4d7f45d1cf-5deb1266031so1340763a12.2 for ; Wed, 12 Feb 2025 07:13:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1739373200; x=1739978000; darn=kvack.org; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=GF+pDurYA55267lYgL9Tn5fF6TBXSwAl9FHSreg11ZM=; b=X0LWSVAmTf843x31P7hFpkKIW/q8x7iFsmJ4f3N3i+WCiUw1HwN1mYmeREhpbK3O8Q JmuHMS8H61nB0owc91KQcJlog07ZBYoGLYr9UxLrQnqUiWx41UGrKNWP6qrHYtsCGBdc Tw48NHkbOPk1ePtvSYTCBypsuCE6VoCzmTOrfD3sku3qIsP3Y4QSJdSuhPnKt4GwLM1N Uo+whhWuUtvQvHgIjgA7Xe7SPjXZnH68KoLgfG7m47JsTnCFxUPjslGxAk1HYr5CbxaU TbaOpQTT8yyPIw89HQz0cDghNwCVl4GwYy775sLN3LvO+gkJ96GZhAMvA3Wec1v9tsrv JLrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739373200; x=1739978000; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=GF+pDurYA55267lYgL9Tn5fF6TBXSwAl9FHSreg11ZM=; b=vb5tjHKZD1+xWzUgwtyHpEyGckBo982olKbp0ttlMjU2mc/T2xGsgTJpJYDw4piKuw E+OFMNdKBnzc2ly9NY8Z3ejGHB1FAErOJRMtJGcqmHaKS+eG3UE/jDBjxp+V7W+5shA0 JBsKXMy8NgivP/hx6Ep3/8hQl3Mz3rJgbuxUaLg7eyy3Ed48v9yOnmuKW6EFkF5e+tGX Zx6cEaOLPJnj181qwM2tdMT3CmZvCZF5wY3h7V+TBptGQ1srUakbPkCs9CLExETYNi7Y B/NsmbjcA+Rig7pKfpUhkbwZOfKMT1KyPk79+QqxEJcyOThU7sgjg6D/AS7Ol+tSEgdo KxWg== X-Gm-Message-State: AOJu0YxW8YExZ7L9h9dfgILPGps84fX/EKRw5wzj52G69RWluXQvls2E kI3VChL4vlbwLzonMUpZo7d+QhekAtje4xfEcBhfWOg6DgZoggDOKfk5/LnN3r0= X-Gm-Gg: ASbGncu87tWVvjiFJH7M7BHZuA8YkfkXJ/gNMDKe7XXMJcA4Jg6qyevO5fAZTlqwaNl dl/j4R3kztpA0m6ZnpT6L696k1oWTbQ3+6tLqCbbgmdCmvVPKOZvXv85zjlLT6/r3oe4SdNrAFr FdRbPII13/71bi6eVSL3Z3jGuZvAFso1LHfd9VnNPEgyvwmlAWF89Fv+xbXQEZe/+YQYtXhQUA9 UYdAs+jGPF+EpK2FgM86GXGMKmIp5Bwxo1I1StXLCNO1//PC5j82+uxRNhSaLMMTtCnqc7jUv9e 8IHhIpzYlfD9R5IpVkKY X-Google-Smtp-Source: AGHT+IF/nrM4hVf0x/bS9J0CBeTtiB9Qq3JYrTZzdvvVdiCwVtxrxzuhNETC6k+A29fxSr0PJeTQRA== X-Received: by 2002:a05:6402:460a:b0:5de:525c:53cb with SMTP id 4fb4d7f45d1cf-5deadd7d2c2mr3623465a12.6.1739373199836; Wed, 12 Feb 2025 07:13:19 -0800 (PST) Received: from localhost ([196.207.164.177]) by smtp.gmail.com with UTF8SMTPSA id 4fb4d7f45d1cf-5de5e24dfc9sm8699309a12.34.2025.02.12.07.13.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Feb 2025 07:13:19 -0800 (PST) Date: Wed, 12 Feb 2025 18:13:16 +0300 From: Dan Carpenter To: Zi Yan Cc: linux-mm@kvack.org Subject: [bug report] mm/huge_memory: add two new (not yet used) functions for folio_split() Message-ID: <2afe3d59-aca5-40f7-82a3-a6d976fb0f4f@stanley.mountain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Stat-Signature: zgz6qfdohhfr8dtuf3mywwqhxrx8duan X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: A1C2514000B X-Rspam-User: X-HE-Tag: 1739373201-243654 X-HE-Meta: U2FsdGVkX1/28mO52s2NHzCOF/ffEA88pw13Eg+f7lRQskVPR4afuzRAxngSHrs7aqdQDripAC5EwWCYPCkoLCr3vtO4XZCxBbnoGsv0AflM2bxLRC6XQnZY1Mf4W2wkj3lI6ZGIbqlFyHHU732ojG4puuCjH/oewfoxkbPMMECjh/2Gxv6ek4a5UCGqGno5KjJtiJ4Oci6NZhruzynyazLH00iC3A/ZIiWw2Jearsf2YhETtwuVruqEev+yhN2TNc+f1C5xRvQBt1ioOojKmcq3LjZQygpqpB2EsTGepHjRvxAgb0VsZppaFcisMuuoaOLeRFn2173ZedOIWlSonPxaR5HsM6s9GHBcR8LMaYWcxo22I6tXwVT+gbsWUNTW0Gouk9nf33VxFDhMnsiQY6E5lOyVm7wWNNu3OwkGhFCv/yqEWPcPpnsPUsaQqWjHzmvO1t7sVm5avFmMol5zPBnnwnYUwi4n8TVwuew256casWr+VBah3t0eq2qk9CFGNIxUtrOQW5NPtt3Rak3Wqrg2OOys+VhakGRSO727S9gyUbQjLd42m1nZboxxKryhJb048GSja7+zCdb0M7RVRRrgP6W5Oz8D+yRfOS45Kn/QaeYAQKQW428TEmksIsZXdBqTOLrqrPchmsLOC2O+j6vo2lfV4Zfa5CfcEb6PTutMP0Ygvdm+kk1Wk8UC0muCCCtg8DZP1Na3G2FULzacRe2gVIcwNh1qcKwYzeBfQ7SyvXc3ezFKLWuaMDgN1/PBvp/+LeTSc8JDYr+HEIyYyDKxiC3NJOLdLPS0tBnte5aHi3b7cq3SOnv8IYn9LaAgTqNhKKgg7y8ClGChje3ivT5jWmTQv72xM6J7/l4rlSeDNmbpu7SqlcHtYQW593pl3mJ4hfJPjsT2z2V4yiT1Sh6t3ZH8ThdUQ3ZqdaTAeR15ELQj+5CGNP6GI1Olsontk+elfIRiSG8/Htu3GF/ z+Dtu4/H rC2PKm7Ldq0FvWLk/FHfg88avknIGqqyooa3NDJVXhFSupa3Yx/xZTMvrHIbq5A+B2WvXvi/McxFvwCAc/LnjJ9TGCuDPMo1fTQxJH8aosDg6aQfQWUP6jj49vTWcf5Zms82xKy1sIz6Ipkv8o5ev2G/qdt1rQnMGDW/9xUenkBPZL0vNVUr9nlZFMW7bDhoAh/VUxLra3CBhxX3yRNwAEvk/9r2KMshQWGh3NcY4hg/p7T1tCQB2ocPVhWpaQuxHH62bWWh8oLonhz3rXNknewmzRdWsMGHHovYKd0mU+mK8dy229R6zmw8DbofpO1shedsJ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hello Zi Yan, Commit 1b7b0bed44e4 ("mm/huge_memory: add two new (not yet used) functions for folio_split()") from Feb 4, 2025 (linux-next), leads to the following Smatch static checker warning: mm/huge_memory.c:3611 __split_unmapped_folio() error: we previously assumed 'mapping' could be null (see line 3512) mm/huge_memory.c 3459 static int __split_unmapped_folio(struct folio *folio, int new_order, 3460 struct page *page, struct list_head *list, pgoff_t end, 3461 struct xa_state *xas, struct address_space *mapping, 3462 bool uniform_split) 3463 { 3464 struct lruvec *lruvec; 3465 struct address_space *swap_cache = NULL; 3466 struct folio *origin_folio = folio; 3467 struct folio *next_folio = folio_next(folio); 3468 struct folio *new_folio; 3469 struct folio *next; 3470 int order = folio_order(folio); 3471 int split_order; 3472 int start_order = uniform_split ? new_order : order - 1; 3473 int nr_dropped = 0; 3474 int ret = 0; 3475 bool stop_split = false; 3476 3477 if (folio_test_anon(folio) && folio_test_swapcache(folio)) { 3478 /* a swapcache folio can only be uniformly split to order-0 */ 3479 if (!uniform_split || new_order != 0) 3480 return -EINVAL; 3481 3482 swap_cache = swap_address_space(folio->swap); 3483 xa_lock(&swap_cache->i_pages); 3484 } 3485 3486 if (folio_test_anon(folio)) 3487 mod_mthp_stat(order, MTHP_STAT_NR_ANON, -1); 3488 3489 /* lock lru list/PageCompound, ref frozen by page_ref_freeze */ 3490 lruvec = folio_lruvec_lock(folio); 3491 3492 folio_clear_has_hwpoisoned(folio); 3493 3494 /* 3495 * split to new_order one order at a time. For uniform split, 3496 * folio is split to new_order directly. 3497 */ 3498 for (split_order = start_order; 3499 split_order >= new_order && !stop_split; 3500 split_order--) { 3501 int old_order = folio_order(folio); 3502 struct folio *release; 3503 struct folio *end_folio = folio_next(folio); 3504 int status; 3505 3506 /* order-1 anonymous folio is not supported */ 3507 if (folio_test_anon(folio) && split_order == 1) 3508 continue; 3509 if (uniform_split && split_order != new_order) 3510 continue; 3511 3512 if (mapping) { ^^^^^^^ Here we assume mapping can be NULL. 3513 /* 3514 * uniform split has xas_split_alloc() called before 3515 * irq is disabled, since xas_nomem() might not be 3516 * able to allocate enough memory. 3517 */ 3518 if (uniform_split) 3519 xas_split(xas, folio, old_order); 3520 else { 3521 xas_set_order(xas, folio->index, split_order); 3522 xas_split_alloc(xas, folio, folio_order(folio), 3523 GFP_NOWAIT); 3524 if (xas_error(xas)) { 3525 ret = xas_error(xas); 3526 stop_split = true; 3527 goto after_split; 3528 } 3529 xas_split(xas, folio, old_order); 3530 } 3531 } 3532 3533 /* complete memcg works before add pages to LRU */ 3534 split_page_memcg(&folio->page, old_order, split_order); 3535 split_page_owner(&folio->page, old_order, split_order); 3536 pgalloc_tag_split(folio, old_order, split_order); 3537 3538 status = __split_folio_to_order(folio, split_order); 3539 3540 if (status < 0) { 3541 stop_split = true; 3542 ret = -EINVAL; 3543 } 3544 3545 after_split: 3546 /* 3547 * Iterate through after-split folios and perform related 3548 * operations. But in buddy allocator like split, the folio 3549 * containing the specified page is skipped until its order 3550 * is new_order, since the folio will be worked on in next 3551 * iteration. 3552 */ 3553 for (release = folio, next = folio_next(folio); 3554 release != end_folio; 3555 release = next, next = folio_next(next)) { 3556 /* 3557 * for buddy allocator like split, the folio containing 3558 * page will be split next and should not be released, 3559 * until the folio's order is new_order or stop_split 3560 * is set to true by the above xas_split() failure. 3561 */ 3562 if (release == page_folio(page)) { 3563 folio = release; 3564 if (split_order != new_order && !stop_split) 3565 continue; 3566 } 3567 if (folio_test_anon(release)) { 3568 mod_mthp_stat(folio_order(release), 3569 MTHP_STAT_NR_ANON, 1); 3570 } 3571 3572 /* 3573 * Unfreeze refcount first. Additional reference from 3574 * page cache. 3575 */ 3576 folio_ref_unfreeze(release, 3577 1 + ((!folio_test_anon(origin_folio) || 3578 folio_test_swapcache(origin_folio)) ? 3579 folio_nr_pages(release) : 0)); 3580 3581 if (release != origin_folio) 3582 lru_add_page_tail(origin_folio, &release->page, 3583 lruvec, list); 3584 3585 /* Some pages can be beyond EOF: drop them from page cache */ 3586 if (release->index >= end) { 3587 if (shmem_mapping(origin_folio->mapping)) 3588 nr_dropped += folio_nr_pages(release); 3589 else if (folio_test_clear_dirty(release)) 3590 folio_account_cleaned(release, 3591 inode_to_wb(origin_folio->mapping->host)); 3592 __filemap_remove_folio(release, NULL); 3593 folio_put(release); 3594 } else if (!folio_test_anon(release)) { 3595 __xa_store(&origin_folio->mapping->i_pages, 3596 release->index, &release->page, 0); 3597 } else if (swap_cache) { 3598 __xa_store(&swap_cache->i_pages, 3599 swap_cache_index(release->swap), 3600 &release->page, 0); 3601 } 3602 } 3603 } 3604 3605 unlock_page_lruvec(lruvec); 3606 3607 if (folio_test_anon(origin_folio)) { 3608 if (folio_test_swapcache(origin_folio)) 3609 xa_unlock(&swap_cache->i_pages); 3610 } else --> 3611 xa_unlock(&mapping->i_pages); Dereferenced without checking. 3612 3613 /* Caller disabled irqs, so they are still disabled here */ 3614 local_irq_enable(); 3615 3616 if (nr_dropped) 3617 shmem_uncharge(mapping->host, nr_dropped); ^^^^^^^^^^^^^ Here too. 3618 3619 remap_page(origin_folio, 1 << order, 3620 folio_test_anon(origin_folio) ? 3621 RMP_USE_SHARED_ZEROPAGE : 0); regards, dan carpenter