From: Matthew Wilcox <willy@infradead.org>
To: kernel test robot <lkp@intel.com>
Cc: kbuild-all@lists.01.org,
Linux Memory Management List <linux-mm@kvack.org>,
Dan Carpenter <dan.carpenter@oracle.com>
Subject: Re: [linux-next:master 9762/11953] mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
Date: Sun, 13 Mar 2022 04:06:37 +0000 [thread overview]
Message-ID: <Yi1tzd6m6o6liiKN@casper.infradead.org> (raw)
In-Reply-To: <202203131056.WINF40Gt-lkp@intel.com>
On Sun, Mar 13, 2022 at 11:01:09AM +0800, kernel test robot wrote:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head: 71941773e143369a73c9c4a3b62fbb60736a1182
> commit: b786e44a4dbfe64476e7120ec7990b89a37be37d [9762/11953] mm: Convert page_vma_mapped_walk to work on PFNs
> config: riscv-randconfig-m031-20220312 (https://download.01.org/0day-ci/archive/20220313/202203131056.WINF40Gt-lkp@intel.com/config)
> compiler: riscv64-linux-gcc (GCC) 11.2.0
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
>
> smatch warnings:
> mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
Looks like a duplicate of https://lore.kernel.org/lkml/YgpzPru8aFA5sHOI@casper.infradead.org/
Dan, any thoughts? Do you consider this a false positive from smatch?
> vim +246 mm/page_vma_mapped.c
>
> 126
> 127 /**
> 128 * page_vma_mapped_walk - check if @pvmw->pfn is mapped in @pvmw->vma at
> 129 * @pvmw->address
> 130 * @pvmw: pointer to struct page_vma_mapped_walk. page, vma, address and flags
> 131 * must be set. pmd, pte and ptl must be NULL.
> 132 *
> 133 * Returns true if the page is mapped in the vma. @pvmw->pmd and @pvmw->pte point
> 134 * to relevant page table entries. @pvmw->ptl is locked. @pvmw->address is
> 135 * adjusted if needed (for PTE-mapped THPs).
> 136 *
> 137 * If @pvmw->pmd is set but @pvmw->pte is not, you have found PMD-mapped page
> 138 * (usually THP). For PTE-mapped THP, you should run page_vma_mapped_walk() in
> 139 * a loop to find all PTEs that map the THP.
> 140 *
> 141 * For HugeTLB pages, @pvmw->pte is set to the relevant page table entry
> 142 * regardless of which page table level the page is mapped at. @pvmw->pmd is
> 143 * NULL.
> 144 *
> 145 * Returns false if there are no more page table entries for the page in
> 146 * the vma. @pvmw->ptl is unlocked and @pvmw->pte is unmapped.
> 147 *
> 148 * If you need to stop the walk before page_vma_mapped_walk() returned false,
> 149 * use page_vma_mapped_walk_done(). It will do the housekeeping.
> 150 */
> 151 bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
> 152 {
> 153 struct vm_area_struct *vma = pvmw->vma;
> 154 struct mm_struct *mm = vma->vm_mm;
> 155 unsigned long end;
> 156 pgd_t *pgd;
> 157 p4d_t *p4d;
> 158 pud_t *pud;
> 159 pmd_t pmde;
> 160
> 161 /* The only possible pmd mapping has been handled on last iteration */
> 162 if (pvmw->pmd && !pvmw->pte)
> 163 return not_found(pvmw);
> 164
> 165 if (unlikely(is_vm_hugetlb_page(vma))) {
> 166 unsigned long size = pvmw->nr_pages * PAGE_SIZE;
> 167 /* The only possible mapping was handled on last iteration */
> 168 if (pvmw->pte)
> 169 return not_found(pvmw);
> 170
> 171 /* when pud is not present, pte will be NULL */
> 172 pvmw->pte = huge_pte_offset(mm, pvmw->address, size);
> 173 if (!pvmw->pte)
> 174 return false;
> 175
> 176 pvmw->ptl = huge_pte_lockptr(size_to_hstate(size), mm,
> 177 pvmw->pte);
> 178 spin_lock(pvmw->ptl);
> 179 if (!check_pte(pvmw))
> 180 return not_found(pvmw);
> 181 return true;
> 182 }
> 183
> 184 end = vma_address_end(pvmw);
> 185 if (pvmw->pte)
> 186 goto next_pte;
> 187 restart:
> 188 do {
> 189 pgd = pgd_offset(mm, pvmw->address);
> 190 if (!pgd_present(*pgd)) {
> 191 step_forward(pvmw, PGDIR_SIZE);
> 192 continue;
> 193 }
> 194 p4d = p4d_offset(pgd, pvmw->address);
> 195 if (!p4d_present(*p4d)) {
> 196 step_forward(pvmw, P4D_SIZE);
> 197 continue;
> 198 }
> 199 pud = pud_offset(p4d, pvmw->address);
> 200 if (!pud_present(*pud)) {
> 201 step_forward(pvmw, PUD_SIZE);
> 202 continue;
> 203 }
> 204
> 205 pvmw->pmd = pmd_offset(pud, pvmw->address);
> 206 /*
> 207 * Make sure the pmd value isn't cached in a register by the
> 208 * compiler and used as a stale value after we've observed a
> 209 * subsequent update.
> 210 */
> 211 pmde = READ_ONCE(*pvmw->pmd);
> 212
> 213 if (pmd_trans_huge(pmde) || is_pmd_migration_entry(pmde)) {
> 214 pvmw->ptl = pmd_lock(mm, pvmw->pmd);
> 215 pmde = *pvmw->pmd;
> 216 if (likely(pmd_trans_huge(pmde))) {
> 217 if (pvmw->flags & PVMW_MIGRATION)
> 218 return not_found(pvmw);
> 219 if (!check_pmd(pmd_pfn(pmde), pvmw))
> 220 return not_found(pvmw);
> 221 return true;
> 222 }
> 223 if (!pmd_present(pmde)) {
> 224 swp_entry_t entry;
> 225
> 226 if (!thp_migration_supported() ||
> 227 !(pvmw->flags & PVMW_MIGRATION))
> 228 return not_found(pvmw);
> 229 entry = pmd_to_swp_entry(pmde);
> 230 if (!is_migration_entry(entry) ||
> 231 !check_pmd(swp_offset(entry), pvmw))
> 232 return not_found(pvmw);
> 233 return true;
> 234 }
> 235 /* THP pmd was split under us: handle on pte level */
> 236 spin_unlock(pvmw->ptl);
> 237 pvmw->ptl = NULL;
> 238 } else if (!pmd_present(pmde)) {
> 239 /*
> 240 * If PVMW_SYNC, take and drop THP pmd lock so that we
> 241 * cannot return prematurely, while zap_huge_pmd() has
> 242 * cleared *pmd but not decremented compound_mapcount().
> 243 */
> 244 if ((pvmw->flags & PVMW_SYNC) &&
> 245 transparent_hugepage_active(vma) &&
> > 246 (pvmw->nr_pages >= HPAGE_PMD_NR)) {
> 247 spinlock_t *ptl = pmd_lock(mm, pvmw->pmd);
> 248
> 249 spin_unlock(ptl);
> 250 }
> 251 step_forward(pvmw, PMD_SIZE);
> 252 continue;
> 253 }
> 254 if (!map_pte(pvmw))
> 255 goto next_pte;
> 256 this_pte:
> 257 if (check_pte(pvmw))
> 258 return true;
> 259 next_pte:
> 260 do {
> 261 pvmw->address += PAGE_SIZE;
> 262 if (pvmw->address >= end)
> 263 return not_found(pvmw);
> 264 /* Did we cross page table boundary? */
> 265 if ((pvmw->address & (PMD_SIZE - PAGE_SIZE)) == 0) {
> 266 if (pvmw->ptl) {
> 267 spin_unlock(pvmw->ptl);
> 268 pvmw->ptl = NULL;
> 269 }
> 270 pte_unmap(pvmw->pte);
> 271 pvmw->pte = NULL;
> 272 goto restart;
> 273 }
> 274 pvmw->pte++;
> 275 if ((pvmw->flags & PVMW_SYNC) && !pvmw->ptl) {
> 276 pvmw->ptl = pte_lockptr(mm, pvmw->pmd);
> 277 spin_lock(pvmw->ptl);
> 278 }
> 279 } while (pte_none(*pvmw->pte));
> 280
> 281 if (!pvmw->ptl) {
> 282 pvmw->ptl = pte_lockptr(mm, pvmw->pmd);
> 283 spin_lock(pvmw->ptl);
> 284 }
> 285 goto this_pte;
> 286 } while (pvmw->address < end);
> 287
> 288 return false;
> 289 }
> 290
>
> ---
> 0-DAY CI Kernel Test Service
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
next prev parent reply other threads:[~2022-03-13 4:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-13 3:01 kernel test robot
2022-03-13 4:06 ` Matthew Wilcox [this message]
2022-03-14 13:30 ` Dan Carpenter
2022-03-14 13:36 ` Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yi1tzd6m6o6liiKN@casper.infradead.org \
--to=willy@infradead.org \
--cc=dan.carpenter@oracle.com \
--cc=kbuild-all@lists.01.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox