* [linux-next:master 9762/11953] mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
@ 2022-03-13 3:01 kernel test robot
2022-03-13 4:06 ` Matthew Wilcox
0 siblings, 1 reply; 4+ messages in thread
From: kernel test robot @ 2022-03-13 3:01 UTC (permalink / raw)
To: Matthew Wilcox (Oracle); +Cc: kbuild-all, Linux Memory Management List
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 71941773e143369a73c9c4a3b62fbb60736a1182
commit: b786e44a4dbfe64476e7120ec7990b89a37be37d [9762/11953] mm: Convert page_vma_mapped_walk to work on PFNs
config: riscv-randconfig-m031-20220312 (https://download.01.org/0day-ci/archive/20220313/202203131056.WINF40Gt-lkp@intel.com/config)
compiler: riscv64-linux-gcc (GCC) 11.2.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
smatch warnings:
mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
vim +246 mm/page_vma_mapped.c
126
127 /**
128 * page_vma_mapped_walk - check if @pvmw->pfn is mapped in @pvmw->vma at
129 * @pvmw->address
130 * @pvmw: pointer to struct page_vma_mapped_walk. page, vma, address and flags
131 * must be set. pmd, pte and ptl must be NULL.
132 *
133 * Returns true if the page is mapped in the vma. @pvmw->pmd and @pvmw->pte point
134 * to relevant page table entries. @pvmw->ptl is locked. @pvmw->address is
135 * adjusted if needed (for PTE-mapped THPs).
136 *
137 * If @pvmw->pmd is set but @pvmw->pte is not, you have found PMD-mapped page
138 * (usually THP). For PTE-mapped THP, you should run page_vma_mapped_walk() in
139 * a loop to find all PTEs that map the THP.
140 *
141 * For HugeTLB pages, @pvmw->pte is set to the relevant page table entry
142 * regardless of which page table level the page is mapped at. @pvmw->pmd is
143 * NULL.
144 *
145 * Returns false if there are no more page table entries for the page in
146 * the vma. @pvmw->ptl is unlocked and @pvmw->pte is unmapped.
147 *
148 * If you need to stop the walk before page_vma_mapped_walk() returned false,
149 * use page_vma_mapped_walk_done(). It will do the housekeeping.
150 */
151 bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
152 {
153 struct vm_area_struct *vma = pvmw->vma;
154 struct mm_struct *mm = vma->vm_mm;
155 unsigned long end;
156 pgd_t *pgd;
157 p4d_t *p4d;
158 pud_t *pud;
159 pmd_t pmde;
160
161 /* The only possible pmd mapping has been handled on last iteration */
162 if (pvmw->pmd && !pvmw->pte)
163 return not_found(pvmw);
164
165 if (unlikely(is_vm_hugetlb_page(vma))) {
166 unsigned long size = pvmw->nr_pages * PAGE_SIZE;
167 /* The only possible mapping was handled on last iteration */
168 if (pvmw->pte)
169 return not_found(pvmw);
170
171 /* when pud is not present, pte will be NULL */
172 pvmw->pte = huge_pte_offset(mm, pvmw->address, size);
173 if (!pvmw->pte)
174 return false;
175
176 pvmw->ptl = huge_pte_lockptr(size_to_hstate(size), mm,
177 pvmw->pte);
178 spin_lock(pvmw->ptl);
179 if (!check_pte(pvmw))
180 return not_found(pvmw);
181 return true;
182 }
183
184 end = vma_address_end(pvmw);
185 if (pvmw->pte)
186 goto next_pte;
187 restart:
188 do {
189 pgd = pgd_offset(mm, pvmw->address);
190 if (!pgd_present(*pgd)) {
191 step_forward(pvmw, PGDIR_SIZE);
192 continue;
193 }
194 p4d = p4d_offset(pgd, pvmw->address);
195 if (!p4d_present(*p4d)) {
196 step_forward(pvmw, P4D_SIZE);
197 continue;
198 }
199 pud = pud_offset(p4d, pvmw->address);
200 if (!pud_present(*pud)) {
201 step_forward(pvmw, PUD_SIZE);
202 continue;
203 }
204
205 pvmw->pmd = pmd_offset(pud, pvmw->address);
206 /*
207 * Make sure the pmd value isn't cached in a register by the
208 * compiler and used as a stale value after we've observed a
209 * subsequent update.
210 */
211 pmde = READ_ONCE(*pvmw->pmd);
212
213 if (pmd_trans_huge(pmde) || is_pmd_migration_entry(pmde)) {
214 pvmw->ptl = pmd_lock(mm, pvmw->pmd);
215 pmde = *pvmw->pmd;
216 if (likely(pmd_trans_huge(pmde))) {
217 if (pvmw->flags & PVMW_MIGRATION)
218 return not_found(pvmw);
219 if (!check_pmd(pmd_pfn(pmde), pvmw))
220 return not_found(pvmw);
221 return true;
222 }
223 if (!pmd_present(pmde)) {
224 swp_entry_t entry;
225
226 if (!thp_migration_supported() ||
227 !(pvmw->flags & PVMW_MIGRATION))
228 return not_found(pvmw);
229 entry = pmd_to_swp_entry(pmde);
230 if (!is_migration_entry(entry) ||
231 !check_pmd(swp_offset(entry), pvmw))
232 return not_found(pvmw);
233 return true;
234 }
235 /* THP pmd was split under us: handle on pte level */
236 spin_unlock(pvmw->ptl);
237 pvmw->ptl = NULL;
238 } else if (!pmd_present(pmde)) {
239 /*
240 * If PVMW_SYNC, take and drop THP pmd lock so that we
241 * cannot return prematurely, while zap_huge_pmd() has
242 * cleared *pmd but not decremented compound_mapcount().
243 */
244 if ((pvmw->flags & PVMW_SYNC) &&
245 transparent_hugepage_active(vma) &&
> 246 (pvmw->nr_pages >= HPAGE_PMD_NR)) {
247 spinlock_t *ptl = pmd_lock(mm, pvmw->pmd);
248
249 spin_unlock(ptl);
250 }
251 step_forward(pvmw, PMD_SIZE);
252 continue;
253 }
254 if (!map_pte(pvmw))
255 goto next_pte;
256 this_pte:
257 if (check_pte(pvmw))
258 return true;
259 next_pte:
260 do {
261 pvmw->address += PAGE_SIZE;
262 if (pvmw->address >= end)
263 return not_found(pvmw);
264 /* Did we cross page table boundary? */
265 if ((pvmw->address & (PMD_SIZE - PAGE_SIZE)) == 0) {
266 if (pvmw->ptl) {
267 spin_unlock(pvmw->ptl);
268 pvmw->ptl = NULL;
269 }
270 pte_unmap(pvmw->pte);
271 pvmw->pte = NULL;
272 goto restart;
273 }
274 pvmw->pte++;
275 if ((pvmw->flags & PVMW_SYNC) && !pvmw->ptl) {
276 pvmw->ptl = pte_lockptr(mm, pvmw->pmd);
277 spin_lock(pvmw->ptl);
278 }
279 } while (pte_none(*pvmw->pte));
280
281 if (!pvmw->ptl) {
282 pvmw->ptl = pte_lockptr(mm, pvmw->pmd);
283 spin_lock(pvmw->ptl);
284 }
285 goto this_pte;
286 } while (pvmw->address < end);
287
288 return false;
289 }
290
---
0-DAY CI Kernel Test Service
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [linux-next:master 9762/11953] mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
2022-03-13 3:01 [linux-next:master 9762/11953] mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)' kernel test robot
@ 2022-03-13 4:06 ` Matthew Wilcox
2022-03-14 13:30 ` Dan Carpenter
0 siblings, 1 reply; 4+ messages in thread
From: Matthew Wilcox @ 2022-03-13 4:06 UTC (permalink / raw)
To: kernel test robot; +Cc: kbuild-all, Linux Memory Management List, Dan Carpenter
On Sun, Mar 13, 2022 at 11:01:09AM +0800, kernel test robot wrote:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head: 71941773e143369a73c9c4a3b62fbb60736a1182
> commit: b786e44a4dbfe64476e7120ec7990b89a37be37d [9762/11953] mm: Convert page_vma_mapped_walk to work on PFNs
> config: riscv-randconfig-m031-20220312 (https://download.01.org/0day-ci/archive/20220313/202203131056.WINF40Gt-lkp@intel.com/config)
> compiler: riscv64-linux-gcc (GCC) 11.2.0
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
>
> smatch warnings:
> mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
Looks like a duplicate of https://lore.kernel.org/lkml/YgpzPru8aFA5sHOI@casper.infradead.org/
Dan, any thoughts? Do you consider this a false positive from smatch?
> vim +246 mm/page_vma_mapped.c
>
> 126
> 127 /**
> 128 * page_vma_mapped_walk - check if @pvmw->pfn is mapped in @pvmw->vma at
> 129 * @pvmw->address
> 130 * @pvmw: pointer to struct page_vma_mapped_walk. page, vma, address and flags
> 131 * must be set. pmd, pte and ptl must be NULL.
> 132 *
> 133 * Returns true if the page is mapped in the vma. @pvmw->pmd and @pvmw->pte point
> 134 * to relevant page table entries. @pvmw->ptl is locked. @pvmw->address is
> 135 * adjusted if needed (for PTE-mapped THPs).
> 136 *
> 137 * If @pvmw->pmd is set but @pvmw->pte is not, you have found PMD-mapped page
> 138 * (usually THP). For PTE-mapped THP, you should run page_vma_mapped_walk() in
> 139 * a loop to find all PTEs that map the THP.
> 140 *
> 141 * For HugeTLB pages, @pvmw->pte is set to the relevant page table entry
> 142 * regardless of which page table level the page is mapped at. @pvmw->pmd is
> 143 * NULL.
> 144 *
> 145 * Returns false if there are no more page table entries for the page in
> 146 * the vma. @pvmw->ptl is unlocked and @pvmw->pte is unmapped.
> 147 *
> 148 * If you need to stop the walk before page_vma_mapped_walk() returned false,
> 149 * use page_vma_mapped_walk_done(). It will do the housekeeping.
> 150 */
> 151 bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw)
> 152 {
> 153 struct vm_area_struct *vma = pvmw->vma;
> 154 struct mm_struct *mm = vma->vm_mm;
> 155 unsigned long end;
> 156 pgd_t *pgd;
> 157 p4d_t *p4d;
> 158 pud_t *pud;
> 159 pmd_t pmde;
> 160
> 161 /* The only possible pmd mapping has been handled on last iteration */
> 162 if (pvmw->pmd && !pvmw->pte)
> 163 return not_found(pvmw);
> 164
> 165 if (unlikely(is_vm_hugetlb_page(vma))) {
> 166 unsigned long size = pvmw->nr_pages * PAGE_SIZE;
> 167 /* The only possible mapping was handled on last iteration */
> 168 if (pvmw->pte)
> 169 return not_found(pvmw);
> 170
> 171 /* when pud is not present, pte will be NULL */
> 172 pvmw->pte = huge_pte_offset(mm, pvmw->address, size);
> 173 if (!pvmw->pte)
> 174 return false;
> 175
> 176 pvmw->ptl = huge_pte_lockptr(size_to_hstate(size), mm,
> 177 pvmw->pte);
> 178 spin_lock(pvmw->ptl);
> 179 if (!check_pte(pvmw))
> 180 return not_found(pvmw);
> 181 return true;
> 182 }
> 183
> 184 end = vma_address_end(pvmw);
> 185 if (pvmw->pte)
> 186 goto next_pte;
> 187 restart:
> 188 do {
> 189 pgd = pgd_offset(mm, pvmw->address);
> 190 if (!pgd_present(*pgd)) {
> 191 step_forward(pvmw, PGDIR_SIZE);
> 192 continue;
> 193 }
> 194 p4d = p4d_offset(pgd, pvmw->address);
> 195 if (!p4d_present(*p4d)) {
> 196 step_forward(pvmw, P4D_SIZE);
> 197 continue;
> 198 }
> 199 pud = pud_offset(p4d, pvmw->address);
> 200 if (!pud_present(*pud)) {
> 201 step_forward(pvmw, PUD_SIZE);
> 202 continue;
> 203 }
> 204
> 205 pvmw->pmd = pmd_offset(pud, pvmw->address);
> 206 /*
> 207 * Make sure the pmd value isn't cached in a register by the
> 208 * compiler and used as a stale value after we've observed a
> 209 * subsequent update.
> 210 */
> 211 pmde = READ_ONCE(*pvmw->pmd);
> 212
> 213 if (pmd_trans_huge(pmde) || is_pmd_migration_entry(pmde)) {
> 214 pvmw->ptl = pmd_lock(mm, pvmw->pmd);
> 215 pmde = *pvmw->pmd;
> 216 if (likely(pmd_trans_huge(pmde))) {
> 217 if (pvmw->flags & PVMW_MIGRATION)
> 218 return not_found(pvmw);
> 219 if (!check_pmd(pmd_pfn(pmde), pvmw))
> 220 return not_found(pvmw);
> 221 return true;
> 222 }
> 223 if (!pmd_present(pmde)) {
> 224 swp_entry_t entry;
> 225
> 226 if (!thp_migration_supported() ||
> 227 !(pvmw->flags & PVMW_MIGRATION))
> 228 return not_found(pvmw);
> 229 entry = pmd_to_swp_entry(pmde);
> 230 if (!is_migration_entry(entry) ||
> 231 !check_pmd(swp_offset(entry), pvmw))
> 232 return not_found(pvmw);
> 233 return true;
> 234 }
> 235 /* THP pmd was split under us: handle on pte level */
> 236 spin_unlock(pvmw->ptl);
> 237 pvmw->ptl = NULL;
> 238 } else if (!pmd_present(pmde)) {
> 239 /*
> 240 * If PVMW_SYNC, take and drop THP pmd lock so that we
> 241 * cannot return prematurely, while zap_huge_pmd() has
> 242 * cleared *pmd but not decremented compound_mapcount().
> 243 */
> 244 if ((pvmw->flags & PVMW_SYNC) &&
> 245 transparent_hugepage_active(vma) &&
> > 246 (pvmw->nr_pages >= HPAGE_PMD_NR)) {
> 247 spinlock_t *ptl = pmd_lock(mm, pvmw->pmd);
> 248
> 249 spin_unlock(ptl);
> 250 }
> 251 step_forward(pvmw, PMD_SIZE);
> 252 continue;
> 253 }
> 254 if (!map_pte(pvmw))
> 255 goto next_pte;
> 256 this_pte:
> 257 if (check_pte(pvmw))
> 258 return true;
> 259 next_pte:
> 260 do {
> 261 pvmw->address += PAGE_SIZE;
> 262 if (pvmw->address >= end)
> 263 return not_found(pvmw);
> 264 /* Did we cross page table boundary? */
> 265 if ((pvmw->address & (PMD_SIZE - PAGE_SIZE)) == 0) {
> 266 if (pvmw->ptl) {
> 267 spin_unlock(pvmw->ptl);
> 268 pvmw->ptl = NULL;
> 269 }
> 270 pte_unmap(pvmw->pte);
> 271 pvmw->pte = NULL;
> 272 goto restart;
> 273 }
> 274 pvmw->pte++;
> 275 if ((pvmw->flags & PVMW_SYNC) && !pvmw->ptl) {
> 276 pvmw->ptl = pte_lockptr(mm, pvmw->pmd);
> 277 spin_lock(pvmw->ptl);
> 278 }
> 279 } while (pte_none(*pvmw->pte));
> 280
> 281 if (!pvmw->ptl) {
> 282 pvmw->ptl = pte_lockptr(mm, pvmw->pmd);
> 283 spin_lock(pvmw->ptl);
> 284 }
> 285 goto this_pte;
> 286 } while (pvmw->address < end);
> 287
> 288 return false;
> 289 }
> 290
>
> ---
> 0-DAY CI Kernel Test Service
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [linux-next:master 9762/11953] mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
2022-03-13 4:06 ` Matthew Wilcox
@ 2022-03-14 13:30 ` Dan Carpenter
2022-03-14 13:36 ` Matthew Wilcox
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2022-03-14 13:30 UTC (permalink / raw)
To: Matthew Wilcox
Cc: kernel test robot, kbuild-all, Linux Memory Management List
On Sun, Mar 13, 2022 at 04:06:37AM +0000, Matthew Wilcox wrote:
> On Sun, Mar 13, 2022 at 11:01:09AM +0800, kernel test robot wrote:
> > tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> > head: 71941773e143369a73c9c4a3b62fbb60736a1182
> > commit: b786e44a4dbfe64476e7120ec7990b89a37be37d [9762/11953] mm: Convert page_vma_mapped_walk to work on PFNs
> > config: riscv-randconfig-m031-20220312 (https://download.01.org/0day-ci/archive/20220313/202203131056.WINF40Gt-lkp@intel.com/config )
> > compiler: riscv64-linux-gcc (GCC) 11.2.0
> >
> > If you fix the issue, kindly add following tag as appropriate
> > Reported-by: kernel test robot <lkp@intel.com>
> >
> > smatch warnings:
> > mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
>
> Looks like a duplicate of https://lore.kernel.org/lkml/YgpzPru8aFA5sHOI@casper.infradead.org/
>
> Dan, any thoughts? Do you consider this a false positive from smatch?
>
That's really weird that HPAGE_PMD_NR ends up as zero... Does it wrap
to zero?
Anyway, it would be easy to silence the warning based on that it's on an
impossible path but I think that's not the right idea.
if (is_impossible_path())
return;
A lot of the bugs that Smatch finds are in impossible to reach error
handling code. I'll instead silence it based on that the macro
definition changes. Add it to smatch_data/kernel.unconstant_macros:
- if (!possibly_false_rl(rl_left, expr->op, rl_right)) {
+ if (!possibly_false_rl(rl_left, expr->op, rl_right) &&
+ !is_unconstant_macro(expr->left) &&
+ !is_unconstant_macro(expr->right)) {
char *name = expr_to_str(expr);
sm_warning("always true condition '(%s) => (%s %s %s)'", name,
I'll test this out overnight, tonight.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [linux-next:master 9762/11953] mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
2022-03-14 13:30 ` Dan Carpenter
@ 2022-03-14 13:36 ` Matthew Wilcox
0 siblings, 0 replies; 4+ messages in thread
From: Matthew Wilcox @ 2022-03-14 13:36 UTC (permalink / raw)
To: Dan Carpenter; +Cc: kernel test robot, kbuild-all, Linux Memory Management List
On Mon, Mar 14, 2022 at 04:30:38PM +0300, Dan Carpenter wrote:
> On Sun, Mar 13, 2022 at 04:06:37AM +0000, Matthew Wilcox wrote:
> > On Sun, Mar 13, 2022 at 11:01:09AM +0800, kernel test robot wrote:
> > > tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> > > head: 71941773e143369a73c9c4a3b62fbb60736a1182
> > > commit: b786e44a4dbfe64476e7120ec7990b89a37be37d [9762/11953] mm: Convert page_vma_mapped_walk to work on PFNs
> > > config: riscv-randconfig-m031-20220312 (https://download.01.org/0day-ci/archive/20220313/202203131056.WINF40Gt-lkp@intel.com/config )
> > > compiler: riscv64-linux-gcc (GCC) 11.2.0
> > >
> > > If you fix the issue, kindly add following tag as appropriate
> > > Reported-by: kernel test robot <lkp@intel.com>
> > >
> > > smatch warnings:
> > > mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)'
> >
> > Looks like a duplicate of https://lore.kernel.org/lkml/YgpzPru8aFA5sHOI@casper.infradead.org/
> >
> > Dan, any thoughts? Do you consider this a false positive from smatch?
> >
>
> That's really weird that HPAGE_PMD_NR ends up as zero... Does it wrap
> to zero?
It's actually weirder than that:
#define HPAGE_PMD_SHIFT ({ BUILD_BUG(); 0; })
#define HPAGE_PMD_ORDER (HPAGE_PMD_SHIFT-PAGE_SHIFT)
#define HPAGE_PMD_NR (1<<HPAGE_PMD_ORDER)
so it should be (1<<(0-12))
> Anyway, it would be easy to silence the warning based on that it's on an
> impossible path but I think that's not the right idea.
>
> if (is_impossible_path())
> return;
>
> A lot of the bugs that Smatch finds are in impossible to reach error
> handling code. I'll instead silence it based on that the macro
> definition changes. Add it to smatch_data/kernel.unconstant_macros:
>
>
> - if (!possibly_false_rl(rl_left, expr->op, rl_right)) {
> + if (!possibly_false_rl(rl_left, expr->op, rl_right) &&
> + !is_unconstant_macro(expr->left) &&
> + !is_unconstant_macro(expr->right)) {
> char *name = expr_to_str(expr);
>
> sm_warning("always true condition '(%s) => (%s %s %s)'", name,
>
> I'll test this out overnight, tonight.
Thanks! I'd be happy to rearrange this code to avoid the smatch report,
but it's not quite clear to me how I could/should do that.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-14 13:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-13 3:01 [linux-next:master 9762/11953] mm/page_vma_mapped.c:246 page_vma_mapped_walk() warn: always true condition '(pvmw->nr_pages >= (1 << ( - (12)))) => (0-u64max >= 0)' kernel test robot
2022-03-13 4:06 ` Matthew Wilcox
2022-03-14 13:30 ` Dan Carpenter
2022-03-14 13:36 ` Matthew Wilcox
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox