From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9F1B4CDB47E for ; Wed, 18 Oct 2023 08:54:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1E2518D0018; Wed, 18 Oct 2023 04:54:58 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 192978D0016; Wed, 18 Oct 2023 04:54:58 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 05B0C8D0018; Wed, 18 Oct 2023 04:54:58 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id E7EFF8D0016 for ; Wed, 18 Oct 2023 04:54:57 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id B65121CBF6D for ; Wed, 18 Oct 2023 08:54:57 +0000 (UTC) X-FDA: 81357972234.18.3B41D78 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf30.hostedemail.com (Postfix) with ESMTP id DB04D80002 for ; Wed, 18 Oct 2023 08:54:54 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=aQ7y0Its; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf30.hostedemail.com: domain of bhe@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=bhe@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697619295; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pp5sXxU1MFlNUtAtVI0C/KnM/d5Lryu4hPhDsWo2s0M=; b=MvbcQfKnmoFL+rHu4odKoYf64wrqNzyuaCn6OwLmiqxJARUhhHl53BCXfxqxB0kWG0rDmg gNBSJCDpEHNZyBaXShRj55RWlw9t0aoxXm+ak3qrufAcsSkFhEtr7IIUMT1LPwqWjiGCXn cqtCZrUEkQULF7ZyrHVl902XT4o6zBw= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=aQ7y0Its; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf30.hostedemail.com: domain of bhe@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=bhe@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697619295; a=rsa-sha256; cv=none; b=BMiyJ0ow2+NtmGIlWXmRY7iqHL7YAt93bEDfL+gNCFsIMEBG+QBBpir2UQoa9Bnva4RGAc P17cV66qVaWLm0Q/zmptFtCN86dwfj6ZQ6jur8CkEVz2gbuB0NMjg/uftG4NQJUppGRPAM pWVpKJcIF5GvlIw4i6H7mdE87EkK+98= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1697619294; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=pp5sXxU1MFlNUtAtVI0C/KnM/d5Lryu4hPhDsWo2s0M=; b=aQ7y0ItsoFdVHX2I4f8leYVYFBeIYgO2HME+Mnisg8RR1T2fywhvufoudT45MJQV2tFzkC zcnIsJSIAgY274eItpL2nBx5TZKBY1gmbwnpsjDWLZj1aeaaaww3E1uYcYrY9+2M25RU14 nEeWTQfWw37E9YLNl08fWEXTmPZNu84= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-467-qrWKnXEXPOmIyykWECAa-Q-1; Wed, 18 Oct 2023 04:54:38 -0400 X-MC-Unique: qrWKnXEXPOmIyykWECAa-Q-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2F6CA3826D3D; Wed, 18 Oct 2023 08:54:38 +0000 (UTC) Received: from localhost (unknown [10.72.112.83]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 073D7909; Wed, 18 Oct 2023 08:54:36 +0000 (UTC) Date: Wed, 18 Oct 2023 16:54:33 +0800 From: Baoquan He To: Dan Carpenter Cc: oe-kbuild@lists.linux.dev, Lorenzo Stoakes , lkp@intel.com, oe-kbuild-all@lists.linux.dev, linux-kernel@vger.kernel.org, Andrew Morton , Linux Memory Management List Subject: Re: mm/vmalloc.c:3689 vread_iter() error: we previously assumed 'vm' could be null (see line 3667) Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: DB04D80002 X-Stat-Signature: 794bmrf4418qdggybhkqjqazhsjgujwp X-HE-Tag: 1697619294-178329 X-HE-Meta: U2FsdGVkX1/9mMxrG+UEuxpsP9WufFzi2Gvj0nFDqaPk0fpQe7HQFfErUSoMNkMJ2I5RwaC+h5B/KSDzyh/sryz6apdTsA3p4vSYS6KlqnmBUfOZHbBKOTBCiHZFbK+74ivwFfP8c3GtxQkXnZbuBXzWq6dCdBMDey1yTdc6Ht+1Kz2hxWPBcQIQkT9vzr6k388Yx98cjuv5igpDVRbAcON0CZn55lte9m6osl+LKRhQeCdF05xzetIv4WYyw15px+pF+RkSQ/OGAOluuzkhJPbKa41ZmdZMidiSncCpfVH91ZBAfAKU/nld+AFUpMfr/7xSE297gD/d6VWzVecGZBgGJ25l7MpDdqtdPpz32iYCJ7+EGmhdKsCIn8hdmA8zvJ8ZWdDOoHSNr+ZzlksiGyoj0Mkma1xgyHOju+TG4ETi9nMcYP9gcUNXyWAB3E1D6Oks2CXJmOu8BQSexFWtgQmbRndbltdiTQGXqHTeUZcwfW5vL5Q7/lWkwTJZQMX+DHP3FhFnHGRvGsFCKM66TxKfXYz/XS5rFbssY/R7fa/gRcAsxX14o8QSi9jIviQ727C2oHvqWB5Wqvk2+w+sUk4z3gsfKvzX12veNOTpI/rBZN9W3V6ZzlBXjoF0q1a9Vfp/R018VJ32BtxDEkGzf2AGDntGaRLNklasBEizDHpHFaO6xkMltbE3Qr2eJ9PrfCEsanNIza5hpjYPLOjq7atQjc0CookVm9oKpgYGaaPFM/AimRpf9Z4LNgaIOt8RmzwmwOvkqops8skOhqmAOcTLAlyIKU+aBiZoHxPEC63Yl7WzVTRGAbZwFyyx8+bzW81lIIQzn/8+ufCd8dAyoFQ8mcAVY0EgdPLLxddEzJN6f+QKc69l0EAAIRbOIavvSWlkzkjk1GvEkqCT/x8ojC8OfXgGPNt3niNHR5DAqUrnRwElBlrl8oJDNHFUbyme8GR+EDjkfce5/LQqlCx pfCxEZsC 7X5xhJIttR5ZuNH3eDfacF3gDuuDwq7UvOMpChF/4RFBt0uWpUqVAQnalkxxaBXNlSglcN7AHHV6fI7e3RtnfgWuOawh8MXlVacYEj6k2nAppz53cvrUM2/aU6qXxoFIuaZ4IR14nDruKwm5MCRPHxGS6rNLK88/iMAsHg6Ah69Bh/3GW0/kK3nWSNlfHKJxqM/Fwzr9YsSX9O7B/JrqKu6xwF+XJNWsOfoJYD3HQQBOm9C+UDewh3Ce8gF1sWAgwDQRV2YggnMN1ieM/uFp5F91kTCdNQOU2hOSEhSlwWf9GWO6RW59TB0tMtH8Zbw8DZlezOhITQ3RWM8TEWHU/MLzkoFx75/yXKDrlh4663kPgDPb3iS7wbkrkdWstIuJxvjQPWsQZeIwLZk2w6jFXa/JVIYQjMI9q8p73P2KplbbZEQy8L3dz1nTC/2D6j5qhUKauWJfQt3V4nwyGm1ESRqyLqw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi, On 10/17/23 at 05:26pm, Dan Carpenter wrote: > tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master > head: 213f891525c222e8ed145ce1ce7ae1f47921cb9c > commit: 4c91c07c93bbbdd7f2d9de2beb7ee5c2a48ad8e7 mm: vmalloc: convert vread() to vread_iter() > config: x86_64-allnoconfig (https://download.01.org/0day-ci/archive/20231017/202310171600.WCrsOwFj-lkp@intel.com/config) > compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 > reproduce: (https://download.01.org/0day-ci/archive/20231017/202310171600.WCrsOwFj-lkp@intel.com/reproduce) > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot > | Reported-by: Dan Carpenter > | Closes: https://lore.kernel.org/r/202310171600.WCrsOwFj-lkp@intel.com/ > > smatch warnings: > mm/vmalloc.c:3689 vread_iter() error: we previously assumed 'vm' could be null (see line 3667) I see the code deficit, while the reproduce link seems to be unavilable. Could you double check the link and provide a good one so that I can verify the code fix? Thanks Baoquan > > vim +/vm +3689 mm/vmalloc.c > > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3619 long vread_iter(struct iov_iter *iter, const char *addr, size_t count) > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3620 { > e81ce85f960c2e Joonsoo Kim 2013-04-29 3621 struct vmap_area *va; > e81ce85f960c2e Joonsoo Kim 2013-04-29 3622 struct vm_struct *vm; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3623 char *vaddr; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3624 size_t n, size, flags, remains; > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3625 > 4aff1dc4fb3a5a Andrey Konovalov 2022-03-24 3626 addr = kasan_reset_tag(addr); > 4aff1dc4fb3a5a Andrey Konovalov 2022-03-24 3627 > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3628 /* Don't allow overflow */ > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3629 if ((unsigned long) addr + count < count) > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3630 count = -(unsigned long) addr; > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3631 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3632 remains = count; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3633 > e81ce85f960c2e Joonsoo Kim 2013-04-29 3634 spin_lock(&vmap_area_lock); > f181234a5a21fd Chen Wandun 2021-09-02 3635 va = find_vmap_area_exceed_addr((unsigned long)addr); > f608788cd2d6ca Serapheim Dimitropoulos 2021-04-29 3636 if (!va) > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3637 goto finished_zero; > f181234a5a21fd Chen Wandun 2021-09-02 3638 > f181234a5a21fd Chen Wandun 2021-09-02 3639 /* no intersects with alive vmap_area */ > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3640 if ((unsigned long)addr + remains <= va->va_start) > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3641 goto finished_zero; > f181234a5a21fd Chen Wandun 2021-09-02 3642 > f608788cd2d6ca Serapheim Dimitropoulos 2021-04-29 3643 list_for_each_entry_from(va, &vmap_area_list, list) { > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3644 size_t copied; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3645 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3646 if (remains == 0) > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3647 goto finished; > e81ce85f960c2e Joonsoo Kim 2013-04-29 3648 > 06c8994626d1b7 Baoquan He 2023-02-06 3649 vm = va->vm; > 06c8994626d1b7 Baoquan He 2023-02-06 3650 flags = va->flags & VMAP_FLAGS_MASK; > 06c8994626d1b7 Baoquan He 2023-02-06 3651 /* > 06c8994626d1b7 Baoquan He 2023-02-06 3652 * VMAP_BLOCK indicates a sub-type of vm_map_ram area, need > 06c8994626d1b7 Baoquan He 2023-02-06 3653 * be set together with VMAP_RAM. > 06c8994626d1b7 Baoquan He 2023-02-06 3654 */ > 06c8994626d1b7 Baoquan He 2023-02-06 3655 WARN_ON(flags == VMAP_BLOCK); > 06c8994626d1b7 Baoquan He 2023-02-06 3656 > 06c8994626d1b7 Baoquan He 2023-02-06 3657 if (!vm && !flags) > > NULL check > > e81ce85f960c2e Joonsoo Kim 2013-04-29 3658 continue; > e81ce85f960c2e Joonsoo Kim 2013-04-29 3659 > 30a7a9b17c4b03 Baoquan He 2023-02-06 3660 if (vm && (vm->flags & VM_UNINITIALIZED)) > 30a7a9b17c4b03 Baoquan He 2023-02-06 3661 continue; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3662 > 30a7a9b17c4b03 Baoquan He 2023-02-06 3663 /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */ > 30a7a9b17c4b03 Baoquan He 2023-02-06 3664 smp_rmb(); > 30a7a9b17c4b03 Baoquan He 2023-02-06 3665 > 06c8994626d1b7 Baoquan He 2023-02-06 3666 vaddr = (char *) va->va_start; > 06c8994626d1b7 Baoquan He 2023-02-06 @3667 size = vm ? get_vm_area_size(vm) : va_size(va); > 06c8994626d1b7 Baoquan He 2023-02-06 3668 > 06c8994626d1b7 Baoquan He 2023-02-06 3669 if (addr >= vaddr + size) > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3670 continue; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3671 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3672 if (addr < vaddr) { > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3673 size_t to_zero = min_t(size_t, vaddr - addr, remains); > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3674 size_t zeroed = zero_iter(iter, to_zero); > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3675 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3676 addr += zeroed; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3677 remains -= zeroed; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3678 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3679 if (remains == 0 || zeroed != to_zero) > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3680 goto finished; > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3681 } > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3682 > 06c8994626d1b7 Baoquan He 2023-02-06 3683 n = vaddr + size - addr; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3684 if (n > remains) > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3685 n = remains; > 06c8994626d1b7 Baoquan He 2023-02-06 3686 > 06c8994626d1b7 Baoquan He 2023-02-06 3687 if (flags & VMAP_RAM) > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3688 copied = vmap_ram_vread_iter(iter, addr, n, flags); > 06c8994626d1b7 Baoquan He 2023-02-06 @3689 else if (!(vm->flags & VM_IOREMAP)) > ^^^^^^^^^ > Unchecked dereference > > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3690 copied = aligned_vread_iter(iter, addr, n); > d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3691 else /* IOREMAP area is treated as memory hole */ > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3692 copied = zero_iter(iter, n); > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3693 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3694 addr += copied; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3695 remains -= copied; > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3696 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3697 if (copied != n) > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3698 goto finished; > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3699 } > d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3700 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3701 finished_zero: > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3702 spin_unlock(&vmap_area_lock); > d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3703 /* zero-fill memory holes */ > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3704 return count - remains + zero_iter(iter, remains); > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3705 finished: > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3706 /* Nothing remains, or We couldn't copy/zero everything. */ > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3707 spin_unlock(&vmap_area_lock); > d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3708 > 4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3709 return count - remains; > ^1da177e4c3f41 Linus Torvalds 2005-04-16 3710 } > > -- > 0-DAY CI Kernel Test Service > https://github.com/intel/lkp-tests/wiki >