From: Balbir Singh <balbirs@nvidia.com>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: linux-mm@kvack.org
Subject: Re: [bug report] lib/test_hmm: add zone device private THP test infrastructure
Date: Mon, 15 Sep 2025 19:49:33 +1000 [thread overview]
Message-ID: <d792f1c0-f393-4e16-97f0-36b4028c46e4@nvidia.com> (raw)
In-Reply-To: <aMepD1FRu-2DfBwo@stanley.mountain>
On 9/15/25 15:50, Dan Carpenter wrote:
> Hello Balbir Singh,
>
> Commit 6098c878b175 ("lib/test_hmm: add zone device private THP test
> infrastructure") from Sep 8, 2025 (linux-next), leads to the
> following Smatch static checker warning:
>
> lib/test_hmm.c:721 dmirror_migrate_alloc_and_copy()
> error: we previously assumed 'spage' could be null (see line 718)
>
> lib/test_hmm.c
> 675 static void dmirror_migrate_alloc_and_copy(struct migrate_vma *args,
> 676 struct dmirror *dmirror)
> 677 {
> 678 const unsigned long *src = args->src;
> 679 unsigned long *dst = args->dst;
> 680 unsigned long addr;
> 681
> 682 for (addr = args->start; addr < args->end; ) {
> 683 struct page *spage;
> 684 struct page *dpage;
> 685 struct page *rpage;
> 686 bool is_large = *src & MIGRATE_PFN_COMPOUND;
> 687 int write = (*src & MIGRATE_PFN_WRITE) ? MIGRATE_PFN_WRITE : 0;
> 688 unsigned long nr = 1;
> 689
> 690 if (!(*src & MIGRATE_PFN_MIGRATE))
> 691 goto next;
> 692
> 693 /*
> 694 * Note that spage might be NULL which is OK since it is an
> 695 * unallocated pte_none() or read-only zero page.
> 696 */
> 697 spage = migrate_pfn_to_page(*src);
> 698 if (WARN(spage && is_zone_device_page(spage),
> 699 "page already in device spage pfn: 0x%lx\n",
> 700 page_to_pfn(spage)))
> 701 goto next;
> 702
> 703 if (dmirror->flags & HMM_DMIRROR_FLAG_FAIL_ALLOC) {
> 704 dmirror->flags &= ~HMM_DMIRROR_FLAG_FAIL_ALLOC;
> 705 dpage = NULL;
> 706 } else
> 707 dpage = dmirror_devmem_alloc_page(dmirror, is_large);
> 708
> 709 if (!dpage) {
> 710 struct folio *folio;
> 711 unsigned long i;
> 712 unsigned long spfn = *src >> MIGRATE_PFN_SHIFT;
> 713 struct page *src_page;
> 714
> 715 if (!is_large)
> 716 goto next;
> 717
> 718 if (!spage && is_large) {
> ^^^^^^ ^^^^^^^^
> If spage is NULL but is_large is false
Isn't is_large being false ruled out two lines above?
>
> 719 nr = HPAGE_PMD_NR;
> 720 } else {
> --> 721 folio = page_folio(spage);
> ^^^^^
> the this will crash.
>
> 722 nr = folio_nr_pages(folio);
> 723 }
> 724
> 725 for (i = 0; i < nr && addr < args->end; i++) {
>
> regards,
> dan carpenter
Thanks,
Balbir
next prev parent reply other threads:[~2025-09-15 9:49 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-15 5:50 Dan Carpenter
2025-09-15 9:49 ` Balbir Singh [this message]
2025-09-15 10:48 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d792f1c0-f393-4e16-97f0-36b4028c46e4@nvidia.com \
--to=balbirs@nvidia.com \
--cc=dan.carpenter@linaro.org \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox