tree: https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git willy-maple head: 7e346d2845b4bd77663394f39fa70456e0084c86 commit: 059c8a0bb9679195f39e18eaa5b3f548f13e7226 [137/202] mm/mmap: Change mmap_region to use maple tree state config: x86_64-randconfig-m001-20210202 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <l...@intel.com>
Reported-by: Dan Carpenter <dan.carpen...@oracle.com>
smatch warnings:
mm/mmap.c:1895 mmap_region() error: uninitialized symbol 'next'.
vim +/next +1895 mm/mmap.c
0165ab443556bd Miklos Szeredi 2007-07-15 1753 unsigned long
mmap_region(struct file *file, unsigned long addr,
897ab3e0c49e24 Mike Rapoport 2017-02-24 1754 unsigned long
len, vm_flags_t vm_flags, unsigned long pgoff,
897ab3e0c49e24 Mike Rapoport 2017-02-24 1755 struct
list_head *uf)
0165ab443556bd Miklos Szeredi 2007-07-15 1756 {
0165ab443556bd Miklos Szeredi 2007-07-15 1757 struct mm_struct *mm =
current->mm;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1758 struct vm_area_struct
*vma = NULL;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1759 struct vm_area_struct
*prev, *next;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1760 pgoff_t pglen = len >>
PAGE_SHIFT;
0165ab443556bd Miklos Szeredi 2007-07-15 1761 unsigned long charged =
0;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1762 unsigned long end =
addr + len;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1763 unsigned long
merge_start = addr, merge_end = end;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1764 pgoff_t vm_pgoff;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1765 int error;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1766 MA_STATE(mas,
&mm->mm_mt, addr, end - 1);
0165ab443556bd Miklos Szeredi 2007-07-15 1767
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1768 /* Check against
address space limit. */
84638335900f19 Konstantin Khlebnikov 2016-01-14 1769 if (!may_expand_vm(mm,
vm_flags, len >> PAGE_SHIFT)) {
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1770 unsigned long
nr_pages;
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1771
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1772 /*
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1773 * MAP_FIXED
may remove pages of mappings that intersects with
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1774 * requested
mapping. Account for the pages it would unmap.
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1775 */
059c8a0bb96791 Liam R. Howlett 2020-11-10 1776 nr_pages =
count_vma_pages_range(mm, addr, end);
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1777
84638335900f19 Konstantin Khlebnikov 2016-01-14 1778 if
(!may_expand_vm(mm, vm_flags,
84638335900f19 Konstantin Khlebnikov 2016-01-14 1779
(len >> PAGE_SHIFT) - nr_pages))
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1780 return
-ENOMEM;
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1781 }
e8420a8ece80b3 Cyril Hrubis 2013-04-29 1782
059c8a0bb96791 Liam R. Howlett 2020-11-10 1783 /* Unmap any existing
mapping in the area */
059c8a0bb96791 Liam R. Howlett 2020-11-10 1784 if (do_munmap(mm, addr,
len, uf))
^1da177e4c3f41 Linus Torvalds 2005-04-16 1785 return -ENOMEM;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1786
^1da177e4c3f41 Linus Torvalds 2005-04-16 1787 /*
^1da177e4c3f41 Linus Torvalds 2005-04-16 1788 * Private writable
mapping: check memory availability
^1da177e4c3f41 Linus Torvalds 2005-04-16 1789 */
5a6fe125950676 Mel Gorman 2009-02-10 1790 if
(accountable_mapping(file, vm_flags)) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1791 charged = len
>> PAGE_SHIFT;
191c542442fdf5 Al Viro 2012-02-13 1792 if
(security_vm_enough_memory_mm(mm, charged))
^1da177e4c3f41 Linus Torvalds 2005-04-16 1793 return
-ENOMEM;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1794 vm_flags |=
VM_ACCOUNT;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1795 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1796
^1da177e4c3f41 Linus Torvalds 2005-04-16 1797
059c8a0bb96791 Liam R. Howlett 2020-11-10 1798 if (vm_flags &
VM_SPECIAL) {
059c8a0bb96791 Liam R. Howlett 2020-11-10 1799 prev =
mas_prev(&mas, 0);
059c8a0bb96791 Liam R. Howlett 2020-11-10 1800 goto
cannot_expand;
"next" not initialized on this path.
059c8a0bb96791 Liam R. Howlett 2020-11-10 1801 }
059c8a0bb96791 Liam R. Howlett 2020-11-10 1802
059c8a0bb96791 Liam R. Howlett 2020-11-10 1803 /* Attempt to expand an
old mapping */
059c8a0bb96791 Liam R. Howlett 2020-11-10 1804
059c8a0bb96791 Liam R. Howlett 2020-11-10 1805 /* Check next */
059c8a0bb96791 Liam R. Howlett 2020-11-10 1806 next = mas_next(&mas,
ULONG_MAX);
059c8a0bb96791 Liam R. Howlett 2020-11-10 1807 if (next &&
next->vm_start == end && vma_policy(next) &&
059c8a0bb96791 Liam R. Howlett 2020-11-10 1808
can_vma_merge_before(next, vm_flags, NULL, file, pgoff+pglen,
059c8a0bb96791 Liam R. Howlett 2020-11-10 1809
NULL_VM_UFFD_CTX)) {
059c8a0bb96791 Liam R. Howlett 2020-11-10 1810 merge_end =
next->vm_end;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1811 vma = next;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1812 vm_pgoff =
next->vm_pgoff - pglen;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1813 }
059c8a0bb96791 Liam R. Howlett 2020-11-10 1814
059c8a0bb96791 Liam R. Howlett 2020-11-10 1815 /* Check prev */
059c8a0bb96791 Liam R. Howlett 2020-11-10 1816 prev = mas_prev(&mas,
0);
059c8a0bb96791 Liam R. Howlett 2020-11-10 1817 if (prev &&
prev->vm_end == addr && !vma_policy(prev) &&
059c8a0bb96791 Liam R. Howlett 2020-11-10 1818
can_vma_merge_after(prev, vm_flags, NULL, file, pgoff,
059c8a0bb96791 Liam R. Howlett 2020-11-10 1819
NULL_VM_UFFD_CTX)) {
059c8a0bb96791 Liam R. Howlett 2020-11-10 1820 merge_start =
prev->vm_start;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1821 vma = prev;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1822 vm_pgoff =
prev->vm_pgoff;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1823 }
059c8a0bb96791 Liam R. Howlett 2020-11-10 1824
059c8a0bb96791 Liam R. Howlett 2020-11-10 1825
059c8a0bb96791 Liam R. Howlett 2020-11-10 1826 /* Actually expand, if
possible */
059c8a0bb96791 Liam R. Howlett 2020-11-10 1827 if (vma &&
059c8a0bb96791 Liam R. Howlett 2020-11-10 1828 !vma_expand(&mas,
vma, merge_start, merge_end, vm_pgoff, next)) {
059c8a0bb96791 Liam R. Howlett 2020-11-10 1829
khugepaged_enter_vma_merge(prev, vm_flags);
059c8a0bb96791 Liam R. Howlett 2020-11-10 1830 goto expanded;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1831 }
059c8a0bb96791 Liam R. Howlett 2020-11-10 1832
059c8a0bb96791 Liam R. Howlett 2020-11-10 1833 mas_set_range(&mas,
addr, end - 1);
059c8a0bb96791 Liam R. Howlett 2020-11-10 1834 cannot_expand:
^1da177e4c3f41 Linus Torvalds 2005-04-16 1835 /*
^1da177e4c3f41 Linus Torvalds 2005-04-16 1836 * Determine the object
being mapped and call the appropriate
^1da177e4c3f41 Linus Torvalds 2005-04-16 1837 * specific mapper. the
address has already been validated, but
^1da177e4c3f41 Linus Torvalds 2005-04-16 1838 * not unmapped, but
the maps are removed from the list.
^1da177e4c3f41 Linus Torvalds 2005-04-16 1839 */
490fc053865c9c Linus Torvalds 2018-07-21 1840 vma = vm_area_alloc(mm);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1841 if (!vma) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1842 error = -ENOMEM;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1843 goto
unacct_error;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1844 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1845
^1da177e4c3f41 Linus Torvalds 2005-04-16 1846 vma->vm_start = addr;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1847 vma->vm_end = end;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1848 vma->vm_flags =
vm_flags;
3ed75eb8f1cd89 Coly Li 2007-10-18 1849 vma->vm_page_prot =
vm_get_page_prot(vm_flags);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1850 vma->vm_pgoff = pgoff;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1851
^1da177e4c3f41 Linus Torvalds 2005-04-16 1852 if (file) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1853 if (vm_flags &
VM_DENYWRITE) {
^1da177e4c3f41 Linus Torvalds 2005-04-16 1854 error =
deny_write_access(file);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1855 if
(error)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1856
goto free_vma;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1857 }
4bb5f5d9395bc1 David Herrmann 2014-08-08 1858 if (vm_flags &
VM_SHARED) {
4bb5f5d9395bc1 David Herrmann 2014-08-08 1859 error =
mapping_map_writable(file->f_mapping);
4bb5f5d9395bc1 David Herrmann 2014-08-08 1860 if
(error)
4bb5f5d9395bc1 David Herrmann 2014-08-08 1861
goto allow_write_and_free_vma;
4bb5f5d9395bc1 David Herrmann 2014-08-08 1862 }
4bb5f5d9395bc1 David Herrmann 2014-08-08 1863
4bb5f5d9395bc1 David Herrmann 2014-08-08 1864 /* ->mmap() can
change vma->vm_file, but must guarantee that
4bb5f5d9395bc1 David Herrmann 2014-08-08 1865 * vma_link()
below can deny write-access if VM_DENYWRITE is set
4bb5f5d9395bc1 David Herrmann 2014-08-08 1866 * and map
writably if VM_SHARED is set. This usually means the
4bb5f5d9395bc1 David Herrmann 2014-08-08 1867 * new file
must not have been exposed to user-space, yet.
4bb5f5d9395bc1 David Herrmann 2014-08-08 1868 */
cb0942b8124979 Al Viro 2012-08-27 1869 vma->vm_file =
get_file(file);
f74ac01520c9f6 Miklos Szeredi 2017-02-20 1870 error =
call_mmap(file, vma);
^1da177e4c3f41 Linus Torvalds 2005-04-16 1871 if (error)
^1da177e4c3f41 Linus Torvalds 2005-04-16 1872 goto
unmap_and_free_vma;
^1da177e4c3f41 Linus Torvalds 2005-04-16 1873
309d08d9b3a365 Liu Zixian 2020-12-05 1874 /* Can addr
have changed??
309d08d9b3a365 Liu Zixian 2020-12-05 1875 *
309d08d9b3a365 Liu Zixian 2020-12-05 1876 * Answer: Yes,
several device drivers can do it in their
309d08d9b3a365 Liu Zixian 2020-12-05 1877 *
f_op->mmap method. -DaveM
309d08d9b3a365 Liu Zixian 2020-12-05 1878 * Bug: If addr
is changed, prev, rb_link, rb_parent should
309d08d9b3a365 Liu Zixian 2020-12-05 1879 * be
updated for vma_link()
309d08d9b3a365 Liu Zixian 2020-12-05 1880 */
309d08d9b3a365 Liu Zixian 2020-12-05 1881
WARN_ON_ONCE(addr != vma->vm_start);
309d08d9b3a365 Liu Zixian 2020-12-05 1882
309d08d9b3a365 Liu Zixian 2020-12-05 1883 addr =
vma->vm_start;
309d08d9b3a365 Liu Zixian 2020-12-05 1884
d70cec8983241a Miaohe Lin 2020-08-06 1885 /* If vm_flags
changed after call_mmap(), we should try merge vma again
d70cec8983241a Miaohe Lin 2020-08-06 1886 * as we may
succeed this time.
d70cec8983241a Miaohe Lin 2020-08-06 1887 */
059c8a0bb96791 Liam R. Howlett 2020-11-10 1888 if
(unlikely(vm_flags != vma->vm_flags && prev &&
059c8a0bb96791 Liam R. Howlett 2020-11-10 1889
prev->vm_end == addr && !vma_policy(prev) &&
059c8a0bb96791 Liam R. Howlett 2020-11-10 1890
can_vma_merge_after(prev, vm_flags, NULL, file,
059c8a0bb96791 Liam R. Howlett 2020-11-10 1891
pgoff, NULL_VM_UFFD_CTX))) {
059c8a0bb96791 Liam R. Howlett 2020-11-10 1892
merge_start = prev->vm_start;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1893
vm_pgoff = prev->vm_pgoff;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1894 if
(!vma_expand(&mas, prev, merge_start, merge_end,
059c8a0bb96791 Liam R. Howlett 2020-11-10 @1895
vm_pgoff, next)) {
^^^^
Warning here. The code is too complicated to know if it's a false
positive. Smatch is not very good about tracking bit masks and
particularly tests like "if (vm_flags & VM_SPECIAL)" are not tracked
accross function boundaries...
bc4fe4cdd602b3 Miaohe Lin 2020-10-10 1896
/* ->mmap() can change vma->vm_file and fput the original file. So
bc4fe4cdd602b3 Miaohe Lin 2020-10-10 1897
* fput the vma->vm_file here or we would add an extra fput for file
bc4fe4cdd602b3 Miaohe Lin 2020-10-10 1898
* and cause general protection fault ultimately.
bc4fe4cdd602b3 Miaohe Lin 2020-10-10 1899
*/
bc4fe4cdd602b3 Miaohe Lin 2020-10-10 1900
fput(vma->vm_file);
d70cec8983241a Miaohe Lin 2020-08-06 1901
vm_area_free(vma);
059c8a0bb96791 Liam R. Howlett 2020-11-10 1902
vma = prev;
059c8a0bb96791 Liam R. Howlett 2020-11-10 1903
/* Update vm_flags and possible addr to pick up the change. We don't
059c8a0bb96791 Liam R. Howlett 2020-11-10 1904
* warn here if addr changed as the vma is not linked by vma_link().
059c8a0bb96791 Liam R. Howlett 2020-11-10 1905
*/
059c8a0bb96791 Liam R. Howlett 2020-11-10 1906
addr = vma->vm_start;
d70cec8983241a Miaohe Lin 2020-08-06 1907
vm_flags = vma->vm_flags;
d70cec8983241a Miaohe Lin 2020-08-06 1908
goto unmap_writable;
d70cec8983241a Miaohe Lin 2020-08-06 1909 }
d70cec8983241a Miaohe Lin 2020-08-06 1910 }
d70cec8983241a Miaohe Lin 2020-08-06 1911
^1da177e4c3f41 Linus Torvalds 2005-04-16 1912 vm_flags =
vma->vm_flags;
f8dbf0a7a4c5d9 Huang Shijie 2009-09-21 1913 } else if (vm_flags &
VM_SHARED) {
f8dbf0a7a4c5d9 Huang Shijie 2009-09-21 1914 error =
shmem_zero_setup(vma);
f8dbf0a7a4c5d9 Huang Shijie 2009-09-21 1915 if (error)
f8dbf0a7a4c5d9 Huang Shijie 2009-09-21 1916 goto
free_vma;
bfd40eaff5abb9 Kirill A. Shutemov 2018-07-26 1917 } else {
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-...@lists.01.org
.config.gz
Description: application/gzip
