From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <surenb@google.com>
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on gnuweeb.org
X-Spam-Level: 
X-Spam-Status: No, score=-17.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham
	autolearn_force=no version=3.4.6
Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172])
	by gnuweeb.org (Postfix) with ESMTPS id 47747831E9
	for <gwml@vger.gnuweeb.org>; Wed,  1 Mar 2023 02:28:49 +0000 (UTC)
Authentication-Results: gnuweeb.org;
	dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20210112 header.b=RcF5H4kB;
	dkim-atps=neutral
Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-5384ff97993so329349127b3.2
        for <gwml@vger.gnuweeb.org>; Tue, 28 Feb 2023 18:28:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112; t=1677637728;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=SXY1oQ2WsIXXjJ4DmWxT7PSEH+wyquFSNk71L82ApRs=;
        b=RcF5H4kBvVfqB5A0I3tNEGPRQprdQKaQuAzsuavQlVaHm3M/SESH3b13I9mje2K4pf
         VD2+gtFthWzu33EspmSNdK4UvMtwXYAmyMSJN5sstc9tduhs+26gUpQUyJjo84vhLr3i
         TPJd9LLHAo+uCnWiitlnPkHfTYLrpg01a3s5BHWbnVuM9n6Scu/JgxmfREHT8qC9PmUr
         /mjAoBrk9d//cLeGukuCUlnE93zl2kmUXMZMytO5CW+vp/1Rh1ZU2GsbB3Vj0Vr5K6Dy
         mL7ff8du0FEs01FLkWzlJPGUufXH0fX13xxxiHxPTQvCxMRmo/aKPtCsb3aTttCO6FKb
         ltKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1677637728;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=SXY1oQ2WsIXXjJ4DmWxT7PSEH+wyquFSNk71L82ApRs=;
        b=C8W6SAwYr5AGaT8O4vkJM5e2f7WP0Z9XXPjq4MEcd5bxZv+AGSute6LBGJBPRIGM4j
         VMs2o26IqzZO5V1slut5wii6mzySumeeozc+FKCt26SDDanhN54SvWc2/MzWWueZMM2b
         +1/xEaTO0jLsLhMfKQ69KnLDpXm2YxSs1rcLGcDbhiMADnJ1QUqmi59TcArvKVba0Z8Y
         72Fy+K30Bbtp5monjX5oGsALQ3+YpsllxjbnJc+1D3rG3ZTbdQ7amhyNA4fGyBtdDSji
         OP2MSjCilCQ+DwiIoMdzSQyR05NHkIquGwKfueV8icXM304zH36mxiFTQ9tBeJoOmnqC
         m+YA==
X-Gm-Message-State: AO0yUKVDOGZuD7VjLVY8+uDWsYccm3Fu/Tr0B77vqSETOY819B9MSBnW
	A+x239nM6CxnK++PmCiClqZWDqXB0gjHNsYxAmNO8g==
X-Google-Smtp-Source: AK7set+h/4aN4tQrM4x93hI3rpnN6ZQ+Fnu7g9uZNflO6E6VEAIC/i2bGKklkKw0hPCZfm62bqguZXRGNAuj6gb3ZNg=
X-Received: by 2002:a81:ae23:0:b0:533:9c5b:7278 with SMTP id
 m35-20020a81ae23000000b005339c5b7278mr2930762ywh.0.1677637727951; Tue, 28 Feb
 2023 18:28:47 -0800 (PST)
MIME-Version: 1.0
References: <202302281802.J93Nma7q-lkp@intel.com> <CAJuCfpHz3uECOuk6rRrV6Vn5r7+vn8HnC5cY7OZVHtGsAeE11A@mail.gmail.com>
In-Reply-To: <CAJuCfpHz3uECOuk6rRrV6Vn5r7+vn8HnC5cY7OZVHtGsAeE11A@mail.gmail.com>
From: Suren Baghdasaryan <surenb@google.com>
Date: Tue, 28 Feb 2023 18:28:36 -0800
Message-ID: <CAJuCfpHZS8_QNDoNLO2Ti2ZY26h7E8RrBtiKZ2zhY2cEvXQ1kw@mail.gmail.com>
Subject: Re: [ammarfaizi2-block:akpm/mm/mm-unstable 82/99] mm/mmap.c:516
 vma_prepare() error: we previously assumed 'vp->vma' could be null (see line 505)
To: Dan Carpenter <error27@gmail.com>
Cc: oe-kbuild@lists.linux.dev, lkp@intel.com, oe-kbuild-all@lists.linux.dev, 
	Ammar Faizi <ammarfaizi2@gnuweeb.org>, "GNU/Weeb Mailing List" <gwml@vger.gnuweeb.org>, 
	Andrew Morton <akpm@linux-foundation.org>, 
	Linux Memory Management List <linux-mm@kvack.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <gwml.vger.gnuweeb.org>

On Tue, Feb 28, 2023 at 10:04=E2=80=AFAM Suren Baghdasaryan <surenb@google.=
com> wrote:
>
> On Tue, Feb 28, 2023 at 6:24 AM Dan Carpenter <error27@gmail.com> wrote:
> >
> > tree:   https://github.com/ammarfaizi2/linux-block akpm/mm/mm-unstable
> > head:   61edd3b68c3185673c9b05dfe48038692964c73b
> > commit: f517f7ae341d933856cdf4d9d773027681ed5dff [82/99] mm/mmap: write=
-lock VMAs in vma_prepare before modifying them
> > config: i386-randconfig-m021 (https://download.01.org/0day-ci/archive/2=
0230228/202302281802.J93Nma7q-lkp@intel.com/config)
> > compiler: gcc-11 (Debian 11.3.0-8) 11.3.0
> >
> > If you fix the issue, kindly add following tag where applicable
> > | Reported-by: kernel test robot <lkp@intel.com>
> > | Reported-by: Dan Carpenter <error27@gmail.com>
> > | Link: https://lore.kernel.org/r/202302281802.J93Nma7q-lkp@intel.com/
>
> Thanks for reporting!
>
> >
> > smatch warnings:
> > mm/mmap.c:516 vma_prepare() error: we previously assumed 'vp->vma' coul=
d be null (see line 505)
> >
> > vim +516 mm/mmap.c
> >
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  503  static inline void v=
ma_prepare(struct vma_prepare *vp)
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  504  {
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27 @505       if (vp->vma)
> >
> > Check presumes that vp->vma can be NULL.  On my other system (with
> > yesterday's linux-next code) vp->vma can never be NULL.
>
> I think the check here is not needed since vp->vma should always be
> non-NULL. I'll double-check and will remove it if that is confirmed.

Fix is posted at
https://lore.kernel.org/all/20230301022720.1380780-1-surenb@google.com/

> Thanks,
> Suren.
>
> >
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  506               vma_sta=
rt_write(vp->vma);
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  507       if (vp->adj_nex=
t)
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  508               vma_sta=
rt_write(vp->adj_next);
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  509       /* vp->insert i=
s always a newly created VMA, no need for locking */
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  510       if (vp->remove)
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  511               vma_sta=
rt_write(vp->remove);
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  512       if (vp->remove2=
)
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  513               vma_sta=
rt_write(vp->remove2);
> > f517f7ae341d93 Suren Baghdasaryan 2023-02-27  514
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  515       if (vp->file) {
> > 440703e082b9c7 Liam R. Howlett    2023-01-20 @516               uprobe_=
munmap(vp->vma, vp->vma->vm_start, vp->vma->vm_end);
> >                                                                        =
                ^^^^^^^
> > Uncheck dereference.
> >
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  517
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  518               if (vp-=
>adj_next)
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  519                      =
 uprobe_munmap(vp->adj_next, vp->adj_next->vm_start,
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  520                      =
               vp->adj_next->vm_end);
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  521
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  522               i_mmap_=
lock_write(vp->mapping);
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  523               if (vp-=
>insert && vp->insert->vm_file) {
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  524                      =
 /*
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  525                      =
  * Put into interval tree now, so instantiated pages
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  526                      =
  * are visible to arm/parisc __flush_dcache_page
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  527                      =
  * throughout; but we cannot insert into address
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  528                      =
  * space until vma start or end is updated.
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  529                      =
  */
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  530                      =
 __vma_link_file(vp->insert,
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  531                      =
                 vp->insert->vm_file->f_mapping);
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  532               }
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  533       }
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  534
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  535       if (vp->anon_vm=
a) {
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  536               anon_vm=
a_lock_write(vp->anon_vma);
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  537               anon_vm=
a_interval_tree_pre_update_vma(vp->vma);
> >
> > More unchecked dereferences.
> >
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  538               if (vp-=
>adj_next)
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  539                      =
 anon_vma_interval_tree_pre_update_vma(vp->adj_next);
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  540       }
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  541
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  542       if (vp->file) {
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  543               flush_d=
cache_mmap_lock(vp->mapping);
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  544               vma_int=
erval_tree_remove(vp->vma, &vp->mapping->i_mmap);
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  545               if (vp-=
>adj_next)
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  546                      =
 vma_interval_tree_remove(vp->adj_next,
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  547                      =
                          &vp->mapping->i_mmap);
> > 440703e082b9c7 Liam R. Howlett    2023-01-20  548       }
> >
> > --
> > 0-DAY CI Kernel Test Service
> > https://github.com/intel/lkp-tests
> >