tree:   https://android.googlesource.com/kernel/common android13-5.10
head:   2a62463d6ed0eb3ae71214792d6e47ad5c090e0a
commit: 4812532ecee5ffb2b1a7b28e99a21a69ad4ecd23 [2/11] ANDROID: mm: prevent speculative page fault handling for userfaults
config: arm64-randconfig-s042-20221124
compiler: aarch64-linux-gcc (GCC) 12.1.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # apt-get install sparse
        # sparse version: v0.6.4-39-gce1a6720-dirty
        git remote add android-common https://android.googlesource.com/kernel/common
        git fetch --no-tags android-common android13-5.10
        git checkout 4812532ecee5ffb2b1a7b28e99a21a69ad4ecd23
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=arm64 SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   In file included from include/linux/export.h:43,
                    from include/linux/linkage.h:7,
                    from include/linux/kernel.h:8,
                    from include/linux/list.h:9,
                    from include/linux/smp.h:12,
                    from include/linux/kernel_stat.h:5,
                    from mm/memory.c:42:
   mm/memory.c: In function '___handle_speculative_fault':
>> mm/memory.c:4969:38: error: '__VM_UFFD_FLAGS' undeclared (first use in this function)
    4969 |         if (unlikely(vmf.vma_flags & __VM_UFFD_FLAGS)) {
         |                                      ^~~~~~~~~~~~~~~
   include/linux/compiler.h:78:45: note: in definition of macro 'unlikely'
      78 | # define unlikely(x)    __builtin_expect(!!(x), 0)
         |                                             ^
   mm/memory.c:4969:38: note: each undeclared identifier is reported only once for each function it appears in
    4969 |         if (unlikely(vmf.vma_flags & __VM_UFFD_FLAGS)) {
         |                                      ^~~~~~~~~~~~~~~
   include/linux/compiler.h:78:45: note: in definition of macro 'unlikely'
      78 | # define unlikely(x)    __builtin_expect(!!(x), 0)
         |                                             ^


vim +/__VM_UFFD_FLAGS +4969 mm/memory.c

  4912	
  4913	#ifndef CONFIG_ARCH_HAS_PTE_SPECIAL
  4914	/* This is required by vm_normal_page() */
  4915	#error "Speculative page fault handler requires CONFIG_ARCH_HAS_PTE_SPECIAL"
  4916	#endif
  4917	/*
  4918	 * vm_normal_page() adds some processing which should be done while
  4919	 * hodling the mmap_sem.
  4920	 */
  4921	
  4922	/*
  4923	 * Tries to handle the page fault in a speculative way, without grabbing the
  4924	 * mmap_sem.
  4925	 * When VM_FAULT_RETRY is returned, the vma pointer is valid and this vma must
  4926	 * be checked later when the mmap_sem has been grabbed by calling
  4927	 * can_reuse_spf_vma().
  4928	 * This is needed as the returned vma is kept in memory until the call to
  4929	 * can_reuse_spf_vma() is made.
  4930	 */
  4931	static vm_fault_t ___handle_speculative_fault(struct mm_struct *mm,
  4932					unsigned long address, unsigned int flags,
  4933					struct vm_area_struct *vma)
  4934	{
  4935		struct vm_fault vmf = {
  4936			.address = address,
  4937			.pgoff = linear_page_index(vma, address),
  4938			.vma = vma,
  4939			.gfp_mask = __get_fault_gfp_mask(vma),
  4940			.flags = flags,
  4941		};
  4942	#ifdef CONFIG_NUMA
  4943		struct mempolicy *pol;
  4944	#endif
  4945		pgd_t *pgd, pgdval;
  4946		p4d_t *p4d, p4dval;
  4947		pud_t pudval;
  4948		int seq;
  4949		vm_fault_t ret;
  4950	
  4951		/* Clear flags that may lead to release the mmap_sem to retry */
  4952		flags &= ~(FAULT_FLAG_ALLOW_RETRY|FAULT_FLAG_KILLABLE);
  4953		flags |= FAULT_FLAG_SPECULATIVE;
  4954	
  4955		/* rmb <-> seqlock,vma_rb_erase() */
  4956		seq = raw_read_seqcount(&vmf.vma->vm_sequence);
  4957		if (seq & 1) {
  4958			trace_spf_vma_changed(_RET_IP_, vmf.vma, address);
  4959			return VM_FAULT_RETRY;
  4960		}
  4961	
  4962		if (!vmf_allows_speculation(&vmf))
  4963			return VM_FAULT_RETRY;
  4964	
  4965		vmf.vma_flags = READ_ONCE(vmf.vma->vm_flags);
  4966		vmf.vma_page_prot = READ_ONCE(vmf.vma->vm_page_prot);
  4967	
  4968		/* Can't call userland page fault handler in the speculative path */
> 4969		if (unlikely(vmf.vma_flags & __VM_UFFD_FLAGS)) {
  4970			trace_spf_vma_notsup(_RET_IP_, vmf.vma, address);
  4971			return VM_FAULT_RETRY;
  4972		}
  4973	
  4974		if (vmf.vma_flags & VM_GROWSDOWN || vmf.vma_flags & VM_GROWSUP) {
  4975			/*
  4976			 * This could be detected by the check address against VMA's
  4977			 * boundaries but we want to trace it as not supported instead
  4978			 * of changed.
  4979			 */
  4980			trace_spf_vma_notsup(_RET_IP_, vmf.vma, address);
  4981			return VM_FAULT_RETRY;
  4982		}
  4983	
  4984		if (address < READ_ONCE(vmf.vma->vm_start)
  4985		    || READ_ONCE(vmf.vma->vm_end) <= address) {
  4986			trace_spf_vma_changed(_RET_IP_, vmf.vma, address);
  4987			return VM_FAULT_RETRY;
  4988		}
  4989	
  4990		if (!arch_vma_access_permitted(vmf.vma, flags & FAULT_FLAG_WRITE,
  4991					       flags & FAULT_FLAG_INSTRUCTION,
  4992					       flags & FAULT_FLAG_REMOTE))
  4993			goto out_segv;
  4994	
  4995		/* This is one is required to check that the VMA has write access set */
  4996		if (flags & FAULT_FLAG_WRITE) {
  4997			if (unlikely(!(vmf.vma_flags & VM_WRITE)))
  4998				goto out_segv;
  4999		} else if (unlikely(!(vmf.vma_flags & (VM_READ|VM_EXEC|VM_WRITE))))
  5000			goto out_segv;
  5001	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp