From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: mm/vmalloc.c:3689 vread_iter() error: we previously assumed 'vm' could be null (see line 3667)
Date: Tue, 17 Oct 2023 16:32:49 +0800 [thread overview]
Message-ID: <202310171600.WCrsOwFj-lkp@intel.com> (raw)
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Lorenzo Stoakes <lstoakes@gmail.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
CC: Baoquan He <bhe@redhat.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 213f891525c222e8ed145ce1ce7ae1f47921cb9c
commit: 4c91c07c93bbbdd7f2d9de2beb7ee5c2a48ad8e7 mm: vmalloc: convert vread() to vread_iter()
date: 6 months ago
:::::: branch date: 7 hours ago
:::::: commit date: 6 months ago
config: x86_64-allnoconfig (https://download.01.org/0day-ci/archive/20231017/202310171600.WCrsOwFj-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce: (https://download.01.org/0day-ci/archive/20231017/202310171600.WCrsOwFj-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202310171600.WCrsOwFj-lkp@intel.com/
smatch warnings:
mm/vmalloc.c:3689 vread_iter() error: we previously assumed 'vm' could be null (see line 3667)
vim +/vm +3689 mm/vmalloc.c
06c8994626d1b7 Baoquan He 2023-02-06 3594
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3595 /**
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3596 * vread_iter() - read vmalloc area in a safe way to an iterator.
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3597 * @iter: the iterator to which data should be written.
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3598 * @addr: vm address.
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3599 * @count: number of bytes to be read.
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3600 *
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3601 * This function checks that addr is a valid vmalloc'ed area, and
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3602 * copy data from that area to a given buffer. If the given memory range
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3603 * of [addr...addr+count) includes some valid address, data is copied to
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3604 * proper area of @buf. If there are memory holes, they'll be zero-filled.
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3605 * IOREMAP area is treated as memory hole and no copy is done.
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3606 *
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3607 * If [addr...addr+count) doesn't includes any intersects with alive
a8e5202d09c1ba Cong Wang 2012-06-23 3608 * vm_struct area, returns 0. @buf should be kernel's buffer.
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3609 *
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3610 * Note: In usual ops, vread() is never necessary because the caller
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3611 * should know vmalloc() area is valid and can use memcpy().
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3612 * This is for routines which have to access vmalloc area without
bbcd53c9607135 David Hildenbrand 2021-05-06 3613 * any information, as /proc/kcore.
a862f68a8b3600 Mike Rapoport 2019-03-05 3614 *
a862f68a8b3600 Mike Rapoport 2019-03-05 3615 * Return: number of bytes for which addr and buf should be increased
a862f68a8b3600 Mike Rapoport 2019-03-05 3616 * (same number as @count) or %0 if [addr...addr+count) doesn't
a862f68a8b3600 Mike Rapoport 2019-03-05 3617 * include any intersection with valid vmalloc area
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3618 */
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3619 long vread_iter(struct iov_iter *iter, const char *addr, size_t count)
^1da177e4c3f41 Linus Torvalds 2005-04-16 3620 {
e81ce85f960c2e Joonsoo Kim 2013-04-29 3621 struct vmap_area *va;
e81ce85f960c2e Joonsoo Kim 2013-04-29 3622 struct vm_struct *vm;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3623 char *vaddr;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3624 size_t n, size, flags, remains;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3625
4aff1dc4fb3a5a Andrey Konovalov 2022-03-24 3626 addr = kasan_reset_tag(addr);
4aff1dc4fb3a5a Andrey Konovalov 2022-03-24 3627
^1da177e4c3f41 Linus Torvalds 2005-04-16 3628 /* Don't allow overflow */
^1da177e4c3f41 Linus Torvalds 2005-04-16 3629 if ((unsigned long) addr + count < count)
^1da177e4c3f41 Linus Torvalds 2005-04-16 3630 count = -(unsigned long) addr;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3631
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3632 remains = count;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3633
e81ce85f960c2e Joonsoo Kim 2013-04-29 3634 spin_lock(&vmap_area_lock);
f181234a5a21fd Chen Wandun 2021-09-02 3635 va = find_vmap_area_exceed_addr((unsigned long)addr);
f608788cd2d6ca Serapheim Dimitropoulos 2021-04-29 3636 if (!va)
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3637 goto finished_zero;
f181234a5a21fd Chen Wandun 2021-09-02 3638
f181234a5a21fd Chen Wandun 2021-09-02 3639 /* no intersects with alive vmap_area */
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3640 if ((unsigned long)addr + remains <= va->va_start)
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3641 goto finished_zero;
f181234a5a21fd Chen Wandun 2021-09-02 3642
f608788cd2d6ca Serapheim Dimitropoulos 2021-04-29 3643 list_for_each_entry_from(va, &vmap_area_list, list) {
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3644 size_t copied;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3645
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3646 if (remains == 0)
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3647 goto finished;
e81ce85f960c2e Joonsoo Kim 2013-04-29 3648
06c8994626d1b7 Baoquan He 2023-02-06 3649 vm = va->vm;
06c8994626d1b7 Baoquan He 2023-02-06 3650 flags = va->flags & VMAP_FLAGS_MASK;
06c8994626d1b7 Baoquan He 2023-02-06 3651 /*
06c8994626d1b7 Baoquan He 2023-02-06 3652 * VMAP_BLOCK indicates a sub-type of vm_map_ram area, need
06c8994626d1b7 Baoquan He 2023-02-06 3653 * be set together with VMAP_RAM.
06c8994626d1b7 Baoquan He 2023-02-06 3654 */
06c8994626d1b7 Baoquan He 2023-02-06 3655 WARN_ON(flags == VMAP_BLOCK);
06c8994626d1b7 Baoquan He 2023-02-06 3656
06c8994626d1b7 Baoquan He 2023-02-06 3657 if (!vm && !flags)
e81ce85f960c2e Joonsoo Kim 2013-04-29 3658 continue;
e81ce85f960c2e Joonsoo Kim 2013-04-29 3659
30a7a9b17c4b03 Baoquan He 2023-02-06 3660 if (vm && (vm->flags & VM_UNINITIALIZED))
30a7a9b17c4b03 Baoquan He 2023-02-06 3661 continue;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3662
30a7a9b17c4b03 Baoquan He 2023-02-06 3663 /* Pair with smp_wmb() in clear_vm_uninitialized_flag() */
30a7a9b17c4b03 Baoquan He 2023-02-06 3664 smp_rmb();
30a7a9b17c4b03 Baoquan He 2023-02-06 3665
06c8994626d1b7 Baoquan He 2023-02-06 3666 vaddr = (char *) va->va_start;
06c8994626d1b7 Baoquan He 2023-02-06 @3667 size = vm ? get_vm_area_size(vm) : va_size(va);
06c8994626d1b7 Baoquan He 2023-02-06 3668
06c8994626d1b7 Baoquan He 2023-02-06 3669 if (addr >= vaddr + size)
^1da177e4c3f41 Linus Torvalds 2005-04-16 3670 continue;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3671
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3672 if (addr < vaddr) {
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3673 size_t to_zero = min_t(size_t, vaddr - addr, remains);
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3674 size_t zeroed = zero_iter(iter, to_zero);
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3675
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3676 addr += zeroed;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3677 remains -= zeroed;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3678
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3679 if (remains == 0 || zeroed != to_zero)
^1da177e4c3f41 Linus Torvalds 2005-04-16 3680 goto finished;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3681 }
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3682
06c8994626d1b7 Baoquan He 2023-02-06 3683 n = vaddr + size - addr;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3684 if (n > remains)
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3685 n = remains;
06c8994626d1b7 Baoquan He 2023-02-06 3686
06c8994626d1b7 Baoquan He 2023-02-06 3687 if (flags & VMAP_RAM)
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3688 copied = vmap_ram_vread_iter(iter, addr, n, flags);
06c8994626d1b7 Baoquan He 2023-02-06 @3689 else if (!(vm->flags & VM_IOREMAP))
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3690 copied = aligned_vread_iter(iter, addr, n);
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3691 else /* IOREMAP area is treated as memory hole */
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3692 copied = zero_iter(iter, n);
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3693
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3694 addr += copied;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3695 remains -= copied;
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3696
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3697 if (copied != n)
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3698 goto finished;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3699 }
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3700
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3701 finished_zero:
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3702 spin_unlock(&vmap_area_lock);
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3703 /* zero-fill memory holes */
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3704 return count - remains + zero_iter(iter, remains);
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3705 finished:
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3706 /* Nothing remains, or We couldn't copy/zero everything. */
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3707 spin_unlock(&vmap_area_lock);
d0107eb07320b5 KAMEZAWA Hiroyuki 2009-09-21 3708
4c91c07c93bbbd Lorenzo Stoakes 2023-03-22 3709 return count - remains;
^1da177e4c3f41 Linus Torvalds 2005-04-16 3710 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 3711
:::::: The code at line 3689 was first introduced by commit
:::::: 06c8994626d1b7d8c26dfd06992d67703a274054 mm/vmalloc.c: allow vread() to read out vm_map_ram areas
:::::: TO: Baoquan He <bhe@redhat.com>
:::::: CC: Andrew Morton <akpm@linux-foundation.org>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2023-10-17 8:33 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-17 8:32 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-10-17 14:26 mm/vmalloc.c:3689 vread_iter() error: we previously assumed 'vm' could be null (see line 3667) Dan Carpenter
2023-10-18 8:54 ` Baoquan He
2023-10-18 10:32 ` Dan Carpenter
2023-10-18 12:12 ` Baoquan He
2023-10-18 12:45 ` Philip Li
2023-10-18 15:15 ` Baoquan He
2023-10-18 15:52 ` Andrew Morton
2023-10-19 2:28 ` Baoquan He
2023-10-19 5:40 ` Dan Carpenter
2023-10-19 12:55 ` Baoquan He
2023-10-19 16:50 ` Andrew Morton
2023-10-20 0:21 ` Baoquan He
2023-05-06 13:45 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202310171600.WCrsOwFj-lkp@intel.com \
--to=lkp@intel.com \
--cc=error27@gmail.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.