[linux-next:master 14611/14806] mm/mmap.c:3272:11: error: 'struct mm_struct' has no member named 'mmap'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   1cfd968b58a10b2b2489d8f64c956c846621ba46
commit: df9e44c56ef7d1df4a9f3160dda0cdd7d21eeb20 [14611/14806] mm: remove the vma linked list
config: um-i386_defconfig (https://download.01.org/0day-ci/archive/20220603/202206031316.nPElBQdM-lkp@xxxxxxxxx/config)
compiler: gcc-11 (Debian 11.3.0-1) 11.3.0
reproduce (this is a W=1 build):
        # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=df9e44c56ef7d1df4a9f3160dda0cdd7d21eeb20
        git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
        git fetch --no-tags linux-next master
        git checkout df9e44c56ef7d1df4a9f3160dda0cdd7d21eeb20
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        make W=1 O=build_dir ARCH=um SUBARCH=i386 SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@xxxxxxxxx>

Note: the linux-next/master HEAD 1cfd968b58a10b2b2489d8f64c956c846621ba46 builds fine.
      It may have been fixed somewhere.

All errors (new ones prefixed by >>):

   mm/mmap.c: In function 'exit_mmap':
>> mm/mmap.c:3272:11: error: 'struct mm_struct' has no member named 'mmap'
    3272 |         mm->mmap = NULL;
         |           ^~


vim +3272 mm/mmap.c

^1da177e4c3f415 Linus Torvalds      2005-04-16  3205  
^1da177e4c3f415 Linus Torvalds      2005-04-16  3206  /* Release all mmaps. */
^1da177e4c3f415 Linus Torvalds      2005-04-16  3207  void exit_mmap(struct mm_struct *mm)
^1da177e4c3f415 Linus Torvalds      2005-04-16  3208  {
d16dfc550f5326a Peter Zijlstra      2011-05-24  3209  	struct mmu_gather tlb;
ba470de43188cdb Rik van Riel        2008-10-18  3210  	struct vm_area_struct *vma;
^1da177e4c3f415 Linus Torvalds      2005-04-16  3211  	unsigned long nr_accounted = 0;
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3212  	MA_STATE(mas, &mm->mm_mt, 0, 0);
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3213  	int count = 0;
^1da177e4c3f415 Linus Torvalds      2005-04-16  3214  
d6dd61c831226f9 Jeremy Fitzhardinge 2007-05-02  3215  	/* mm's last user has gone, and its about to be pulled down */
cddb8a5c14aa898 Andrea Arcangeli    2008-07-28  3216  	mmu_notifier_release(mm);
d6dd61c831226f9 Jeremy Fitzhardinge 2007-05-02  3217  
27ae357fa82be5a David Rientjes      2018-05-11  3218  	if (unlikely(mm_is_oom_victim(mm))) {
27ae357fa82be5a David Rientjes      2018-05-11  3219  		/*
27ae357fa82be5a David Rientjes      2018-05-11  3220  		 * Manually reap the mm to free as much memory as possible.
27ae357fa82be5a David Rientjes      2018-05-11  3221  		 * Then, as the oom reaper does, set MMF_OOM_SKIP to disregard
c1e8d7c6a7a682e Michel Lespinasse   2020-06-08  3222  		 * this mm from further consideration.  Taking mm->mmap_lock for
27ae357fa82be5a David Rientjes      2018-05-11  3223  		 * write after setting MMF_OOM_SKIP will guarantee that the oom
c1e8d7c6a7a682e Michel Lespinasse   2020-06-08  3224  		 * reaper will not run on this mm again after mmap_lock is
27ae357fa82be5a David Rientjes      2018-05-11  3225  		 * dropped.
27ae357fa82be5a David Rientjes      2018-05-11  3226  		 *
c1e8d7c6a7a682e Michel Lespinasse   2020-06-08  3227  		 * Nothing can be holding mm->mmap_lock here and the above call
27ae357fa82be5a David Rientjes      2018-05-11  3228  		 * to mmu_notifier_release(mm) ensures mmu notifier callbacks in
27ae357fa82be5a David Rientjes      2018-05-11  3229  		 * __oom_reap_task_mm() will not block.
27ae357fa82be5a David Rientjes      2018-05-11  3230  		 */
93065ac753e4443 Michal Hocko        2018-08-21  3231  		(void)__oom_reap_task_mm(mm);
27ae357fa82be5a David Rientjes      2018-05-11  3232  		set_bit(MMF_OOM_SKIP, &mm->flags);
27ae357fa82be5a David Rientjes      2018-05-11  3233  	}
27ae357fa82be5a David Rientjes      2018-05-11  3234  
64591e8605d6e2f Suren Baghdasaryan  2022-01-14  3235  	mmap_write_lock(mm);
9480c53e9b2aa13 Jeremy Fitzhardinge 2009-02-11  3236  	arch_exit_mmap(mm);
9480c53e9b2aa13 Jeremy Fitzhardinge 2009-02-11  3237  
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3238  	vma = mas_find(&mas, ULONG_MAX);
64591e8605d6e2f Suren Baghdasaryan  2022-01-14  3239  	if (!vma) {
64591e8605d6e2f Suren Baghdasaryan  2022-01-14  3240  		/* Can happen if dup_mmap() received an OOM */
64591e8605d6e2f Suren Baghdasaryan  2022-01-14  3241  		mmap_write_unlock(mm);
9480c53e9b2aa13 Jeremy Fitzhardinge 2009-02-11  3242  		return;
64591e8605d6e2f Suren Baghdasaryan  2022-01-14  3243  	}
9480c53e9b2aa13 Jeremy Fitzhardinge 2009-02-11  3244  
^1da177e4c3f415 Linus Torvalds      2005-04-16  3245  	lru_add_drain();
^1da177e4c3f415 Linus Torvalds      2005-04-16  3246  	flush_cache_mm(mm);
d8b450530b90f88 Will Deacon         2021-01-27  3247  	tlb_gather_mmu_fullmm(&tlb, mm);
901608d9045146a Oleg Nesterov       2009-01-06  3248  	/* update_hiwater_rss(mm) here? but nobody should be looking */
e0da382c92626ad Hugh Dickins        2005-04-19  3249  	/* Use -1 here to ensure all VMAs in the mm are unmapped */
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3250  	unmap_vmas(&tlb, &mm->mm_mt, vma, 0, ULONG_MAX);
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3251  	free_pgtables(&tlb, &mm->mm_mt, vma, FIRST_USER_ADDRESS,
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3252  		      USER_PGTABLES_CEILING);
ae8eba8b5d723a4 Will Deacon         2021-01-27  3253  	tlb_finish_mmu(&tlb);
^1da177e4c3f415 Linus Torvalds      2005-04-16  3254  
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3255  	/*
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3256  	 * Walk the list again, actually closing and freeing it, with preemption
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3257  	 * enabled, without holding any MM locks besides the unreachable
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3258  	 * mmap_write_lock.
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3259  	 */
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3260  	do {
4f74d2c8e827af1 Linus Torvalds      2012-05-06  3261  		if (vma->vm_flags & VM_ACCOUNT)
4f74d2c8e827af1 Linus Torvalds      2012-05-06  3262  			nr_accounted += vma_pages(vma);
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3263  		remove_vma(vma);
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3264  		count++;
0a3b3c253a1eb2c Paul E. McKenney    2020-04-16  3265  		cond_resched();
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3266  	} while ((vma = mas_find(&mas, ULONG_MAX)) != NULL);
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3267  
df9e44c56ef7d1d Liam R. Howlett     2022-06-02  3268  	BUG_ON(count != mm->map_count);
5a32db2a9fbeba1 Liam R. Howlett     2022-06-02  3269  
5a32db2a9fbeba1 Liam R. Howlett     2022-06-02  3270  	trace_exit_mmap(mm);
5a32db2a9fbeba1 Liam R. Howlett     2022-06-02  3271  	__mt_destroy(&mm->mm_mt);
f798a1d4f94de95 Suren Baghdasaryan  2022-02-25 @3272  	mm->mmap = NULL;
64591e8605d6e2f Suren Baghdasaryan  2022-01-14  3273  	mmap_write_unlock(mm);
4f74d2c8e827af1 Linus Torvalds      2012-05-06  3274  	vm_unacct_memory(nr_accounted);
^1da177e4c3f415 Linus Torvalds      2005-04-16  3275  }
^1da177e4c3f415 Linus Torvalds      2005-04-16  3276  

:::::: The code at line 3272 was first introduced by commit
:::::: f798a1d4f94de9510e060d37b9b47721065a957c mm: fix use-after-free bug when mm->mmap is reused after being freed

:::::: TO: Suren Baghdasaryan <surenb@xxxxxxxxxx>
:::::: CC: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux