Re: [linux-next:master 2565/2825] mm/userfaultfd.c:983 move_zeropage_pte() warn: inconsistent returns 'dst_ptl'.

Suren Baghdasaryan <surenb@xxxxxxxxxx> · Tue, 30 Jan 2024 18:37:14 -0800

On Mon, Jan 29, 2024 at 9:13 PM Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:
>
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
> head:   596764183be8ebb13352b281a442a1f1151c9b06
> commit: ea4df6a5ea81105879ca5549555e231c4596fbc4 [2565/2825] userfaultfd: handle zeropage moves by UFFDIO_MOVE
> config: x86_64-randconfig-161-20240129 (https://download.01.org/0day-ci/archive/20240130/202401300107.U8iMAkTl-lkp@xxxxxxxxx/config)
> compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@xxxxxxxxx>
> | Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> | Closes: https://lore.kernel.org/r/202401300107.U8iMAkTl-lkp@xxxxxxxxx/
>
> smatch warnings:
> mm/userfaultfd.c:983 move_zeropage_pte() warn: inconsistent returns 'dst_ptl'.
>
> vim +/dst_ptl +983 mm/userfaultfd.c
>
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  962  static int move_zeropage_pte(struct mm_struct *mm,
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  963                            struct vm_area_struct *dst_vma,
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  964                            struct vm_area_struct *src_vma,
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  965                            unsigned long dst_addr, unsigned long src_addr,
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  966                            pte_t *dst_pte, pte_t *src_pte,
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  967                            pte_t orig_dst_pte, pte_t orig_src_pte,
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  968                            spinlock_t *dst_ptl, spinlock_t *src_ptl)
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  969  {
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  970       pte_t zero_pte;
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  971
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  972       double_pt_lock(dst_ptl, src_ptl);
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  973       if (!pte_same(ptep_get(src_pte), orig_src_pte) ||
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  974           !pte_same(ptep_get(dst_pte), orig_dst_pte))
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  975               return -EAGAIN;
>
> double_pt_unlock(dst_ptl, src_ptl) before returning?

Thanks for reporting and sorry for the delay!
Yes, this is definitely a bug. I'll post a fix tomorrow morning.
Thanks,
Suren.

>
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  976
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  977       zero_pte = pte_mkspecial(pfn_pte(my_zero_pfn(dst_addr),
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  978                                        dst_vma->vm_page_prot));
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  979       ptep_clear_flush(src_vma, src_addr, src_pte);
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  980       set_pte_at(mm, dst_addr, dst_pte, zero_pte);
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  981       double_pt_unlock(dst_ptl, src_ptl);
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  982
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24 @983       return 0;
> ea4df6a5ea8110 Suren Baghdasaryan 2024-01-24  984  }
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>