tree: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-unstable head: 191d97734e41a5c9f90a2f6636fdd335ae1d435d commit: 2812c4c704e875ed9047a756641ba10c032f6c9c [289/292] userfaultfd: use per-vma locks in userfaultfd operations config: m68k-defconfig (https://download.01.org/0day-ci/archive/20240210/202402101302.UF7G8Rr8-lkp@xxxxxxxxx/config) compiler: m68k-linux-gcc (GCC) 13.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240210/202402101302.UF7G8Rr8-lkp@xxxxxxxxx/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@xxxxxxxxx> | Closes: https://lore.kernel.org/oe-kbuild-all/202402101302.UF7G8Rr8-lkp@xxxxxxxxx/ All warnings (new ones prefixed by >>): >> mm/userfaultfd.c:1526: warning: Excess function parameter 'mm' description in 'move_pages' vim +1526 mm/userfaultfd.c adef440691bab8 Andrea Arcangeli 2023-12-06 1448 adef440691bab8 Andrea Arcangeli 2023-12-06 1449 /** adef440691bab8 Andrea Arcangeli 2023-12-06 1450 * move_pages - move arbitrary anonymous pages of an existing vma adef440691bab8 Andrea Arcangeli 2023-12-06 1451 * @ctx: pointer to the userfaultfd context adef440691bab8 Andrea Arcangeli 2023-12-06 1452 * @mm: the address space to move pages adef440691bab8 Andrea Arcangeli 2023-12-06 1453 * @dst_start: start of the destination virtual memory range adef440691bab8 Andrea Arcangeli 2023-12-06 1454 * @src_start: start of the source virtual memory range adef440691bab8 Andrea Arcangeli 2023-12-06 1455 * @len: length of the virtual memory range adef440691bab8 Andrea Arcangeli 2023-12-06 1456 * @mode: flags from uffdio_move.mode adef440691bab8 Andrea Arcangeli 2023-12-06 1457 * adef440691bab8 Andrea Arcangeli 2023-12-06 1458 * move_pages() remaps arbitrary anonymous pages atomically in zero adef440691bab8 Andrea Arcangeli 2023-12-06 1459 * copy. It only works on non shared anonymous pages because those can adef440691bab8 Andrea Arcangeli 2023-12-06 1460 * be relocated without generating non linear anon_vmas in the rmap adef440691bab8 Andrea Arcangeli 2023-12-06 1461 * code. adef440691bab8 Andrea Arcangeli 2023-12-06 1462 * adef440691bab8 Andrea Arcangeli 2023-12-06 1463 * It provides a zero copy mechanism to handle userspace page faults. adef440691bab8 Andrea Arcangeli 2023-12-06 1464 * The source vma pages should have mapcount == 1, which can be adef440691bab8 Andrea Arcangeli 2023-12-06 1465 * enforced by using madvise(MADV_DONTFORK) on src vma. adef440691bab8 Andrea Arcangeli 2023-12-06 1466 * adef440691bab8 Andrea Arcangeli 2023-12-06 1467 * The thread receiving the page during the userland page fault adef440691bab8 Andrea Arcangeli 2023-12-06 1468 * will receive the faulting page in the source vma through the network, adef440691bab8 Andrea Arcangeli 2023-12-06 1469 * storage or any other I/O device (MADV_DONTFORK in the source vma adef440691bab8 Andrea Arcangeli 2023-12-06 1470 * avoids move_pages() to fail with -EBUSY if the process forks before adef440691bab8 Andrea Arcangeli 2023-12-06 1471 * move_pages() is called), then it will call move_pages() to map the adef440691bab8 Andrea Arcangeli 2023-12-06 1472 * page in the faulting address in the destination vma. adef440691bab8 Andrea Arcangeli 2023-12-06 1473 * adef440691bab8 Andrea Arcangeli 2023-12-06 1474 * This userfaultfd command works purely via pagetables, so it's the adef440691bab8 Andrea Arcangeli 2023-12-06 1475 * most efficient way to move physical non shared anonymous pages adef440691bab8 Andrea Arcangeli 2023-12-06 1476 * across different virtual addresses. Unlike mremap()/mmap()/munmap() adef440691bab8 Andrea Arcangeli 2023-12-06 1477 * it does not create any new vmas. The mapping in the destination adef440691bab8 Andrea Arcangeli 2023-12-06 1478 * address is atomic. adef440691bab8 Andrea Arcangeli 2023-12-06 1479 * adef440691bab8 Andrea Arcangeli 2023-12-06 1480 * It only works if the vma protection bits are identical from the adef440691bab8 Andrea Arcangeli 2023-12-06 1481 * source and destination vma. adef440691bab8 Andrea Arcangeli 2023-12-06 1482 * adef440691bab8 Andrea Arcangeli 2023-12-06 1483 * It can remap non shared anonymous pages within the same vma too. adef440691bab8 Andrea Arcangeli 2023-12-06 1484 * adef440691bab8 Andrea Arcangeli 2023-12-06 1485 * If the source virtual memory range has any unmapped holes, or if adef440691bab8 Andrea Arcangeli 2023-12-06 1486 * the destination virtual memory range is not a whole unmapped hole, adef440691bab8 Andrea Arcangeli 2023-12-06 1487 * move_pages() will fail respectively with -ENOENT or -EEXIST. This adef440691bab8 Andrea Arcangeli 2023-12-06 1488 * provides a very strict behavior to avoid any chance of memory adef440691bab8 Andrea Arcangeli 2023-12-06 1489 * corruption going unnoticed if there are userland race conditions. adef440691bab8 Andrea Arcangeli 2023-12-06 1490 * Only one thread should resolve the userland page fault at any given adef440691bab8 Andrea Arcangeli 2023-12-06 1491 * time for any given faulting address. This means that if two threads adef440691bab8 Andrea Arcangeli 2023-12-06 1492 * try to both call move_pages() on the same destination address at the adef440691bab8 Andrea Arcangeli 2023-12-06 1493 * same time, the second thread will get an explicit error from this adef440691bab8 Andrea Arcangeli 2023-12-06 1494 * command. adef440691bab8 Andrea Arcangeli 2023-12-06 1495 * adef440691bab8 Andrea Arcangeli 2023-12-06 1496 * The command retval will return "len" is successful. The command adef440691bab8 Andrea Arcangeli 2023-12-06 1497 * however can be interrupted by fatal signals or errors. If adef440691bab8 Andrea Arcangeli 2023-12-06 1498 * interrupted it will return the number of bytes successfully adef440691bab8 Andrea Arcangeli 2023-12-06 1499 * remapped before the interruption if any, or the negative error if adef440691bab8 Andrea Arcangeli 2023-12-06 1500 * none. It will never return zero. Either it will return an error or adef440691bab8 Andrea Arcangeli 2023-12-06 1501 * an amount of bytes successfully moved. If the retval reports a adef440691bab8 Andrea Arcangeli 2023-12-06 1502 * "short" remap, the move_pages() command should be repeated by adef440691bab8 Andrea Arcangeli 2023-12-06 1503 * userland with src+retval, dst+reval, len-retval if it wants to know adef440691bab8 Andrea Arcangeli 2023-12-06 1504 * about the error that interrupted it. adef440691bab8 Andrea Arcangeli 2023-12-06 1505 * adef440691bab8 Andrea Arcangeli 2023-12-06 1506 * The UFFDIO_MOVE_MODE_ALLOW_SRC_HOLES flag can be specified to adef440691bab8 Andrea Arcangeli 2023-12-06 1507 * prevent -ENOENT errors to materialize if there are holes in the adef440691bab8 Andrea Arcangeli 2023-12-06 1508 * source virtual range that is being remapped. The holes will be adef440691bab8 Andrea Arcangeli 2023-12-06 1509 * accounted as successfully remapped in the retval of the adef440691bab8 Andrea Arcangeli 2023-12-06 1510 * command. This is mostly useful to remap hugepage naturally aligned adef440691bab8 Andrea Arcangeli 2023-12-06 1511 * virtual regions without knowing if there are transparent hugepage adef440691bab8 Andrea Arcangeli 2023-12-06 1512 * in the regions or not, but preventing the risk of having to split adef440691bab8 Andrea Arcangeli 2023-12-06 1513 * the hugepmd during the remap. adef440691bab8 Andrea Arcangeli 2023-12-06 1514 * adef440691bab8 Andrea Arcangeli 2023-12-06 1515 * If there's any rmap walk that is taking the anon_vma locks without adef440691bab8 Andrea Arcangeli 2023-12-06 1516 * first obtaining the folio lock (the only current instance is adef440691bab8 Andrea Arcangeli 2023-12-06 1517 * folio_referenced), they will have to verify if the folio->mapping adef440691bab8 Andrea Arcangeli 2023-12-06 1518 * has changed after taking the anon_vma lock. If it changed they adef440691bab8 Andrea Arcangeli 2023-12-06 1519 * should release the lock and retry obtaining a new anon_vma, because adef440691bab8 Andrea Arcangeli 2023-12-06 1520 * it means the anon_vma was changed by move_pages() before the lock adef440691bab8 Andrea Arcangeli 2023-12-06 1521 * could be obtained. This is the only additional complexity added to adef440691bab8 Andrea Arcangeli 2023-12-06 1522 * the rmap code to provide this anonymous page remapping functionality. adef440691bab8 Andrea Arcangeli 2023-12-06 1523 */ 2812c4c704e875 Lokesh Gidra 2024-02-08 1524 ssize_t move_pages(struct userfaultfd_ctx *ctx, unsigned long dst_start, 2812c4c704e875 Lokesh Gidra 2024-02-08 1525 unsigned long src_start, unsigned long len, __u64 mode) adef440691bab8 Andrea Arcangeli 2023-12-06 @1526 { 2812c4c704e875 Lokesh Gidra 2024-02-08 1527 struct mm_struct *mm = ctx->mm; adef440691bab8 Andrea Arcangeli 2023-12-06 1528 struct vm_area_struct *src_vma, *dst_vma; adef440691bab8 Andrea Arcangeli 2023-12-06 1529 unsigned long src_addr, dst_addr; adef440691bab8 Andrea Arcangeli 2023-12-06 1530 pmd_t *src_pmd, *dst_pmd; adef440691bab8 Andrea Arcangeli 2023-12-06 1531 long err = -EINVAL; adef440691bab8 Andrea Arcangeli 2023-12-06 1532 ssize_t moved = 0; adef440691bab8 Andrea Arcangeli 2023-12-06 1533 adef440691bab8 Andrea Arcangeli 2023-12-06 1534 /* Sanitize the command parameters. */ adef440691bab8 Andrea Arcangeli 2023-12-06 1535 if (WARN_ON_ONCE(src_start & ~PAGE_MASK) || adef440691bab8 Andrea Arcangeli 2023-12-06 1536 WARN_ON_ONCE(dst_start & ~PAGE_MASK) || adef440691bab8 Andrea Arcangeli 2023-12-06 1537 WARN_ON_ONCE(len & ~PAGE_MASK)) adef440691bab8 Andrea Arcangeli 2023-12-06 1538 goto out; adef440691bab8 Andrea Arcangeli 2023-12-06 1539 adef440691bab8 Andrea Arcangeli 2023-12-06 1540 /* Does the address range wrap, or is the span zero-sized? */ adef440691bab8 Andrea Arcangeli 2023-12-06 1541 if (WARN_ON_ONCE(src_start + len <= src_start) || adef440691bab8 Andrea Arcangeli 2023-12-06 1542 WARN_ON_ONCE(dst_start + len <= dst_start)) adef440691bab8 Andrea Arcangeli 2023-12-06 1543 goto out; adef440691bab8 Andrea Arcangeli 2023-12-06 1544 :::::: The code at line 1526 was first introduced by commit :::::: adef440691bab824e39c1b17382322d195e1fab0 userfaultfd: UFFDIO_MOVE uABI :::::: TO: Andrea Arcangeli <aarcange@xxxxxxxxxx> :::::: CC: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
