On 07.08.2018 18:58, Dan Carpenter wrote: > Hello Dominik Dingel, > > This is a semi-automatic email about new static checker warnings. Hi Dan, while Dominik wrote the patch, he is unfortunately not available anymore and I take care of that part of s390 mm right now. Sorry I missed this mail, I do not read on this list often. > > The patch 7d735b9ae82d: "s390/mm: hugetlb pages within a gmap can not > be freed" from Jul 13, 2018, leads to the following Smatch complaint: > > arch/s390/mm/gmap.c:718 gmap_discard() > error: we previously assumed 'vma' could be null (see line 715)> > arch/s390/mm/gmap.c > 700 for (gaddr = from; gaddr < to; > 701 gaddr = (gaddr + PMD_SIZE) & PMD_MASK) { > 702 /* Find the vm address for the guest address */ > 703 vmaddr = (unsigned long) > 704 radix_tree_lookup(&gmap->guest_to_host, > 705 gaddr >> PMD_SHIFT); > 706 if (!vmaddr) > 707 continue; > 708 vmaddr |= gaddr & ~PMD_MASK; > 709 /* Find vma in the parent mm */ > 710 vma = find_vma(gmap->mm, vmaddr); > 711 /* > 712 * We do not discard pages that are backed by > 713 * hugetlbfs, so we don't have to refault them. > 714 */ > 715 if (vma && is_vm_hugetlb_page(vma)) > ^^^ > The patch adds a new check Theoretically userspace could unmap an area that is mapped by the gmap to a guest without the gmap unmap calls, hence vmaddr would be valid and vma == NULL. Thanks for semi-automatically reporting this, I'll provide a fix. > > 716 continue; > 717 size = min(to - gaddr, PMD_SIZE - (gaddr & ~PMD_MASK)); > 718 zap_page_range(vma, vmaddr, size); > ^^^ > but if "vma" is NULL we are toasted here anyway. > > 719 } > 720 up_read(&gmap->mm->mmap_sem); > > regards, > dan carpenter > -- > To unsubscribe from this list: send the line "unsubscribe linux-s390" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html >
Attachment:
signature.asc
Description: OpenPGP digital signature