On 07.08.2018 18:58, Dan Carpenter wrote:
> Hello Dominik Dingel,
>
> This is a semi-automatic email about new static checker warnings.
Hi Dan,
while Dominik wrote the patch, he is unfortunately not available anymore
and I take care of that part of s390 mm right now. Sorry I missed this
mail, I do not read on this list often.
>
> The patch 7d735b9ae82d: "s390/mm: hugetlb pages within a gmap can not
> be freed" from Jul 13, 2018, leads to the following Smatch complaint:
>
> arch/s390/mm/gmap.c:718 gmap_discard()
> error: we previously assumed 'vma' could be null (see line 715)>
> arch/s390/mm/gmap.c
> 700 for (gaddr = from; gaddr < to;
> 701 gaddr = (gaddr + PMD_SIZE) & PMD_MASK) {
> 702 /* Find the vm address for the guest address */
> 703 vmaddr = (unsigned long)
> 704 radix_tree_lookup(&gmap->guest_to_host,
> 705 gaddr >> PMD_SHIFT);
> 706 if (!vmaddr)
> 707 continue;
> 708 vmaddr |= gaddr & ~PMD_MASK;
> 709 /* Find vma in the parent mm */
> 710 vma = find_vma(gmap->mm, vmaddr);
> 711 /*
> 712 * We do not discard pages that are backed by
> 713 * hugetlbfs, so we don't have to refault them.
> 714 */
> 715 if (vma && is_vm_hugetlb_page(vma))
> ^^^
> The patch adds a new check
Theoretically userspace could unmap an area that is mapped by the gmap
to a guest without the gmap unmap calls, hence vmaddr would be valid and
vma == NULL.
Thanks for semi-automatically reporting this, I'll provide a fix.
>
> 716 continue;
> 717 size = min(to - gaddr, PMD_SIZE - (gaddr & ~PMD_MASK));
> 718 zap_page_range(vma, vmaddr, size);
> ^^^
> but if "vma" is NULL we are toasted here anyway.
>
> 719 }
> 720 up_read(&gmap->mm->mmap_sem);
>
> regards,
> dan carpenter
> --
> To unsubscribe from this list: send the line "unsubscribe linux-s390" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
Attachment:
signature.asc
Description: OpenPGP digital signature
