[rcu:willy-maple 137/202] mm/mmap.c:1895 mmap_region() error: uninitialized symbol 'next'.

From: Dan Carpenter
Date: Thu Feb 04 2021 - 02:02:54 EST

Next message:
Previous
Messages

tree: If you fix the issue, Reported-by: kernel Reported-by: Dan Carpenter
smatch warnings:
mm/mmap.c:1895 mmap_region()
vim +/next +1895 mm/mmap.c

0165ab443556bd Miklos Szeredi 897ab3e0c49e24 Mike Rapoport 897ab3e0c49e24 Mike Rapoport 0165ab443556bd Miklos Szeredi 0165ab443556bd Miklos Szeredi 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 0165ab443556bd Miklos Szeredi 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 0165ab443556bd Miklos Szeredi e8420a8ece80b3 Cyril Hrubis 84638335900f19 Konstantin e8420a8ece80b3 Cyril Hrubis e8420a8ece80b3 Cyril Hrubis e8420a8ece80b3 Cyril Hrubis e8420a8ece80b3 Cyril Hrubis e8420a8ece80b3 Cyril Hrubis e8420a8ece80b3 Cyril Hrubis 059c8a0bb96791 Liam R. Howlett e8420a8ece80b3 Cyril Hrubis 84638335900f19 Konstantin 84638335900f19 Konstantin e8420a8ece80b3 Cyril Hrubis e8420a8ece80b3 Cyril Hrubis e8420a8ece80b3 Cyril Hrubis 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett ^1da177e4c3f41 Linus Torvalds 059c8a0bb96791 Liam R. Howlett ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds 5a6fe125950676 Mel Gorman ^1da177e4c3f41 Linus Torvalds 191c542442fdf5 Al Viro ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett
"next" not
059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds 490fc053865c9c Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds 059c8a0bb96791 Liam R. Howlett ^1da177e4c3f41 Linus Torvalds 3ed75eb8f1cd89 Coly Li ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann 4bb5f5d9395bc1 David Herrmann cb0942b8124979 Al Viro f74ac01520c9f6 Miklos Szeredi ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds ^1da177e4c3f41 Linus Torvalds 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian 309d08d9b3a365 Liu Zixian d70cec8983241a Miaohe Lin d70cec8983241a Miaohe Lin d70cec8983241a Miaohe Lin 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett Warning here. The code positive. Smatch is particularly tests like accross function boundaries...

bc4fe4cdd602b3 Miaohe Lin bc4fe4cdd602b3 Miaohe Lin bc4fe4cdd602b3 Miaohe Lin bc4fe4cdd602b3 Miaohe Lin bc4fe4cdd602b3 Miaohe Lin d70cec8983241a Miaohe Lin 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett 059c8a0bb96791 Liam R. Howlett d70cec8983241a Miaohe Lin d70cec8983241a Miaohe Lin d70cec8983241a Miaohe Lin d70cec8983241a Miaohe Lin d70cec8983241a Miaohe Lin ^1da177e4c3f41 Linus Torvalds f8dbf0a7a4c5d9 Huang Shijie f8dbf0a7a4c5d9 Huang Shijie f8dbf0a7a4c5d9 Huang Shijie f8dbf0a7a4c5d9 Huang Shijie bfd40eaff5abb9 Kirill A. Shutemov
---
0-DAY CI Kernel Test Description: application/gzip Yang Li: "[PATCH] media: atomisp: Remove unneeded return variable" message: Anshuman Khandual: "[RFC 3/3] dma-contiguous: Type cast MAX_ORDER as unsigned int" sorted by: [ date ] [ thread ] [ subject ] [ author ] href="https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git">https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git willy-maple
4f39fa70456e0084c86
8eaa5b3f548f13e7226 [137/202] mm/mmap: Change mmap_region to use maple tree state
(attached as .config)
9.3.0-15) 9.3.0
kindly add following tag as appropriate
test robot <lkp@xxxxxxxxx>
<dan.carpenter@xxxxxxxxxx>
error: uninitialized symbol 'next'.
2007-07-15 1753 unsigned long mmap_region(struct file *file, unsigned long addr,
2017-02-24 1754 unsigned long len, vm_flags_t vm_flags, unsigned long pgoff,
2017-02-24 1755 struct list_head *uf)
2007-07-15 1756 {
2007-07-15 1757 struct mm_struct *mm = current->mm;
2020-11-10 1758 struct vm_area_struct *vma = NULL;
2020-11-10 1759 struct vm_area_struct *prev, *next;
2020-11-10 1760 pgoff_t pglen = len >> PAGE_SHIFT;
2007-07-15 1761 unsigned long charged = 0;
2020-11-10 1762 unsigned long end = addr + len;
2020-11-10 1763 unsigned long merge_start = addr, merge_end = end;
2020-11-10 1764 pgoff_t vm_pgoff;
2020-11-10 1765 int error;
2020-11-10 1766 MA_STATE(mas, &mm->mm_mt, addr, end - 1);
2007-07-15 1767
2013-04-29 1768 /* Check against address space limit. */
Khlebnikov 2016-01-14 1769 if (!may_expand_vm(mm, vm_flags, len >> PAGE_SHIFT)) {
2013-04-29 1770 unsigned long nr_pages;
2013-04-29 1771
2013-04-29 1772 /*
2013-04-29 1773 * MAP_FIXED may remove pages of mappings that intersects with
2013-04-29 1774 * requested mapping. Account for the pages it would unmap.
2013-04-29 1775 */
2020-11-10 1776 nr_pages = count_vma_pages_range(mm, addr, end);
2013-04-29 1777
Khlebnikov 2016-01-14 1778 if (!may_expand_vm(mm, vm_flags,
Khlebnikov 2016-01-14 1779 (len >> PAGE_SHIFT) - nr_pages))
2013-04-29 1780 return -ENOMEM;
2013-04-29 1781 }
2013-04-29 1782
2020-11-10 1783 /* Unmap any existing mapping in the area */
2020-11-10 1784 if (do_munmap(mm, addr, len, uf))
2005-04-16 1785 return -ENOMEM;
2020-11-10 1786
2005-04-16 1787 /*
2005-04-16 1788 * Private writable mapping: check memory availability
2005-04-16 1789 */
2009-02-10 1790 if (accountable_mapping(file, vm_flags)) {
2005-04-16 1791 charged = len >> PAGE_SHIFT;
2012-02-13 1792 if (security_vm_enough_memory_mm(mm, charged))
2005-04-16 1793 return -ENOMEM;
2005-04-16 1794 vm_flags |= VM_ACCOUNT;
2005-04-16 1795 }
2005-04-16 1796
2005-04-16 1797
2020-11-10 1798 if (vm_flags & VM_SPECIAL) {
2020-11-10 1799 prev = mas_prev(&mas, 0);
2020-11-10 1800 goto cannot_expand;
initialized on this path.
2020-11-10 1801 }
2020-11-10 1802
2020-11-10 1803 /* Attempt to expand an old mapping */
2020-11-10 1804
2020-11-10 1805 /* Check next */
2020-11-10 1806 next = mas_next(&mas, ULONG_MAX);
2020-11-10 1807 if (next && next->vm_start == end && vma_policy(next) &&
2020-11-10 1808 can_vma_merge_before(next, vm_flags, NULL, file, pgoff+pglen,
2020-11-10 1809 NULL_VM_UFFD_CTX)) {
2020-11-10 1810 merge_end = next->vm_end;
2020-11-10 1811 vma = next;
2020-11-10 1812 vm_pgoff = next->vm_pgoff - pglen;
2020-11-10 1813 }
2020-11-10 1814
2020-11-10 1815 /* Check prev */
2020-11-10 1816 prev = mas_prev(&mas, 0);
2020-11-10 1817 if (prev && prev->vm_end == addr && !vma_policy(prev) &&
2020-11-10 1818 can_vma_merge_after(prev, vm_flags, NULL, file, pgoff,
2020-11-10 1819 NULL_VM_UFFD_CTX)) {
2020-11-10 1820 merge_start = prev->vm_start;
2020-11-10 1821 vma = prev;
2020-11-10 1822 vm_pgoff = prev->vm_pgoff;
2020-11-10 1823 }
2020-11-10 1824
2020-11-10 1825
2020-11-10 1826 /* Actually expand, if possible */
2020-11-10 1827 if (vma &&
2020-11-10 1828 !vma_expand(&mas, vma, merge_start, merge_end, vm_pgoff, next)) {
2020-11-10 1829 khugepaged_enter_vma_merge(prev, vm_flags);
2020-11-10 1830 goto expanded;
2020-11-10 1831 }
2020-11-10 1832
2020-11-10 1833 mas_set_range(&mas, addr, end - 1);
2020-11-10 1834 cannot_expand:
2005-04-16 1835 /*
2005-04-16 1836 * Determine the object being mapped and call the appropriate
2005-04-16 1837 * specific mapper. the address has already been validated, but
2005-04-16 1838 * not unmapped, but the maps are removed from the list.
2005-04-16 1839 */
2018-07-21 1840 vma = vm_area_alloc(mm);
2005-04-16 1841 if (!vma) {
2005-04-16 1842 error = -ENOMEM;
2005-04-16 1843 goto unacct_error;
2005-04-16 1844 }
2005-04-16 1845
2005-04-16 1846 vma->vm_start = addr;
2020-11-10 1847 vma->vm_end = end;
2005-04-16 1848 vma->vm_flags = vm_flags;
2007-10-18 1849 vma->vm_page_prot = vm_get_page_prot(vm_flags);
2005-04-16 1850 vma->vm_pgoff = pgoff;
2005-04-16 1851
2005-04-16 1852 if (file) {
2005-04-16 1853 if (vm_flags & VM_DENYWRITE) {
2005-04-16 1854 error = deny_write_access(file);
2005-04-16 1855 if (error)
2005-04-16 1856 goto free_vma;
2005-04-16 1857 }
2014-08-08 1858 if (vm_flags & VM_SHARED) {
2014-08-08 1859 error = mapping_map_writable(file->f_mapping);
2014-08-08 1860 if (error)
2014-08-08 1861 goto allow_write_and_free_vma;
2014-08-08 1862 }
2014-08-08 1863
2014-08-08 1864 /* ->mmap() can change vma->vm_file, but must guarantee that
2014-08-08 1865 * vma_link() below can deny write-access if VM_DENYWRITE is set
2014-08-08 1866 * and map writably if VM_SHARED is set. This usually means the
2014-08-08 1867 * new file must not have been exposed to user-space, yet.
2014-08-08 1868 */
2012-08-27 1869 vma->vm_file = get_file(file);
2017-02-20 1870 error = call_mmap(file, vma);
2005-04-16 1871 if (error)
2005-04-16 1872 goto unmap_and_free_vma;
2005-04-16 1873
2020-12-05 1874 /* Can addr have changed??
2020-12-05 1875 *
2020-12-05 1876 * Answer: Yes, several device drivers can do it in their
2020-12-05 1877 * f_op->mmap method. -DaveM
2020-12-05 1878 * Bug: If addr is changed, prev, rb_link, rb_parent should
2020-12-05 1879 * be updated for vma_link()
2020-12-05 1880 */
2020-12-05 1881 WARN_ON_ONCE(addr != vma->vm_start);
2020-12-05 1882
2020-12-05 1883 addr = vma->vm_start;
2020-12-05 1884
2020-08-06 1885 /* If vm_flags changed after call_mmap(), we should try merge vma again
2020-08-06 1886 * as we may succeed this time.
2020-08-06 1887 */
2020-11-10 1888 if (unlikely(vm_flags != vma->vm_flags && prev &&
2020-11-10 1889 prev->vm_end == addr && !vma_policy(prev) &&
2020-11-10 1890 can_vma_merge_after(prev, vm_flags, NULL, file,
2020-11-10 1891 pgoff, NULL_VM_UFFD_CTX))) {
2020-11-10 1892 merge_start = prev->vm_start;
2020-11-10 1893 vm_pgoff = prev->vm_pgoff;
2020-11-10 1894 if (!vma_expand(&mas, prev, merge_start, merge_end,
2020-11-10 @1895 vm_pgoff, next)) {
^^^^
is too complicated to know if it's a false
not very good about tracking bit masks and
"if (vm_flags & VM_SPECIAL)" are not tracked
2020-10-10 1896 /* ->mmap() can change vma->vm_file and fput the original file. So
2020-10-10 1897 * fput the vma->vm_file here or we would add an extra fput for file
2020-10-10 1898 * and cause general protection fault ultimately.
2020-10-10 1899 */
2020-10-10 1900 fput(vma->vm_file);
2020-08-06 1901 vm_area_free(vma);
2020-11-10 1902 vma = prev;
2020-11-10 1903 /* Update vm_flags and possible addr to pick up the change. We don't
2020-11-10 1904 * warn here if addr changed as the vma is not linked by vma_link().
2020-11-10 1905 */
2020-11-10 1906 addr = vma->vm_start;
2020-08-06 1907 vm_flags = vma->vm_flags;
2020-08-06 1908 goto unmap_writable;
2020-08-06 1909 }
2020-08-06 1910 }
2020-08-06 1911
2005-04-16 1912 vm_flags = vma->vm_flags;
2009-09-21 1913 } else if (vm_flags & VM_SHARED) {
2009-09-21 1914 error = shmem_zero_setup(vma);
2009-09-21 1915 if (error)
2009-09-21 1916 goto free_vma;
2018-07-26 1917 } else {
Service, Intel Corporation
s://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx">https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
>.config.gz

Next message: Yang Li: "[PATCH] media: atomisp: Remove unneeded return variable"
Previous message: Anshuman Khandual: "[RFC 3/3] dma-contiguous: Type cast MAX_ORDER as unsigned int"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]