mm: userfaultfd: add new UFFDIO_POISON ioctl: fix
authorHugh Dickins <hughd@google.com>
Wed, 12 Jul 2023 01:27:17 +0000 (18:27 -0700)
committerAndrew Morton <akpm@linux-foundation.org>
Fri, 18 Aug 2023 17:12:17 +0000 (10:12 -0700)
Smatch has observed that pte_offset_map_lock() is now allowed to fail, and
then ptl should not be unlocked.  Use -EAGAIN here like elsewhere.

Link: https://lkml.kernel.org/r/bc7bba61-d34f-ad3a-ccf1-c191585ef851@google.com
Signed-off-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Axel Rasmussen <axelrasmussen@google.com>
Cc: Dan Carpenter <dan.carpenter@linaro.org>
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
mm/userfaultfd.c

index 68157359dc3440ac7a48972d6b2c1042b0ff51bf..dd167184575e2a398920332b6070e95e686199a3 100644 (file)
@@ -300,7 +300,10 @@ static int mfill_atomic_pte_poison(pmd_t *dst_pmd,
        spinlock_t *ptl;
 
        _dst_pte = make_pte_marker(PTE_MARKER_POISONED);
+       ret = -EAGAIN;
        dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl);
+       if (!dst_pte)
+               goto out;
 
        if (mfill_file_over_size(dst_vma, dst_addr)) {
                ret = -EFAULT;
@@ -319,6 +322,7 @@ static int mfill_atomic_pte_poison(pmd_t *dst_pmd,
        ret = 0;
 out_unlock:
        pte_unmap_unlock(dst_pte, ptl);
+out:
        return ret;
 }