Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
userfaultfd: remove (VM_)BUG_ON()s
BUG_ON() is deprecated [1]. Convert all the BUG_ON()s and VM_BUG_ON()s to
use VM_WARN_ON_ONCE().
There are a few additional cases that are converted or modified:
- Convert the printk(KERN_WARNING ...) in handle_userfault() to use
pr_warn().
- Convert the WARN_ON_ONCE()s in move_pages() to use VM_WARN_ON_ONCE(),
as the relevant conditions are already checked in validate_range() in
move_pages()'s caller.
- Convert the VM_WARN_ON()'s in move_pages() to VM_WARN_ON_ONCE(). These
cases should never happen and are similar to those in mfill_atomic()
and mfill_atomic_hugetlb(), which were previously BUG_ON()s.
move_pages() was added later than those functions and makes use of
VM_WARN_ON() as a replacement for the deprecated BUG_ON(), but.
VM_WARN_ON_ONCE() is likely a better direct replacement.
- Convert the WARN_ON() for !VM_MAYWRITE in userfaultfd_unregister() and
userfaultfd_register_range() to VM_WARN_ON_ONCE(). This condition is
enforced in userfaultfd_register() so it should never happen, and can
be converted to a debug check.
[1] https://www.kernel.org/doc/html/v6.15/process/coding-style.html#use-warn-rather-than-bug
Link: https://lkml.kernel.org/r/20250619-uffd-fixes-v3-3-a7274d3bd5e4@columbia.edu
Signed-off-by: Tal Zussman <tz2294@columbia.edu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: David Hildenbrand <david@redhat.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
authored by
Tal Zussman
and committed by
Andrew Morton
31defc3b
23ec90eb
+62
-65
+29
-30
fs/userfaultfd.c
+29
-30
fs/userfaultfd.c
···
165
165
static void userfaultfd_ctx_put(struct userfaultfd_ctx *ctx)
166
166
{
167
167
if (refcount_dec_and_test(&ctx->refcount)) {
168
-
VM_BUG_ON(spin_is_locked(&ctx->fault_pending_wqh.lock));
169
-
VM_BUG_ON(waitqueue_active(&ctx->fault_pending_wqh));
170
-
VM_BUG_ON(spin_is_locked(&ctx->fault_wqh.lock));
171
-
VM_BUG_ON(waitqueue_active(&ctx->fault_wqh));
172
-
VM_BUG_ON(spin_is_locked(&ctx->event_wqh.lock));
173
-
VM_BUG_ON(waitqueue_active(&ctx->event_wqh));
174
-
VM_BUG_ON(spin_is_locked(&ctx->fd_wqh.lock));
175
-
VM_BUG_ON(waitqueue_active(&ctx->fd_wqh));
168
+
VM_WARN_ON_ONCE(spin_is_locked(&ctx->fault_pending_wqh.lock));
169
+
VM_WARN_ON_ONCE(waitqueue_active(&ctx->fault_pending_wqh));
170
+
VM_WARN_ON_ONCE(spin_is_locked(&ctx->fault_wqh.lock));
171
+
VM_WARN_ON_ONCE(waitqueue_active(&ctx->fault_wqh));
172
+
VM_WARN_ON_ONCE(spin_is_locked(&ctx->event_wqh.lock));
173
+
VM_WARN_ON_ONCE(waitqueue_active(&ctx->event_wqh));
174
+
VM_WARN_ON_ONCE(spin_is_locked(&ctx->fd_wqh.lock));
175
+
VM_WARN_ON_ONCE(waitqueue_active(&ctx->fd_wqh));
176
176
mmdrop(ctx->mm);
177
177
kmem_cache_free(userfaultfd_ctx_cachep, ctx);
178
178
}
···
383
383
if (!ctx)
384
384
goto out;
385
385
386
-
BUG_ON(ctx->mm != mm);
386
+
VM_WARN_ON_ONCE(ctx->mm != mm);
387
387
388
388
/* Any unrecognized flag is a bug. */
389
-
VM_BUG_ON(reason & ~__VM_UFFD_FLAGS);
389
+
VM_WARN_ON_ONCE(reason & ~__VM_UFFD_FLAGS);
390
390
/* 0 or > 1 flags set is a bug; we expect exactly 1. */
391
-
VM_BUG_ON(!reason || (reason & (reason - 1)));
391
+
VM_WARN_ON_ONCE(!reason || (reason & (reason - 1)));
392
392
393
393
if (ctx->features & UFFD_FEATURE_SIGBUS)
394
394
goto out;
···
411
411
* to be sure not to return SIGBUS erroneously on
412
412
* nowait invocations.
413
413
*/
414
-
BUG_ON(vmf->flags & FAULT_FLAG_RETRY_NOWAIT);
414
+
VM_WARN_ON_ONCE(vmf->flags & FAULT_FLAG_RETRY_NOWAIT);
415
415
#ifdef CONFIG_DEBUG_VM
416
416
if (printk_ratelimit()) {
417
-
printk(KERN_WARNING
418
-
"FAULT_FLAG_ALLOW_RETRY missing %x\n",
419
-
vmf->flags);
417
+
pr_warn("FAULT_FLAG_ALLOW_RETRY missing %x\n",
418
+
vmf->flags);
420
419
dump_stack();
421
420
}
422
421
#endif
···
601
602
*/
602
603
out:
603
604
atomic_dec(&ctx->mmap_changing);
604
-
VM_BUG_ON(atomic_read(&ctx->mmap_changing) < 0);
605
+
VM_WARN_ON_ONCE(atomic_read(&ctx->mmap_changing) < 0);
605
606
userfaultfd_ctx_put(ctx);
606
607
}
607
608
···
709
710
struct userfaultfd_ctx *ctx = fctx->new;
710
711
711
712
atomic_dec(&octx->mmap_changing);
712
-
VM_BUG_ON(atomic_read(&octx->mmap_changing) < 0);
713
+
VM_WARN_ON_ONCE(atomic_read(&octx->mmap_changing) < 0);
713
714
userfaultfd_ctx_put(octx);
714
715
userfaultfd_ctx_put(ctx);
715
716
···
1316
1317
do {
1317
1318
cond_resched();
1318
1319
1319
-
BUG_ON(!!cur->vm_userfaultfd_ctx.ctx ^
1320
-
!!(cur->vm_flags & __VM_UFFD_FLAGS));
1320
+
VM_WARN_ON_ONCE(!!cur->vm_userfaultfd_ctx.ctx ^
1321
+
!!(cur->vm_flags & __VM_UFFD_FLAGS));
1321
1322
1322
1323
/* check not compatible vmas */
1323
1324
ret = -EINVAL;
···
1371
1372
1372
1373
found = true;
1373
1374
} for_each_vma_range(vmi, cur, end);
1374
-
BUG_ON(!found);
1375
+
VM_WARN_ON_ONCE(!found);
1375
1376
1376
1377
ret = userfaultfd_register_range(ctx, vma, vm_flags, start, end,
1377
1378
wp_async);
···
1463
1464
do {
1464
1465
cond_resched();
1465
1466
1466
-
BUG_ON(!!cur->vm_userfaultfd_ctx.ctx ^
1467
-
!!(cur->vm_flags & __VM_UFFD_FLAGS));
1467
+
VM_WARN_ON_ONCE(!!cur->vm_userfaultfd_ctx.ctx ^
1468
+
!!(cur->vm_flags & __VM_UFFD_FLAGS));
1468
1469
1469
1470
/*
1470
1471
* Prevent unregistering through a different userfaultfd than
···
1486
1487
1487
1488
found = true;
1488
1489
} for_each_vma_range(vmi, cur, end);
1489
-
BUG_ON(!found);
1490
+
VM_WARN_ON_ONCE(!found);
1490
1491
1491
1492
vma_iter_set(&vmi, start);
1492
1493
prev = vma_prev(&vmi);
···
1503
1504
1504
1505
VM_WARN_ON_ONCE(vma->vm_userfaultfd_ctx.ctx != ctx);
1505
1506
VM_WARN_ON_ONCE(!vma_can_userfault(vma, vma->vm_flags, wp_async));
1506
-
WARN_ON(!(vma->vm_flags & VM_MAYWRITE));
1507
+
VM_WARN_ON_ONCE(!(vma->vm_flags & VM_MAYWRITE));
1507
1508
1508
1509
if (vma->vm_start > start)
1509
1510
start = vma->vm_start;
···
1568
1569
* len == 0 means wake all and we don't want to wake all here,
1569
1570
* so check it again to be sure.
1570
1571
*/
1571
-
VM_BUG_ON(!range.len);
1572
+
VM_WARN_ON_ONCE(!range.len);
1572
1573
1573
1574
wake_userfault(ctx, &range);
1574
1575
ret = 0;
···
1625
1626
return -EFAULT;
1626
1627
if (ret < 0)
1627
1628
goto out;
1628
-
BUG_ON(!ret);
1629
+
VM_WARN_ON_ONCE(!ret);
1629
1630
/* len == 0 would wake all */
1630
1631
range.len = ret;
1631
1632
if (!(uffdio_copy.mode & UFFDIO_COPY_MODE_DONTWAKE)) {
···
1680
1681
if (ret < 0)
1681
1682
goto out;
1682
1683
/* len == 0 would wake all */
1683
-
BUG_ON(!ret);
1684
+
VM_WARN_ON_ONCE(!ret);
1684
1685
range.len = ret;
1685
1686
if (!(uffdio_zeropage.mode & UFFDIO_ZEROPAGE_MODE_DONTWAKE)) {
1686
1687
range.start = uffdio_zeropage.range.start;
···
1792
1793
goto out;
1793
1794
1794
1795
/* len == 0 would wake all */
1795
-
BUG_ON(!ret);
1796
+
VM_WARN_ON_ONCE(!ret);
1796
1797
range.len = ret;
1797
1798
if (!(uffdio_continue.mode & UFFDIO_CONTINUE_MODE_DONTWAKE)) {
1798
1799
range.start = uffdio_continue.range.start;
···
1849
1850
goto out;
1850
1851
1851
1852
/* len == 0 would wake all */
1852
-
BUG_ON(!ret);
1853
+
VM_WARN_ON_ONCE(!ret);
1853
1854
range.len = ret;
1854
1855
if (!(uffdio_poison.mode & UFFDIO_POISON_MODE_DONTWAKE)) {
1855
1856
range.start = uffdio_poison.range.start;
···
2110
2111
struct file *file;
2111
2112
int fd;
2112
2113
2113
-
BUG_ON(!current->mm);
2114
+
VM_WARN_ON_ONCE(!current->mm);
2114
2115
2115
2116
/* Check the UFFD_* constants for consistency. */
2116
2117
BUILD_BUG_ON(UFFD_USER_MODE_ONLY & UFFD_SHARED_FCNTL_FLAGS);
+33
-35
mm/userfaultfd.c
+33
-35
mm/userfaultfd.c
···
561
561
}
562
562
563
563
while (src_addr < src_start + len) {
564
-
BUG_ON(dst_addr >= dst_start + len);
564
+
VM_WARN_ON_ONCE(dst_addr >= dst_start + len);
565
565
566
566
/*
567
567
* Serialize via vma_lock and hugetlb_fault_mutex.
···
602
602
if (unlikely(err == -ENOENT)) {
603
603
up_read(&ctx->map_changing_lock);
604
604
uffd_mfill_unlock(dst_vma);
605
-
BUG_ON(!folio);
605
+
VM_WARN_ON_ONCE(!folio);
606
606
607
607
err = copy_folio_from_user(folio,
608
608
(const void __user *)src_addr, true);
···
614
614
dst_vma = NULL;
615
615
goto retry;
616
616
} else
617
-
BUG_ON(folio);
617
+
VM_WARN_ON_ONCE(folio);
618
618
619
619
if (!err) {
620
620
dst_addr += vma_hpagesize;
···
635
635
out:
636
636
if (folio)
637
637
folio_put(folio);
638
-
BUG_ON(copied < 0);
639
-
BUG_ON(err > 0);
640
-
BUG_ON(!copied && !err);
638
+
VM_WARN_ON_ONCE(copied < 0);
639
+
VM_WARN_ON_ONCE(err > 0);
640
+
VM_WARN_ON_ONCE(!copied && !err);
641
641
return copied ? copied : err;
642
642
}
643
643
#else /* !CONFIG_HUGETLB_PAGE */
···
711
711
/*
712
712
* Sanitize the command parameters:
713
713
*/
714
-
BUG_ON(dst_start & ~PAGE_MASK);
715
-
BUG_ON(len & ~PAGE_MASK);
714
+
VM_WARN_ON_ONCE(dst_start & ~PAGE_MASK);
715
+
VM_WARN_ON_ONCE(len & ~PAGE_MASK);
716
716
717
717
/* Does the address range wrap, or is the span zero-sized? */
718
-
BUG_ON(src_start + len <= src_start);
719
-
BUG_ON(dst_start + len <= dst_start);
718
+
VM_WARN_ON_ONCE(src_start + len <= src_start);
719
+
VM_WARN_ON_ONCE(dst_start + len <= dst_start);
720
720
721
721
src_addr = src_start;
722
722
dst_addr = dst_start;
···
775
775
while (src_addr < src_start + len) {
776
776
pmd_t dst_pmdval;
777
777
778
-
BUG_ON(dst_addr >= dst_start + len);
778
+
VM_WARN_ON_ONCE(dst_addr >= dst_start + len);
779
779
780
780
dst_pmd = mm_alloc_pmd(dst_mm, dst_addr);
781
781
if (unlikely(!dst_pmd)) {
···
818
818
819
819
up_read(&ctx->map_changing_lock);
820
820
uffd_mfill_unlock(dst_vma);
821
-
BUG_ON(!folio);
821
+
VM_WARN_ON_ONCE(!folio);
822
822
823
823
kaddr = kmap_local_folio(folio, 0);
824
824
err = copy_from_user(kaddr,
···
832
832
flush_dcache_folio(folio);
833
833
goto retry;
834
834
} else
835
-
BUG_ON(folio);
835
+
VM_WARN_ON_ONCE(folio);
836
836
837
837
if (!err) {
838
838
dst_addr += PAGE_SIZE;
···
852
852
out:
853
853
if (folio)
854
854
folio_put(folio);
855
-
BUG_ON(copied < 0);
856
-
BUG_ON(err > 0);
857
-
BUG_ON(!copied && !err);
855
+
VM_WARN_ON_ONCE(copied < 0);
856
+
VM_WARN_ON_ONCE(err > 0);
857
+
VM_WARN_ON_ONCE(!copied && !err);
858
858
return copied ? copied : err;
859
859
}
860
860
···
940
940
/*
941
941
* Sanitize the command parameters:
942
942
*/
943
-
BUG_ON(start & ~PAGE_MASK);
944
-
BUG_ON(len & ~PAGE_MASK);
943
+
VM_WARN_ON_ONCE(start & ~PAGE_MASK);
944
+
VM_WARN_ON_ONCE(len & ~PAGE_MASK);
945
945
946
946
/* Does the address range wrap, or is the span zero-sized? */
947
-
BUG_ON(start + len <= start);
947
+
VM_WARN_ON_ONCE(start + len <= start);
948
948
949
949
mmap_read_lock(dst_mm);
950
950
···
1738
1738
ssize_t moved = 0;
1739
1739
1740
1740
/* Sanitize the command parameters. */
1741
-
if (WARN_ON_ONCE(src_start & ~PAGE_MASK) ||
1742
-
WARN_ON_ONCE(dst_start & ~PAGE_MASK) ||
1743
-
WARN_ON_ONCE(len & ~PAGE_MASK))
1744
-
goto out;
1741
+
VM_WARN_ON_ONCE(src_start & ~PAGE_MASK);
1742
+
VM_WARN_ON_ONCE(dst_start & ~PAGE_MASK);
1743
+
VM_WARN_ON_ONCE(len & ~PAGE_MASK);
1745
1744
1746
1745
/* Does the address range wrap, or is the span zero-sized? */
1747
-
if (WARN_ON_ONCE(src_start + len <= src_start) ||
1748
-
WARN_ON_ONCE(dst_start + len <= dst_start))
1749
-
goto out;
1746
+
VM_WARN_ON_ONCE(src_start + len < src_start);
1747
+
VM_WARN_ON_ONCE(dst_start + len < dst_start);
1750
1748
1751
1749
err = uffd_move_lock(mm, dst_start, src_start, &dst_vma, &src_vma);
1752
1750
if (err)
···
1894
1896
up_read(&ctx->map_changing_lock);
1895
1897
uffd_move_unlock(dst_vma, src_vma);
1896
1898
out:
1897
-
VM_WARN_ON(moved < 0);
1898
-
VM_WARN_ON(err > 0);
1899
-
VM_WARN_ON(!moved && !err);
1899
+
VM_WARN_ON_ONCE(moved < 0);
1900
+
VM_WARN_ON_ONCE(err > 0);
1901
+
VM_WARN_ON_ONCE(!moved && !err);
1900
1902
return moved ? moved : err;
1901
1903
}
1902
1904
···
1983
1985
for_each_vma_range(vmi, vma, end) {
1984
1986
cond_resched();
1985
1987
1986
-
BUG_ON(!vma_can_userfault(vma, vm_flags, wp_async));
1987
-
BUG_ON(vma->vm_userfaultfd_ctx.ctx &&
1988
-
vma->vm_userfaultfd_ctx.ctx != ctx);
1989
-
WARN_ON(!(vma->vm_flags & VM_MAYWRITE));
1988
+
VM_WARN_ON_ONCE(!vma_can_userfault(vma, vm_flags, wp_async));
1989
+
VM_WARN_ON_ONCE(vma->vm_userfaultfd_ctx.ctx &&
1990
+
vma->vm_userfaultfd_ctx.ctx != ctx);
1991
+
VM_WARN_ON_ONCE(!(vma->vm_flags & VM_MAYWRITE));
1990
1992
1991
1993
/*
1992
1994
* Nothing to do: this vma is already registered into this
···
2062
2064
prev = NULL;
2063
2065
for_each_vma(vmi, vma) {
2064
2066
cond_resched();
2065
-
BUG_ON(!!vma->vm_userfaultfd_ctx.ctx ^
2066
-
!!(vma->vm_flags & __VM_UFFD_FLAGS));
2067
+
VM_WARN_ON_ONCE(!!vma->vm_userfaultfd_ctx.ctx ^
2068
+
!!(vma->vm_flags & __VM_UFFD_FLAGS));
2067
2069
if (vma->vm_userfaultfd_ctx.ctx != ctx) {
2068
2070
prev = vma;
2069
2071
continue;