All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array
@ 2021-05-07  6:45 Rasmus Villemoes
  2021-05-07 10:26 ` Mel Gorman
  0 siblings, 1 reply; 4+ messages in thread
From: Rasmus Villemoes @ 2021-05-07  6:45 UTC (permalink / raw)
  To: Andrew Morton, Alexander Lobakin, Mel Gorman, Vlastimil Babka
  Cc: Rasmus Villemoes, linux-mm, linux-kernel

In the event that somebody would call this with an already fully
populated page_array, the last loop iteration would do an access
beyond the end of page_array.

It's of course extremely unlikely that would ever be done, but this
triggers my internal static analyzer. Also, if it really is not
supposed to be invoked this way (i.e., with no NULL entries in
page_array), the nr_populated<nr_pages check could simply be removed
instead.

Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
---
 mm/page_alloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index bcdc0c6f21f1..66785946eb28 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -5053,7 +5053,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid,
 	 * Skip populated array elements to determine if any pages need
 	 * to be allocated before disabling IRQs.
 	 */
-	while (page_array && page_array[nr_populated] && nr_populated < nr_pages)
+	while (page_array && nr_populated < nr_pages && page_array[nr_populated])
 		nr_populated++;
 
 	/* Use the single page allocator for one page. */
-- 
2.29.2


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array
  2021-05-07  6:45 [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array Rasmus Villemoes
@ 2021-05-07 10:26 ` Mel Gorman
  2021-06-21 16:01   ` Rasmus Villemoes
  0 siblings, 1 reply; 4+ messages in thread
From: Mel Gorman @ 2021-05-07 10:26 UTC (permalink / raw)
  To: Rasmus Villemoes
  Cc: Andrew Morton, Alexander Lobakin, Vlastimil Babka, linux-mm,
	linux-kernel

On Fri, May 07, 2021 at 08:45:03AM +0200, Rasmus Villemoes wrote:
> In the event that somebody would call this with an already fully
> populated page_array, the last loop iteration would do an access
> beyond the end of page_array.
> 
> It's of course extremely unlikely that would ever be done, but this
> triggers my internal static analyzer. Also, if it really is not
> supposed to be invoked this way (i.e., with no NULL entries in
> page_array), the nr_populated<nr_pages check could simply be removed
> instead.
> 
> Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
> Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>

Acked-by: Mel Gorman <mgorman@techsingularity.net>

-- 
Mel Gorman
SUSE Labs

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array
  2021-05-07 10:26 ` Mel Gorman
@ 2021-06-21 16:01   ` Rasmus Villemoes
  2021-06-23  4:49     ` Andrew Morton
  0 siblings, 1 reply; 4+ messages in thread
From: Rasmus Villemoes @ 2021-06-21 16:01 UTC (permalink / raw)
  To: Mel Gorman
  Cc: Andrew Morton, Alexander Lobakin, Vlastimil Babka, linux-mm,
	linux-kernel

On 07/05/2021 12.26, Mel Gorman wrote:
> On Fri, May 07, 2021 at 08:45:03AM +0200, Rasmus Villemoes wrote:
>> In the event that somebody would call this with an already fully
>> populated page_array, the last loop iteration would do an access
>> beyond the end of page_array.
>>
>> It's of course extremely unlikely that would ever be done, but this
>> triggers my internal static analyzer. Also, if it really is not
>> supposed to be invoked this way (i.e., with no NULL entries in
>> page_array), the nr_populated<nr_pages check could simply be removed
>> instead.
>>
>> Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
>> Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> 
> Acked-by: Mel Gorman <mgorman@techsingularity.net>
> 

Andrew, will you get this to Linus before 5.13 is released? I got a mail
on May 9 that it had been added to your queue, but I don't see it in
master yet.

Rasmus

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array
  2021-06-21 16:01   ` Rasmus Villemoes
@ 2021-06-23  4:49     ` Andrew Morton
  0 siblings, 0 replies; 4+ messages in thread
From: Andrew Morton @ 2021-06-23  4:49 UTC (permalink / raw)
  To: Rasmus Villemoes
  Cc: Mel Gorman, Alexander Lobakin, Vlastimil Babka, linux-mm, linux-kernel

On Mon, 21 Jun 2021 18:01:17 +0200 Rasmus Villemoes <linux@rasmusvillemoes.dk> wrote:

> On 07/05/2021 12.26, Mel Gorman wrote:
> > On Fri, May 07, 2021 at 08:45:03AM +0200, Rasmus Villemoes wrote:
> >> In the event that somebody would call this with an already fully
> >> populated page_array, the last loop iteration would do an access
> >> beyond the end of page_array.
> >>
> >> It's of course extremely unlikely that would ever be done, but this
> >> triggers my internal static analyzer. Also, if it really is not
> >> supposed to be invoked this way (i.e., with no NULL entries in
> >> page_array), the nr_populated<nr_pages check could simply be removed
> >> instead.
> >>
> >> Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
> >> Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
> > 
> > Acked-by: Mel Gorman <mgorman@techsingularity.net>
> > 
> 
> Andrew, will you get this to Linus before 5.13 is released? I got a mail
> on May 9 that it had been added to your queue, but I don't see it in
> master yet.

I had it queued for 5.14-rc1.

I'll move it into the 5.13 queue as it fixes a post-5.12 thing, but
nothing in the changelog indicates that it's at all urgent?  Was the
changelog missing some important info?

: In the event that somebody would call this with an already fully populated
: page_array, the last loop iteration would do an access beyond the end of
: page_array.
: 
: It's of course extremely unlikely that would ever be done, but this
: triggers my internal static analyzer.  Also, if it really is not supposed
: to be invoked this way (i.e., with no NULL entries in page_array), the
: nr_populated<nr_pages check could simply be removed instead.


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-06-23  4:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-07  6:45 [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array Rasmus Villemoes
2021-05-07 10:26 ` Mel Gorman
2021-06-21 16:01   ` Rasmus Villemoes
2021-06-23  4:49     ` Andrew Morton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.