* [ammarfaizi2-block:google/android/kernel/common/android12-5.4 4057/9999] drivers/dma-buf/heaps/system_heap.c:351 system_heap_buf_free() error: buffer overflow 'pools' 3 <= 3 (assuming for loop doesn't break)
@ 2022-01-30 13:17 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-01-30 13:17 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 3776 bytes --]
CC: kbuild-all(a)lists.01.org
CC: "GNU/Weeb Mailing List" <gwml@gnuweeb.org>
CC: linux-kernel(a)vger.kernel.org
TO: John Stultz <john.stultz@linaro.org>
tree: https://github.com/ammarfaizi2/linux-block google/android/kernel/common/android12-5.4
head: 57f9b292a6a391387c75515c18f47005fbdaaaf7
commit: e3919bfeb0066ab9b5f9765e5610b95672990e64 [4057/9999] ANDROID: dma-buf: system_heap: Add deferred freeing to the system heap
:::::: branch date: 2 days ago
:::::: commit date: 12 months ago
config: x86_64-rhel-8.3-kselftests (https://download.01.org/0day-ci/archive/20220130/202201302133.lUF9uHzX-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
drivers/dma-buf/heaps/system_heap.c:351 system_heap_buf_free() error: buffer overflow 'pools' 3 <= 3 (assuming for loop doesn't break)
vim +351 drivers/dma-buf/heaps/system_heap.c
44008f99d9ca07 John Stultz 2019-06-06 325
e3919bfeb0066a John Stultz 2020-12-09 326 static void system_heap_buf_free(struct deferred_freelist_item *item,
e3919bfeb0066a John Stultz 2020-12-09 327 enum df_reason reason)
fc004422dadc12 John Stultz 2020-09-25 328 {
e3919bfeb0066a John Stultz 2020-12-09 329 struct system_heap_buffer *buffer;
fc004422dadc12 John Stultz 2020-09-25 330 struct sg_table *table;
fc004422dadc12 John Stultz 2020-09-25 331 struct scatterlist *sg;
44008f99d9ca07 John Stultz 2019-06-06 332 int i, j;
44008f99d9ca07 John Stultz 2019-06-06 333
e3919bfeb0066a John Stultz 2020-12-09 334 buffer = container_of(item, struct system_heap_buffer, deferred_free);
44008f99d9ca07 John Stultz 2019-06-06 335 /* Zero the buffer pages before adding back to the pool */
e3919bfeb0066a John Stultz 2020-12-09 336 if (reason == DF_NORMAL)
e3919bfeb0066a John Stultz 2020-12-09 337 if (system_heap_zero_buffer(buffer))
e3919bfeb0066a John Stultz 2020-12-09 338 reason = DF_UNDER_PRESSURE; // On failure, just free
fc004422dadc12 John Stultz 2020-09-25 339
fc004422dadc12 John Stultz 2020-09-25 340 table = &buffer->sg_table;
703f43c5810e08 John Stultz 2020-09-26 341 for_each_sg(table->sgl, sg, table->nents, i) {
703f43c5810e08 John Stultz 2020-09-26 342 struct page *page = sg_page(sg);
703f43c5810e08 John Stultz 2020-09-26 343
e3919bfeb0066a John Stultz 2020-12-09 344 if (reason == DF_UNDER_PRESSURE) {
e3919bfeb0066a John Stultz 2020-12-09 345 __free_pages(page, compound_order(page));
e3919bfeb0066a John Stultz 2020-12-09 346 } else {
44008f99d9ca07 John Stultz 2019-06-06 347 for (j = 0; j < NUM_ORDERS; j++) {
44008f99d9ca07 John Stultz 2019-06-06 348 if (compound_order(page) == orders[j])
44008f99d9ca07 John Stultz 2019-06-06 349 break;
44008f99d9ca07 John Stultz 2019-06-06 350 }
44008f99d9ca07 John Stultz 2019-06-06 @351 dmabuf_page_pool_free(pools[j], page);
703f43c5810e08 John Stultz 2020-09-26 352 }
e3919bfeb0066a John Stultz 2020-12-09 353 }
fc004422dadc12 John Stultz 2020-09-25 354 sg_free_table(table);
c02e6ccc5a4aab John Stultz 2019-12-03 355 kfree(buffer);
c02e6ccc5a4aab John Stultz 2019-12-03 356 }
c02e6ccc5a4aab John Stultz 2019-12-03 357
:::::: The code@line 351 was first introduced by commit
:::::: 44008f99d9ca0793e2562967e1da01fa74ee4a41 ANDROID: dma-buf: system_heap: Add pagepool support to system heap
:::::: TO: John Stultz <john.stultz@linaro.org>
:::::: CC: John Stultz <john.stultz@linaro.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-01-30 13:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-30 13:17 [ammarfaizi2-block:google/android/kernel/common/android12-5.4 4057/9999] drivers/dma-buf/heaps/system_heap.c:351 system_heap_buf_free() error: buffer overflow 'pools' 3 <= 3 (assuming for loop doesn't break) kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.