* [ammarfaizi2-block:google/android/kernel/common/android12-5.4 4074/9999] drivers/dma-buf/heaps/system_heap.c:351 system_heap_buf_free() error: buffer overflow 'pools' 3 <= 3 (assuming for loop doesn't break)
@ 2022-02-09 5:00 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2022-02-09 5:00 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 3782 bytes --]
CC: kbuild-all(a)lists.01.org
CC: "GNU/Weeb Mailing List" <gwml@vger.gnuweeb.org>
CC: linux-kernel(a)vger.kernel.org
TO: John Stultz <john.stultz@linaro.org>
tree: https://github.com/ammarfaizi2/linux-block google/android/kernel/common/android12-5.4
head: 3307e1a058380163f1a11c8f7632706168f9fcb1
commit: e3919bfeb0066ab9b5f9765e5610b95672990e64 [4074/9999] ANDROID: dma-buf: system_heap: Add deferred freeing to the system heap
:::::: branch date: 2 weeks ago
:::::: commit date: 12 months ago
config: x86_64-rhel-8.3-kselftests (https://download.01.org/0day-ci/archive/20220209/202202091253.1qQEI9Nh-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
drivers/dma-buf/heaps/system_heap.c:351 system_heap_buf_free() error: buffer overflow 'pools' 3 <= 3 (assuming for loop doesn't break)
vim +351 drivers/dma-buf/heaps/system_heap.c
44008f99d9ca07 John Stultz 2019-06-06 325
e3919bfeb0066a John Stultz 2020-12-09 326 static void system_heap_buf_free(struct deferred_freelist_item *item,
e3919bfeb0066a John Stultz 2020-12-09 327 enum df_reason reason)
fc004422dadc12 John Stultz 2020-09-25 328 {
e3919bfeb0066a John Stultz 2020-12-09 329 struct system_heap_buffer *buffer;
fc004422dadc12 John Stultz 2020-09-25 330 struct sg_table *table;
fc004422dadc12 John Stultz 2020-09-25 331 struct scatterlist *sg;
44008f99d9ca07 John Stultz 2019-06-06 332 int i, j;
44008f99d9ca07 John Stultz 2019-06-06 333
e3919bfeb0066a John Stultz 2020-12-09 334 buffer = container_of(item, struct system_heap_buffer, deferred_free);
44008f99d9ca07 John Stultz 2019-06-06 335 /* Zero the buffer pages before adding back to the pool */
e3919bfeb0066a John Stultz 2020-12-09 336 if (reason == DF_NORMAL)
e3919bfeb0066a John Stultz 2020-12-09 337 if (system_heap_zero_buffer(buffer))
e3919bfeb0066a John Stultz 2020-12-09 338 reason = DF_UNDER_PRESSURE; // On failure, just free
fc004422dadc12 John Stultz 2020-09-25 339
fc004422dadc12 John Stultz 2020-09-25 340 table = &buffer->sg_table;
703f43c5810e08 John Stultz 2020-09-26 341 for_each_sg(table->sgl, sg, table->nents, i) {
703f43c5810e08 John Stultz 2020-09-26 342 struct page *page = sg_page(sg);
703f43c5810e08 John Stultz 2020-09-26 343
e3919bfeb0066a John Stultz 2020-12-09 344 if (reason == DF_UNDER_PRESSURE) {
e3919bfeb0066a John Stultz 2020-12-09 345 __free_pages(page, compound_order(page));
e3919bfeb0066a John Stultz 2020-12-09 346 } else {
44008f99d9ca07 John Stultz 2019-06-06 347 for (j = 0; j < NUM_ORDERS; j++) {
44008f99d9ca07 John Stultz 2019-06-06 348 if (compound_order(page) == orders[j])
44008f99d9ca07 John Stultz 2019-06-06 349 break;
44008f99d9ca07 John Stultz 2019-06-06 350 }
44008f99d9ca07 John Stultz 2019-06-06 @351 dmabuf_page_pool_free(pools[j], page);
703f43c5810e08 John Stultz 2020-09-26 352 }
e3919bfeb0066a John Stultz 2020-12-09 353 }
fc004422dadc12 John Stultz 2020-09-25 354 sg_free_table(table);
c02e6ccc5a4aab John Stultz 2019-12-03 355 kfree(buffer);
c02e6ccc5a4aab John Stultz 2019-12-03 356 }
c02e6ccc5a4aab John Stultz 2019-12-03 357
:::::: The code@line 351 was first introduced by commit
:::::: 44008f99d9ca0793e2562967e1da01fa74ee4a41 ANDROID: dma-buf: system_heap: Add pagepool support to system heap
:::::: TO: John Stultz <john.stultz@linaro.org>
:::::: CC: John Stultz <john.stultz@linaro.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 2+ messages in thread
* [ammarfaizi2-block:google/android/kernel/common/android12-5.4 4074/9999] drivers/dma-buf/heaps/system_heap.c:351 system_heap_buf_free() error: buffer overflow 'pools' 3 <= 3 (assuming for loop doesn't break)
@ 2022-02-07 23:46 kernel test robot
0 siblings, 0 replies; 2+ messages in thread
From: kernel test robot @ 2022-02-07 23:46 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 3782 bytes --]
CC: kbuild-all(a)lists.01.org
CC: "GNU/Weeb Mailing List" <gwml@vger.gnuweeb.org>
CC: linux-kernel(a)vger.kernel.org
TO: John Stultz <john.stultz@linaro.org>
tree: https://github.com/ammarfaizi2/linux-block google/android/kernel/common/android12-5.4
head: 3307e1a058380163f1a11c8f7632706168f9fcb1
commit: e3919bfeb0066ab9b5f9765e5610b95672990e64 [4074/9999] ANDROID: dma-buf: system_heap: Add deferred freeing to the system heap
:::::: branch date: 2 weeks ago
:::::: commit date: 12 months ago
config: x86_64-rhel-8.3-kselftests (https://download.01.org/0day-ci/archive/20220208/202202080737.j1zjdAY1-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
smatch warnings:
drivers/dma-buf/heaps/system_heap.c:351 system_heap_buf_free() error: buffer overflow 'pools' 3 <= 3 (assuming for loop doesn't break)
vim +351 drivers/dma-buf/heaps/system_heap.c
44008f99d9ca07 John Stultz 2019-06-06 325
e3919bfeb0066a John Stultz 2020-12-09 326 static void system_heap_buf_free(struct deferred_freelist_item *item,
e3919bfeb0066a John Stultz 2020-12-09 327 enum df_reason reason)
fc004422dadc12 John Stultz 2020-09-25 328 {
e3919bfeb0066a John Stultz 2020-12-09 329 struct system_heap_buffer *buffer;
fc004422dadc12 John Stultz 2020-09-25 330 struct sg_table *table;
fc004422dadc12 John Stultz 2020-09-25 331 struct scatterlist *sg;
44008f99d9ca07 John Stultz 2019-06-06 332 int i, j;
44008f99d9ca07 John Stultz 2019-06-06 333
e3919bfeb0066a John Stultz 2020-12-09 334 buffer = container_of(item, struct system_heap_buffer, deferred_free);
44008f99d9ca07 John Stultz 2019-06-06 335 /* Zero the buffer pages before adding back to the pool */
e3919bfeb0066a John Stultz 2020-12-09 336 if (reason == DF_NORMAL)
e3919bfeb0066a John Stultz 2020-12-09 337 if (system_heap_zero_buffer(buffer))
e3919bfeb0066a John Stultz 2020-12-09 338 reason = DF_UNDER_PRESSURE; // On failure, just free
fc004422dadc12 John Stultz 2020-09-25 339
fc004422dadc12 John Stultz 2020-09-25 340 table = &buffer->sg_table;
703f43c5810e08 John Stultz 2020-09-26 341 for_each_sg(table->sgl, sg, table->nents, i) {
703f43c5810e08 John Stultz 2020-09-26 342 struct page *page = sg_page(sg);
703f43c5810e08 John Stultz 2020-09-26 343
e3919bfeb0066a John Stultz 2020-12-09 344 if (reason == DF_UNDER_PRESSURE) {
e3919bfeb0066a John Stultz 2020-12-09 345 __free_pages(page, compound_order(page));
e3919bfeb0066a John Stultz 2020-12-09 346 } else {
44008f99d9ca07 John Stultz 2019-06-06 347 for (j = 0; j < NUM_ORDERS; j++) {
44008f99d9ca07 John Stultz 2019-06-06 348 if (compound_order(page) == orders[j])
44008f99d9ca07 John Stultz 2019-06-06 349 break;
44008f99d9ca07 John Stultz 2019-06-06 350 }
44008f99d9ca07 John Stultz 2019-06-06 @351 dmabuf_page_pool_free(pools[j], page);
703f43c5810e08 John Stultz 2020-09-26 352 }
e3919bfeb0066a John Stultz 2020-12-09 353 }
fc004422dadc12 John Stultz 2020-09-25 354 sg_free_table(table);
c02e6ccc5a4aab John Stultz 2019-12-03 355 kfree(buffer);
c02e6ccc5a4aab John Stultz 2019-12-03 356 }
c02e6ccc5a4aab John Stultz 2019-12-03 357
:::::: The code@line 351 was first introduced by commit
:::::: 44008f99d9ca0793e2562967e1da01fa74ee4a41 ANDROID: dma-buf: system_heap: Add pagepool support to system heap
:::::: TO: John Stultz <john.stultz@linaro.org>
:::::: CC: John Stultz <john.stultz@linaro.org>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-02-09 5:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-09 5:00 [ammarfaizi2-block:google/android/kernel/common/android12-5.4 4074/9999] drivers/dma-buf/heaps/system_heap.c:351 system_heap_buf_free() error: buffer overflow 'pools' 3 <= 3 (assuming for loop doesn't break) kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2022-02-07 23:46 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.