From patchwork Mon Jun  4 10:37:35 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Xiaoming Ni <nixiaoming@huawei.com>
X-Patchwork-Id: 10446331
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	62A5A603D7 for <patchwork-linux-mm@patchwork.kernel.org>;
	Mon,  4 Jun 2018 11:02:24 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 528EB28B57
	for <patchwork-linux-mm@patchwork.kernel.org>;
	Mon,  4 Jun 2018 11:02:24 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 474B028BFD; Mon,  4 Jun 2018 11:02:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D34D428B57
	for <patchwork-linux-mm@patchwork.kernel.org>;
	Mon,  4 Jun 2018 11:02:23 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 5A00F6B0007; Mon,  4 Jun 2018 07:02:22 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 54E766B0008; Mon,  4 Jun 2018 07:02:22 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 464D36B000A; Mon,  4 Jun 2018 07:02:22 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pl0-f71.google.com (mail-pl0-f71.google.com
	[209.85.160.71])
	by kanga.kvack.org (Postfix) with ESMTP id 144A06B0007
	for <linux-mm@kvack.org>; Mon,  4 Jun 2018 07:02:22 -0400 (EDT)
Received: by mail-pl0-f71.google.com with SMTP id c3-v6so19004265plz.7
	for <linux-mm@kvack.org>; Mon, 04 Jun 2018 04:02:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-original-authentication-results:x-gm-message-state:from:to:cc
	:subject:date:message-id:mime-version;
	bh=H2lCLlhKmoT3YtBG4jr5SpLGyImDytQOZqVueXSKwf8=;
	b=rQTYERDBMlZi69pGd7OjkDsym6ezQP8RZxRCND9loKIMFV0xNPDTn0/KIaUUkqOT/z
	RrKUEpnLFKzI8eMVszWA03h15oYE9Ebnym1DB0kK3v7sSKpiS6qDUdcpe4aqPZNTuQZT
	5iKLAxSdot8cycaRFKTJJJCIKVLvaJZ5sQiTHzm+JS8riDPpJI80BTAVCbUXi3N2Exnp
	6CTXyA9aZbyA9MZkE2v/rc3n9w0bkqeMpldebZJsGncWy3nnbUtM4uZjFG4v20JeTalz
	cITqEJL1FgkAUka09JKznXgOfoe40gxHhho2f2NsW0V45mF4vbcUvKLYAg4jFSRwkSyJ
	Cjiw==
X-Original-Authentication-Results: mx.google.com;
	spf=pass (google.com: domain of
	nixiaoming@huawei.com designates 45.249.212.35 as permitted
	sender) smtp.mailfrom=nixiaoming@huawei.com
X-Gm-Message-State: APt69E0OeBYHLVlHUc2nBJHvl+jrqzfuEG9n3jHmuAaoGLkagTQn9CBB
	updmicfhY0KSzjpOtQtLhbnax6sf7FLYtrJQC1tt3YhWzuvAKu6hzZ5A9wnHWeiK9nGiqfO9VBt
	v7m+gyF5CxyRqlfLG5pnz6+z2hpeF4/yCNNVfurCzTmQaW38ifBSiC9dfU2DMV+gE1Q==
X-Received: by 2002:a17:902:a989:: with SMTP id
	bh9-v6mr5991499plb.245.1528110141767;
	Mon, 04 Jun 2018 04:02:21 -0700 (PDT)
X-Google-Smtp-Source: 
 ADUXVKIvyVoB/KWMc9Lremjksh5pbpXydkxJ6fwy1Jqf4k1NlxcugYzfSwLsQrMyV47rb/xqEnp1
X-Received: by 2002:a17:902:a989:: with SMTP id
	bh9-v6mr5991451plb.245.1528110141009;
	Mon, 04 Jun 2018 04:02:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528110140; cv=none;
	d=google.com; s=arc-20160816;
	b=QtX3yMnrKFa/RvPXoTwZH4Yw8r60CcV2r31kX2WC0FIkqOkLmndUkX6dBoPtKJ6gGF
	CC0FrDswJvkhc8v2XFFEBOwri1eNaS/MhF9mWmo5o6mR3ZzJH52seI6aXsiyhLXXZ18+
	296PR1dcCSswLhhXmEsDfv8n8pqa63I6q0Mk1HI2FfAOEOYl48uGrBtw1rpbVPFE1gE3
	dpOumiV9GWZkFyBF1bz4JSo7YtMmdJi6MSrCrRzw1kCzgGAZ2cdtqaxKujjsW6bbcHZQ
	by024fP+JGPeDFlNxJjGF2oFrM/w6lpr+vOYoRR/iTmCWqIupR8CTa5xi++otBHmjJon
	EeAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=mime-version:message-id:date:subject:cc:to:from
	:arc-authentication-results;
	bh=H2lCLlhKmoT3YtBG4jr5SpLGyImDytQOZqVueXSKwf8=;
	b=qUjhs+Frm4lfVE2X7jO8WBD+tfVIno6CQDiMzLqfj0Jf5/Z0ihmWBlmTSpbZlEpSlI
	Sd5xfQpR5A4pgyXM0j+GZ8SuZgCiXnNmQDEnVE5S1vLXINpp1Kz4DX7zes2WO5eJkneI
	KV/B79x3ea8fxohavu8VvKCaPdoIYEKddAJPDhVoc1IAoD9QSmYdo/dAgql6ESw7mTV4
	o/Q1Rl8+pBtb566iR+fCd7D1xzQaFVfQ/VuUgt624kp0uQJ8aknYL4n4atOe9v59EhRc
	Em5CIX79hCjLceWTbtMljRClNGrYVJ2ZlKG1nRWm/OcdgksQvl5yjJcgKQcK+raWSYVT
	haXw==
ARC-Authentication-Results: i=1; mx.google.com;
	spf=pass (google.com: domain of nixiaoming@huawei.com designates
	45.249.212.35 as permitted sender)
	smtp.mailfrom=nixiaoming@huawei.com
Received: from huawei.com ([45.249.212.35]) by mx.google.com with ESMTPS id
	o10-v6si37773799pgq.148.2018.06.04.04.02.20
	for <linux-mm@kvack.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Mon, 04 Jun 2018 04:02:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of nixiaoming@huawei.com designates
	45.249.212.35 as permitted sender) client-ip=45.249.212.35;
Authentication-Results: mx.google.com;
	spf=pass (google.com: domain of nixiaoming@huawei.com designates
	45.249.212.35 as permitted sender)
	smtp.mailfrom=nixiaoming@huawei.com
Received: from DGGEMS403-HUB.china.huawei.com (unknown [172.30.72.60])
	by Forcepoint Email with ESMTP id 0C33A23E975A8;
	Mon,  4 Jun 2018 19:02:18 +0800 (CST)
Received: from linux-work.huawei.com (10.67.189.174) by
	DGGEMS403-HUB.china.huawei.com (10.3.19.203) with Microsoft SMTP
	Server id 14.3.382.0; Mon, 4 Jun 2018 19:02:12 +0800
From: nixiaoming <nixiaoming@huawei.com>
To: <akpm@linux-foundation.org>, <vdavydov.dev@gmail.com>,
	<hannes@cmpxchg.org>, <garsilva@embeddedor.com>, <ktkhai@virtuozzo.com>,
	<stummala@codeaurora.org>
CC: <nixiaoming@huawei.com>, <linux-kernel@vger.kernel.org>,
	<linux-mm@kvack.org>
Subject: [PATCH] mm: Add conditions to avoid out-of-bounds
Date: Mon, 4 Jun 2018 18:37:35 +0800
Message-ID: <20180604103735.42781-1-nixiaoming@huawei.com>
X-Mailer: git-send-email 2.10.1
MIME-Version: 1.0
X-Originating-IP: [10.67.189.174]
X-CFilter-Loop: Reflected
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

In the function memcg_init_list_lru
if call goto fail when i == 0, will cause out-of-bounds at lru->node[i]

The same out-of-bounds access scenario exists in the functions
memcg_update_list_lru and __memcg_init_list_lru_node

Signed-off-by: nixiaoming <nixiaoming@huawei.com>
---
 mm/list_lru.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/mm/list_lru.c b/mm/list_lru.c
index fcfb6c8..ec6bdd9 100644
--- a/mm/list_lru.c
+++ b/mm/list_lru.c
@@ -298,6 +298,9 @@ static void __memcg_destroy_list_lru_node(struct list_lru_memcg *memcg_lrus,
 {
 	int i;
 
+	if (unlikely(begin >= end))
+		return;
+
 	for (i = begin; i < end; i++)
 		kfree(memcg_lrus->lru[i]);
 }
@@ -422,6 +425,8 @@ static int memcg_init_list_lru(struct list_lru *lru, bool memcg_aware)
 	}
 	return 0;
 fail:
+	if (unlikely(i == 0))
+		return -ENOMEM;
 	for (i = i - 1; i >= 0; i--) {
 		if (!lru->node[i].memcg_lrus)
 			continue;
@@ -456,6 +461,8 @@ static int memcg_update_list_lru(struct list_lru *lru,
 	}
 	return 0;
 fail:
+	if (unlikely(i == 0))
+		return -ENOMEM;
 	for (i = i - 1; i >= 0; i--) {
 		if (!lru->node[i].memcg_lrus)
 			continue;