From patchwork Fri Jun 25 01:40:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Morton X-Patchwork-Id: 12343481 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 992EDC49EA7 for ; Fri, 25 Jun 2021 01:40:10 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 54C3660232 for ; Fri, 25 Jun 2021 01:40:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 54C3660232 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 6AF9A6B0072; Thu, 24 Jun 2021 21:40:09 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 65F1D8D0002; Thu, 24 Jun 2021 21:40:09 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4B2A76B0074; Thu, 24 Jun 2021 21:40:09 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0165.hostedemail.com [216.40.44.165]) by kanga.kvack.org (Postfix) with ESMTP id 1830A6B0072 for ; Thu, 24 Jun 2021 21:40:09 -0400 (EDT) Received: from smtpin34.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 4A85881A9EB8 for ; Fri, 25 Jun 2021 01:40:09 +0000 (UTC) X-FDA: 78290540538.34.9A387CA Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf12.hostedemail.com (Postfix) with ESMTP id 09144376 for ; Fri, 25 Jun 2021 01:40:08 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 139D1613B9; Fri, 25 Jun 2021 01:40:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1624585208; bh=wub0Ep+mr2DVrtJVDWiEVD8T/w0yF1osYmCdLbJ3AQg=; h=Date:From:To:Subject:In-Reply-To:From; b=oAHV6BimLjnwccuIZmeARj9Q5f2oQk4/mlEzrwKvQlbrG7+d3RVseILFCX4fGKi4W GSUy9p6Mk2FGkvdhD9V6Hmt5GDGtPBB6gDVkU+RdOxG1Oa+L7JUNpxg7GVm4zImHv0 OScX3BZmZkrq7MYFSx9DrUACCgHUFioC4WaZMLo0= Date: Thu, 24 Jun 2021 18:40:07 -0700 From: Andrew Morton To: akpm@linux-foundation.org, brouer@redhat.com, dan.carpenter@oracle.com, linux-mm@kvack.org, mgorman@techsingularity.net, mgorman@techsinguliarity.net, mm-commits@vger.kernel.org, torvalds@linux-foundation.org, vbabka@suse.cz Subject: [patch 22/24] mm/page_alloc: do bulk array bounds check after checking populated elements Message-ID: <20210625014007.ThvxOTuQ9%akpm@linux-foundation.org> In-Reply-To: <20210624183838.ac3161ca4a43989665ac8b2f@linux-foundation.org> User-Agent: s-nail v14.8.16 Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=oAHV6Bim; spf=pass (imf12.hostedemail.com: domain of akpm@linux-foundation.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none X-Stat-Signature: 4ogz8ts3z84egpdoyj56puxri78uzj8i X-Rspamd-Queue-Id: 09144376 X-Rspamd-Server: rspam06 X-HE-Tag: 1624585208-924332 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Mel Gorman Subject: mm/page_alloc: do bulk array bounds check after checking populated elements Dan Carpenter reported the following The patch 0f87d9d30f21: "mm/page_alloc: add an array-based interface to the bulk page allocator" from Apr 29, 2021, leads to the following static checker warning: mm/page_alloc.c:5338 __alloc_pages_bulk() warn: potentially one past the end of array 'page_array[nr_populated]' The problem can occur if an array is passed in that is fully populated. That potentially ends up allocating a single page and storing it past the end of the array. This patch returns 0 if the array is fully populated. Link: https://lkml.kernel.org/r/20210618125102.GU30378@techsingularity.net Fixes: 0f87d9d30f21 ("mm/page_alloc: add an array-based interface to the bulk page allocator") Signed-off-by: Mel Gorman Reported-by: Dan Carpenter Cc: Jesper Dangaard Brouer Cc: Vlastimil Babka Signed-off-by: Andrew Morton --- mm/page_alloc.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/page_alloc.c~mm-page_alloc-do-bulk-array-bounds-check-after-checking-populated-elements +++ a/mm/page_alloc.c @@ -5056,6 +5056,10 @@ unsigned long __alloc_pages_bulk(gfp_t g while (page_array && nr_populated < nr_pages && page_array[nr_populated]) nr_populated++; + /* Already populated array? */ + if (unlikely(page_array && nr_pages - nr_populated == 0)) + return 0; + /* Use the single page allocator for one page. */ if (nr_pages - nr_populated == 1) goto failed;