From patchwork Thu Mar 31 22:43:23 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakob Koschel X-Patchwork-Id: 12797776 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B054C433F5 for ; Thu, 31 Mar 2022 22:44:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EF7656B0071; Thu, 31 Mar 2022 18:44:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id EA7126B0073; Thu, 31 Mar 2022 18:44:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D6F866B0074; Thu, 31 Mar 2022 18:44:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0176.hostedemail.com [216.40.44.176]) by kanga.kvack.org (Postfix) with ESMTP id C3DD36B0071 for ; Thu, 31 Mar 2022 18:44:54 -0400 (EDT) Received: from smtpin26.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 5D9A5182DD9E4 for ; Thu, 31 Mar 2022 22:44:54 +0000 (UTC) X-FDA: 79306162908.26.565A174 Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47]) by imf14.hostedemail.com (Postfix) with ESMTP id E63E610000D for ; Thu, 31 Mar 2022 22:44:53 +0000 (UTC) Received: by mail-ej1-f47.google.com with SMTP id pv16so2380581ejb.0 for ; Thu, 31 Mar 2022 15:44:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=kBnAVbpNqoCSWYSx8Ql1qE8bBicsUKv/dG3nqRT3QLE=; b=My5YOtImdr7UEoWwDcs2sJJgmp/EYwERA/O451PPXh6jdxmfilUqBiLjSyc2fw374C QUWiMmlQHOitjuPFMIL05o4gy0/dwlsmxQhjHKq4WFM3RDE1rbHe4T54t+cDCLl/Tzmd SilQQqAKstEEuboM7Xz8FwgkEcYYyOpkXhzYznRRbkJzt+M41ovHbuOX3wkz0pnAgbGh QzXy/nFkOmySoEXuzC6aMZX6K6b0OtKfjFC1VOTfnLpwCLCK6M9UgP1VBfITzNZXhuta cKhPXnXwMwNq4GqDBdgRTnd6SoI2zV5KI3FSzl7gerqzy3t0HLyB/rOS/QhY8IBv9DWM p9fA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=kBnAVbpNqoCSWYSx8Ql1qE8bBicsUKv/dG3nqRT3QLE=; b=XjRgVrludqU+AH7PS6SOD2DFE5muuH/RFNklEwNkO4+FZb0y4Bj+k1LwOps76yk+gg 4caBY23/f4iVqlYpXPdBUgOVPm1UkSz/5nsaoazQcnhlfKfd9z4KnkH3VV6H8M9YJgit XVsk5pYBUOHJKBPPdbtISmnlydeD50LE1XaYB+yBxVXP0zUQSfT/6+4cmXPqpxmSfnYN KxXAqyXw5j+AdEWs2q+YI0OYcaVe3eoEkqvOS9/xKyPFf9WcTQCuMfmKCk7Yd3FNt/kA 4nyH6xfbOY0qaP6gr96ExVmvkeQmfIuNnXf7vvRpQz8RFUZ6fVmv/g2NznI0Pqlw5Kno eaUQ== X-Gm-Message-State: AOAM531iL9xMGM4QejNpAgPDMdpm/W+/LEU4TfoUt4ZROZbZvsrhsIuN 8OxaMrX9/+qrLivLT8qitUE= X-Google-Smtp-Source: ABdhPJypkvOUIsmp4p7ZZmma10hTeATGviLbd10EbEyAfGvQ538gSlqmRsbB+hEE1DATtqOx7Ml4ag== X-Received: by 2002:a17:906:9acd:b0:6e0:b74d:d932 with SMTP id ah13-20020a1709069acd00b006e0b74dd932mr6806151ejc.695.1648766692559; Thu, 31 Mar 2022 15:44:52 -0700 (PDT) Received: from localhost.localdomain (i130160.upc-i.chello.nl. [62.195.130.160]) by smtp.googlemail.com with ESMTPSA id b12-20020a056402278c00b004195a50759fsm332229ede.84.2022.03.31.15.44.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Mar 2022 15:44:52 -0700 (PDT) From: Jakob Koschel To: Mike Kravetz Cc: Andrew Morton , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Mike Rapoport , "Brian Johannesmeyer" , Cristiano Giuffrida , "Bos, H.J." , Jakob Koschel Subject: [PATCH] hugetlb: remove use of list iterator variable after loop Date: Fri, 1 Apr 2022 00:43:23 +0200 Message-Id: <20220331224323.903842-1-jakobkoschel@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Rspam-User: Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=My5YOtIm; spf=pass (imf14.hostedemail.com: domain of jakobkoschel@gmail.com designates 209.85.218.47 as permitted sender) smtp.mailfrom=jakobkoschel@gmail.com; dmarc=pass (policy=none) header.from=gmail.com X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: E63E610000D X-Stat-Signature: 9ytzc7ycm73hwimfdhneod5oshmui8st X-HE-Tag: 1648766693-399243 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In preparation to limit the scope of the list iterator to the list traversal loop, use a dedicated pointer to iterate through the list [1]. Before hugetlb_resv_map_add() was expecting a file_region struct, but in case the list iterator in add_reservation_in_range() did not exit early, the variable passed in, is not actually a valid structure. In such a case 'rg' is computed on the head element of the list and represents an out-of-bounds pointer. This still remains safe *iff* you only use the link member (as it is done in hugetlb_resv_map_add()). To avoid the type-confusion altogether and limit the list iterator to the loop, only a list_head pointer is kept to pass to hugetlb_resv_map_add(). Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ [1] Signed-off-by: Jakob Koschel --- mm/hugetlb.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) base-commit: f82da161ea75dc4db21b2499e4b1facd36dab275 diff --git a/mm/hugetlb.c b/mm/hugetlb.c index b34f50156f7e..bb0cac980a0f 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -370,7 +370,7 @@ static void coalesce_file_region(struct resv_map *resv, struct file_region *rg) } static inline long -hugetlb_resv_map_add(struct resv_map *map, struct file_region *rg, long from, +hugetlb_resv_map_add(struct resv_map *map, struct list_head *rg, long from, long to, struct hstate *h, struct hugetlb_cgroup *cg, long *regions_needed) { @@ -379,7 +379,7 @@ hugetlb_resv_map_add(struct resv_map *map, struct file_region *rg, long from, if (!regions_needed) { nrg = get_file_region_entry_from_cache(map, from, to); record_hugetlb_cgroup_uncharge_info(cg, h, map, nrg); - list_add(&nrg->link, rg->link.prev); + list_add(&nrg->link, rg); coalesce_file_region(map, nrg); } else *regions_needed += 1; @@ -402,47 +402,52 @@ static long add_reservation_in_range(struct resv_map *resv, long f, long t, long add = 0; struct list_head *head = &resv->regions; long last_accounted_offset = f; - struct file_region *rg = NULL, *trg = NULL; + struct file_region *iter, *trg = NULL; + struct list_head *rg = NULL; if (regions_needed) *regions_needed = 0; /* In this loop, we essentially handle an entry for the range - * [last_accounted_offset, rg->from), at every iteration, with some + * [last_accounted_offset, iter->from), at every iteration, with some * bounds checking. */ - list_for_each_entry_safe(rg, trg, head, link) { + list_for_each_entry_safe(iter, trg, head, link) { /* Skip irrelevant regions that start before our range. */ - if (rg->from < f) { + if (iter->from < f) { /* If this region ends after the last accounted offset, * then we need to update last_accounted_offset. */ - if (rg->to > last_accounted_offset) - last_accounted_offset = rg->to; + if (iter->to > last_accounted_offset) + last_accounted_offset = iter->to; continue; } /* When we find a region that starts beyond our range, we've * finished. */ - if (rg->from >= t) + if (iter->from >= t) { + rg = iter->link.prev; break; + } - /* Add an entry for last_accounted_offset -> rg->from, and + /* Add an entry for last_accounted_offset -> iter->from, and * update last_accounted_offset. */ - if (rg->from > last_accounted_offset) - add += hugetlb_resv_map_add(resv, rg, + if (iter->from > last_accounted_offset) + add += hugetlb_resv_map_add(resv, iter->link.prev, last_accounted_offset, - rg->from, h, h_cg, + iter->from, h, h_cg, regions_needed); - last_accounted_offset = rg->to; + last_accounted_offset = iter->to; } /* Handle the case where our range extends beyond * last_accounted_offset. */ + if (!rg) + rg = head->prev; if (last_accounted_offset < t) add += hugetlb_resv_map_add(resv, rg, last_accounted_offset, t, h, h_cg, regions_needed);