From patchwork Fri May 7 06:45:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rasmus Villemoes X-Patchwork-Id: 12244035 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.6 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34C61C433B4 for ; Fri, 7 May 2021 06:45:26 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 38BAA613C2 for ; Fri, 7 May 2021 06:45:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 38BAA613C2 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=rasmusvillemoes.dk Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 913EB6B0098; Fri, 7 May 2021 02:45:24 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8C36C6B0099; Fri, 7 May 2021 02:45:24 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 717336B009A; Fri, 7 May 2021 02:45:24 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0023.hostedemail.com [216.40.44.23]) by kanga.kvack.org (Postfix) with ESMTP id 4F81B6B0098 for ; Fri, 7 May 2021 02:45:24 -0400 (EDT) Received: from smtpin34.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 028C3A8C3 for ; Fri, 7 May 2021 06:45:24 +0000 (UTC) X-FDA: 78113498568.34.D8316EE Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) by imf23.hostedemail.com (Postfix) with ESMTP id 22843A0003B9 for ; Fri, 7 May 2021 06:45:15 +0000 (UTC) Received: by mail-ej1-f53.google.com with SMTP id m12so11965841eja.2 for ; Thu, 06 May 2021 23:45:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Mj0Mrbwis8BlLVVsblHzd0GX9KXBMtpEBNXjdrEcK38=; b=jRwgD0JsulpHBWVe9/tpA6egUFCh8sv3YSEuuv5ObdqnrdVukfFxUdfWIhU+MTY8bq gR6Ggb+FfL2vPcPHtBc5cflELO8H2Ork0BmbFOOObgDBSWrF/rD19POdL+CBkgrSm2or TUZWV9ShQqCcedBIg8X4MbsWhb0cawehVKnWk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Mj0Mrbwis8BlLVVsblHzd0GX9KXBMtpEBNXjdrEcK38=; b=G0FZghmxFQ3iBaxx/zFgzpG5SMAzyMGKHu/Bfh3LVUVnOxmQj6AdKYU4qbhd792ftV BbDZDgRctEqod2uszKthbfZTqP+9Ky5UhvyNB3M4Zzp4kkkUwO9+miSES+BVZAWcjWDz e3cLZgcd0RTThxuRSrbt/XHr/pdF5gOnTdiJXlKbLgdhUgLh1T7UovRiK9GsWlRSndXn qCyeHwSOQuwSc1dCrwtnWoKHNQqZEj47b7sdjknjlJ2xvuIOBjXXqRupXD9mPiJOvHob ZWHP+8R3CA2CxyjCGumTT9ohwv5jE9rF2IGypXDWW4sEoBMQV7FCTbfNdKnXwSnLZbqN 8+yQ== X-Gm-Message-State: AOAM5327GoUZE2yBHyENoyZ9wvZnMFT1aDWhcqjYPw1FbjAZ+YQAgMhC ZMwpd8DGLlHTXndkMRplzsqWNQ== X-Google-Smtp-Source: ABdhPJz1uSwqC/K3o/5rBeb+EcG285dENMOzuYSw6iIAJe6vCzQPGFW7dwWUEaaU9AYfKuPjD5T2PA== X-Received: by 2002:a17:907:628d:: with SMTP id nd13mr8267966ejc.299.1620369921868; Thu, 06 May 2021 23:45:21 -0700 (PDT) Received: from prevas-ravi.prevas.se ([80.208.71.248]) by smtp.gmail.com with ESMTPSA id 11sm2445619ejx.55.2021.05.06.23.45.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 23:45:21 -0700 (PDT) From: Rasmus Villemoes To: Andrew Morton , Alexander Lobakin , Mel Gorman , Vlastimil Babka Cc: Rasmus Villemoes , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array Date: Fri, 7 May 2021 08:45:03 +0200 Message-Id: <20210507064504.1712559-1-linux@rasmusvillemoes.dk> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 X-Rspamd-Queue-Id: 22843A0003B9 Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=rasmusvillemoes.dk header.s=google header.b=jRwgD0Js; dmarc=none; spf=pass (imf23.hostedemail.com: domain of linux@rasmusvillemoes.dk designates 209.85.218.53 as permitted sender) smtp.mailfrom=linux@rasmusvillemoes.dk X-Rspamd-Server: rspam04 X-Stat-Signature: 3g1mbpmcx5bgeeb1pzkpqar5wa5cp53p Received-SPF: none (rasmusvillemoes.dk>: No applicable sender policy available) receiver=imf23; identity=mailfrom; envelope-from=""; helo=mail-ej1-f53.google.com; client-ip=209.85.218.53 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1620369915-624839 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: In the event that somebody would call this with an already fully populated page_array, the last loop iteration would do an access beyond the end of page_array. It's of course extremely unlikely that would ever be done, but this triggers my internal static analyzer. Also, if it really is not supposed to be invoked this way (i.e., with no NULL entries in page_array), the nr_populated Acked-by: Mel Gorman --- mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index bcdc0c6f21f1..66785946eb28 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -5053,7 +5053,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, * Skip populated array elements to determine if any pages need * to be allocated before disabling IRQs. */ - while (page_array && page_array[nr_populated] && nr_populated < nr_pages) + while (page_array && nr_populated < nr_pages && page_array[nr_populated]) nr_populated++; /* Use the single page allocator for one page. */