In the event that somebody would call this with an already fully
populated page_array, the last loop iteration would do an access
beyond the end of page_array.
It's of course extremely unlikely that would ever be done, but this
triggers my internal static analyzer. Also, if it really is not
supposed to be invoked this way (i.e., with no NULL entries in
page_array), the nr_populated<nr_pages check could simply be removed
instead.
Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
Signed-off-by: Rasmus Villemoes <[email protected]>
---
mm/page_alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index bcdc0c6f21f1..66785946eb28 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -5053,7 +5053,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid,
* Skip populated array elements to determine if any pages need
* to be allocated before disabling IRQs.
*/
- while (page_array && page_array[nr_populated] && nr_populated < nr_pages)
+ while (page_array && nr_populated < nr_pages && page_array[nr_populated])
nr_populated++;
/* Use the single page allocator for one page. */
--
2.29.2
On Fri, May 07, 2021 at 08:45:03AM +0200, Rasmus Villemoes wrote:
> In the event that somebody would call this with an already fully
> populated page_array, the last loop iteration would do an access
> beyond the end of page_array.
>
> It's of course extremely unlikely that would ever be done, but this
> triggers my internal static analyzer. Also, if it really is not
> supposed to be invoked this way (i.e., with no NULL entries in
> page_array), the nr_populated<nr_pages check could simply be removed
> instead.
>
> Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
> Signed-off-by: Rasmus Villemoes <[email protected]>
Acked-by: Mel Gorman <[email protected]>
--
Mel Gorman
SUSE Labs
On 07/05/2021 12.26, Mel Gorman wrote:
> On Fri, May 07, 2021 at 08:45:03AM +0200, Rasmus Villemoes wrote:
>> In the event that somebody would call this with an already fully
>> populated page_array, the last loop iteration would do an access
>> beyond the end of page_array.
>>
>> It's of course extremely unlikely that would ever be done, but this
>> triggers my internal static analyzer. Also, if it really is not
>> supposed to be invoked this way (i.e., with no NULL entries in
>> page_array), the nr_populated<nr_pages check could simply be removed
>> instead.
>>
>> Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
>> Signed-off-by: Rasmus Villemoes <[email protected]>
>
> Acked-by: Mel Gorman <[email protected]>
>
Andrew, will you get this to Linus before 5.13 is released? I got a mail
on May 9 that it had been added to your queue, but I don't see it in
master yet.
Rasmus
On Mon, 21 Jun 2021 18:01:17 +0200 Rasmus Villemoes <[email protected]> wrote:
> On 07/05/2021 12.26, Mel Gorman wrote:
> > On Fri, May 07, 2021 at 08:45:03AM +0200, Rasmus Villemoes wrote:
> >> In the event that somebody would call this with an already fully
> >> populated page_array, the last loop iteration would do an access
> >> beyond the end of page_array.
> >>
> >> It's of course extremely unlikely that would ever be done, but this
> >> triggers my internal static analyzer. Also, if it really is not
> >> supposed to be invoked this way (i.e., with no NULL entries in
> >> page_array), the nr_populated<nr_pages check could simply be removed
> >> instead.
> >>
> >> Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
> >> Signed-off-by: Rasmus Villemoes <[email protected]>
> >
> > Acked-by: Mel Gorman <[email protected]>
> >
>
> Andrew, will you get this to Linus before 5.13 is released? I got a mail
> on May 9 that it had been added to your queue, but I don't see it in
> master yet.
I had it queued for 5.14-rc1.
I'll move it into the 5.13 queue as it fixes a post-5.12 thing, but
nothing in the changelog indicates that it's at all urgent? Was the
changelog missing some important info?
: In the event that somebody would call this with an already fully populated
: page_array, the last loop iteration would do an access beyond the end of
: page_array.
:
: It's of course extremely unlikely that would ever be done, but this
: triggers my internal static analyzer. Also, if it really is not supposed
: to be invoked this way (i.e., with no NULL entries in page_array), the
: nr_populated<nr_pages check could simply be removed instead.