2024-04-26 02:42:30

by hailong liu

[permalink] [raw]
Subject: [PATCH v3] mm/vmalloc: fix return value of vb_alloc if size is 0

From: "Hailong.Liu" <[email protected]>

The function vm_map_ram() uses IS_ERR() to validate the return value of
vb_alloc(). If vm_map_ram(page, 0, 0) is executed, vb_alloc(0, GFP_KERNEL)
would return NULL. In such a case, IS_ERR() cannot handle the return value
and lead to kernel panic by vmap_pages_range_noflush() at last. To resolve
this issue, return ERR_PTR(-EINVAL) if the size is 0.

Reviewed-by: Barry Song <[email protected]>
Reviewed-by: Uladzislau Rezki (Sony) <[email protected]>
Signed-off-by: Hailong.Liu <[email protected]>
---
Changes since v2 [2]:
- Remove RFC tag
- Modify commit msg, per Barry
Changes since v1 [1]:
- Return ERR_PTR(-EINVAL) or not check IS_ERR_OR_NULL

[1] https://lore.kernel.org/all/[email protected]/
[2] https://lore.kernel.org/all/[email protected]/

mm/vmalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index d12a17fc0c17..44be3edb3f42 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -2173,7 +2173,7 @@ static void *vb_alloc(unsigned long size, gfp_t gfp_mask)
* get_order(0) returns funny result. Just warn and terminate
* early.
*/
- return NULL;
+ return ERR_PTR(-EINVAL);
}
order = get_order(size);

--
2.34.1


2024-04-26 07:31:54

by Christoph Hellwig

[permalink] [raw]