The local variable buddy_pfn could be passed to buddy_merge_likely()
without initialization if the passed in order is MAX_ORDER - 1. This
looks buggy but buddy_pfn won't be used in this case as there's a
order >= MAX_ORDER - 2 check. Init buddy_pfn to 0 anyway to avoid
possible future misuse.
Signed-off-by: Miaohe Lin <[email protected]>
---
mm/page_alloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index e1c7f98cff96..63ad25e86010 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -1113,7 +1113,7 @@ static inline void __free_one_page(struct page *page,
int migratetype, fpi_t fpi_flags)
{
struct capture_control *capc = task_capc(zone);
- unsigned long buddy_pfn;
+ unsigned long buddy_pfn = 0;
unsigned long combined_pfn;
struct page *buddy;
bool to_tail;
--
2.23.0
On 09.09.22 11:24, Miaohe Lin wrote:
> The local variable buddy_pfn could be passed to buddy_merge_likely()
> without initialization if the passed in order is MAX_ORDER - 1. This
> looks buggy but buddy_pfn won't be used in this case as there's a
> order >= MAX_ORDER - 2 check. Init buddy_pfn to 0 anyway to avoid
> possible future misuse.
>
> Signed-off-by: Miaohe Lin <[email protected]>
> ---
> mm/page_alloc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index e1c7f98cff96..63ad25e86010 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1113,7 +1113,7 @@ static inline void __free_one_page(struct page *page,
> int migratetype, fpi_t fpi_flags)
> {
> struct capture_control *capc = task_capc(zone);
> - unsigned long buddy_pfn;
> + unsigned long buddy_pfn = 0;
> unsigned long combined_pfn;
> struct page *buddy;
> bool to_tail;
Yeah, why not.
Reviewed-by: David Hildenbrand <[email protected]>
--
Thanks,
David / dhildenb
On 9/9/22 14:54, Miaohe Lin wrote:
> The local variable buddy_pfn could be passed to buddy_merge_likely()
> without initialization if the passed in order is MAX_ORDER - 1. This
> looks buggy but buddy_pfn won't be used in this case as there's a
> order >= MAX_ORDER - 2 check. Init buddy_pfn to 0 anyway to avoid
> possible future misuse.
>
> Signed-off-by: Miaohe Lin <[email protected]>
Reviewed-by: Anshuman Khandual <[email protected]>
> ---
> mm/page_alloc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index e1c7f98cff96..63ad25e86010 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1113,7 +1113,7 @@ static inline void __free_one_page(struct page *page,
> int migratetype, fpi_t fpi_flags)
> {
> struct capture_control *capc = task_capc(zone);
> - unsigned long buddy_pfn;
> + unsigned long buddy_pfn = 0;
> unsigned long combined_pfn;
> struct page *buddy;
> bool to_tail;
On Fri, Sep 09, 2022 at 05:24:48PM +0800, Miaohe Lin wrote:
> The local variable buddy_pfn could be passed to buddy_merge_likely()
> without initialization if the passed in order is MAX_ORDER - 1. This
> looks buggy but buddy_pfn won't be used in this case as there's a
> order >= MAX_ORDER - 2 check. Init buddy_pfn to 0 anyway to avoid
> possible future misuse.
>
> Signed-off-by: Miaohe Lin <[email protected]>
Reviewed-by: Oscar Salvador <[email protected]>
> ---
> mm/page_alloc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index e1c7f98cff96..63ad25e86010 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1113,7 +1113,7 @@ static inline void __free_one_page(struct page *page,
> int migratetype, fpi_t fpi_flags)
> {
> struct capture_control *capc = task_capc(zone);
> - unsigned long buddy_pfn;
> + unsigned long buddy_pfn = 0;
> unsigned long combined_pfn;
> struct page *buddy;
> bool to_tail;
> --
> 2.23.0
>
--
Oscar Salvador
SUSE Labs