Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Date:   Tue, 6 Apr 2021 08:27:26 -0400
From:   Steven Rostedt <rostedt@goodmis.org>
To:     Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
Cc:     mingo@redhat.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] ftrace: Check if pages were allocated before calling
 free_pages()
Message-ID: <20210406082726.3b25a2f6@gandalf.local.home>
In-Reply-To: <1617691905-8016-1-git-send-email-jiapeng.chong@linux.alibaba.com>
References: <1617691905-8016-1-git-send-email-jiapeng.chong@linux.alibaba.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Precedence: bulk

On Tue,  6 Apr 2021 14:51:45 +0800
Jiapeng Chong <jiapeng.chong@linux.alibaba.com> wrote:

> It is possible that on error pg->size can be zero when getting its
> order,which would return a -1 value. It is dangerous to pass in an
> order of -1 to free_pages(). Check if order is greater than or equal
> to zero before calling free_pages().
> 
> Reported-by: Abaci Robot <abaci@linux.alibaba.com>
> Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
> ---
>  kernel/trace/ftrace.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
> index b7e29db..74efc33 100644
> --- a/kernel/trace/ftrace.c
> +++ b/kernel/trace/ftrace.c
> @@ -6811,7 +6811,8 @@ void ftrace_free_mem(struct module *mod, void *start_ptr, void *end_ptr)
>  		if (!pg->index) {
>  			*last_pg = pg->next;
>  			order = get_count_order(pg->size / ENTRIES_PER_PAGE);
> -			free_pages((unsigned long)pg->records, order);
> +			if (order >= 0)
> +				free_pages((unsigned long)pg->records, order);

This has already been fixed upstream.

-- Steve

>  			ftrace_number_of_pages -= 1 << order;
>  			ftrace_number_of_groups--;
>  			kfree(pg);