Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp44054pxj; Fri, 7 May 2021 03:21:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyMI2bRbGP02dONeaFQT/IM5if0k13DEQbt4tytqJ0MwRiV7ZdfKf0C2VmrQtltiTMpbhT6 X-Received: by 2002:a17:906:f210:: with SMTP id gt16mr9174343ejb.52.1620382913711; Fri, 07 May 2021 03:21:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620382913; cv=none; d=google.com; s=arc-20160816; b=vyeldWvTKdZwKwQChIko9tsz1bpPHvOof/txkkNvdzET9sfE+ZBW2caOonF49u8Q/C qAL80wXtul8eyQXT1AQlLTgFs6k2ioYKPJec5rdKya6MUdUsTfFbBVx8RF/5n+ic5NL3 Y3xIxN7WGIc2TMLiZXH4efOyKliUBav1lWJjUgrAie/EaB2YBIksFxnIVgDo80UaV/4k QVmN+WZ2u7NcX8IjNG233xOyISnol47ANX4dRwjp8tM6NruhddhURddRZFjwCoJ/RjWD +5CFs2WWp7vqBCCUL5wZQkxJXN4F5NAlWv7bxySjZ0NCTXAYmYiUlaYvk8kCpOtdhrcL w/kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Mj0Mrbwis8BlLVVsblHzd0GX9KXBMtpEBNXjdrEcK38=; b=kQg00uEP6ipZQutDqtWElUrystopF78SrJ0VE69Uhg6CBfZaMBB9hKEYpVUo6kP42j 1IRqvRakI9AjjfeplYFr+6PSSgofZ9X4hNanHUvR9a5MW6yhTZRoTN43ncSMrQ03B9st mFs665YKcDvMWbB704gCcM1hp8ZIDFwUydNQ8HL0KRkwqAwMyBDBOJzoy6fNNc5qsnTE mhl83vIZ/l9ftGl1sc5HKNjc5Asut3iNuqHBkoOZxcYHYP3sDW9wV/LUkfL1/fN8BXx6 jPlj+fSW8EHhpU56POS9N3hXa+hd8kbGz/h8n5Zub0iZUjJ9+4hjhb6hhJ+yYwrYTm7H 9GqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=jRwgD0Js; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y9si4753106edq.93.2021.05.07.03.21.29; Fri, 07 May 2021 03:21:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@rasmusvillemoes.dk header.s=google header.b=jRwgD0Js; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234446AbhEGGq3 (ORCPT + 99 others); Fri, 7 May 2021 02:46:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37644 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234439AbhEGGqY (ORCPT ); Fri, 7 May 2021 02:46:24 -0400 Received: from mail-ej1-x62a.google.com (mail-ej1-x62a.google.com [IPv6:2a00:1450:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17C01C061574 for ; Thu, 6 May 2021 23:45:24 -0700 (PDT) Received: by mail-ej1-x62a.google.com with SMTP id m12so11965836eja.2 for ; Thu, 06 May 2021 23:45:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rasmusvillemoes.dk; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Mj0Mrbwis8BlLVVsblHzd0GX9KXBMtpEBNXjdrEcK38=; b=jRwgD0JsulpHBWVe9/tpA6egUFCh8sv3YSEuuv5ObdqnrdVukfFxUdfWIhU+MTY8bq gR6Ggb+FfL2vPcPHtBc5cflELO8H2Ork0BmbFOOObgDBSWrF/rD19POdL+CBkgrSm2or TUZWV9ShQqCcedBIg8X4MbsWhb0cawehVKnWk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Mj0Mrbwis8BlLVVsblHzd0GX9KXBMtpEBNXjdrEcK38=; b=qYx0u0cU6hMjgN7mT/glS2It/L47DHM+pQgLuqb2r20BFIOInTIiv9/w5JMfltw8G6 n/i/IHkLsmcTusCdYFLEvBUs4vp+G7D02U1X+XPpeIPAqgyE71Yuekktc3zAi6gQ1906 mjaPYg+UapLcGXU8Kaj6T0cJqcw0Q2hqamzGbhGHd1CxcmPZnd1YINmymeEjzH4HDacc CF5K8Pfv4sCE2MuuAhX3V+LR8RXoOoRV+jUq67QlmVfl4tiAu+wb9H14B68hnUAu0z43 NH1b7nYaLn7kilfyscUU7jiKdAmLr3GijpcdFP8IbTIGgev66OP12xX7mI3Ytc5qknlq xjOA== X-Gm-Message-State: AOAM531T9QjUGiXGr+sA9TnH9JsEDC4/rinE7hYzXe/LvEvhlxZMbEsO SdeRCGReCbFQJ7rK7ivSnlNnhQ== X-Received: by 2002:a17:907:628d:: with SMTP id nd13mr8267966ejc.299.1620369921868; Thu, 06 May 2021 23:45:21 -0700 (PDT) Received: from prevas-ravi.prevas.se ([80.208.71.248]) by smtp.gmail.com with ESMTPSA id 11sm2445619ejx.55.2021.05.06.23.45.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 23:45:21 -0700 (PDT) From: Rasmus Villemoes To: Andrew Morton , Alexander Lobakin , Mel Gorman , Vlastimil Babka Cc: Rasmus Villemoes , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check before accessing array Date: Fri, 7 May 2021 08:45:03 +0200 Message-Id: <20210507064504.1712559-1-linux@rasmusvillemoes.dk> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In the event that somebody would call this with an already fully populated page_array, the last loop iteration would do an access beyond the end of page_array. It's of course extremely unlikely that would ever be done, but this triggers my internal static analyzer. Also, if it really is not supposed to be invoked this way (i.e., with no NULL entries in page_array), the nr_populated --- mm/page_alloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/page_alloc.c b/mm/page_alloc.c index bcdc0c6f21f1..66785946eb28 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -5053,7 +5053,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, * Skip populated array elements to determine if any pages need * to be allocated before disabling IRQs. */ - while (page_array && page_array[nr_populated] && nr_populated < nr_pages) + while (page_array && nr_populated < nr_pages && page_array[nr_populated]) nr_populated++; /* Use the single page allocator for one page. */ -- 2.29.2