Commit 7d41c03e authored Feb 22, 2017 by Wei Yang Committed by Linus Torvalds Feb 22, 2017

mm/memblock.c: check return value of memblock_reserve() in memblock_virt_alloc_internal()

memblock_reserve() would add a new range to memblock.reserved in case
the new range is not totally covered by any of the current
memblock.reserved range.  If the memblock.reserved is full and can't
resize, memblock_reserve() would fail.

This doesn't happen in real world now, I observed this during code
review.  While theoretically, it has the chance to happen.  And if it
happens, others would think this range of memory is still available and
may corrupt the memory.

This patch checks the return value and goto "done" after it succeeds.

Link: http://lkml.kernel.org/r/1482363033-24754-3-git-send-email-richard.weiyang@gmail.com


Signed-off-by: Wei Yang <richard.weiyang@gmail.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent ef415ef4

mm/memblock.c

+2 −4

Original line number	Diff line number	Diff line
		@@ -1299,18 +1299,17 @@ static void * __init memblock_virt_alloc_internal(

		if (max_addr > memblock.current_limit)
		max_addr = memblock.current_limit;

		again:
		alloc = memblock_find_in_range_node(size, align, min_addr, max_addr,
		nid, flags);
		if (alloc)
		if (alloc && !memblock_reserve(alloc, size))
		goto done;

		if (nid != NUMA_NO_NODE) {
		alloc = memblock_find_in_range_node(size, align, min_addr,
		max_addr, NUMA_NO_NODE,
		flags);
		if (alloc)
		if (alloc && !memblock_reserve(alloc, size))
		goto done;
		}

		@@ -1328,7 +1327,6 @@ again:

		return NULL;
		done:
		memblock_reserve(alloc, size);
		ptr = phys_to_virt(alloc);
		memset(ptr, 0, size);

Admin message