Fix the following issues in test_meminit.c:
- |size| in fill_with_garbage_skip() should be signed so that it
doesn't overflow if it's not aligned on sizeof(*p);
- fill_with_garbage_skip() should actually skip |skip| bytes;
- do_kmem_cache_size() should deallocate memory in the RCU case.
Fixes: 7e659650cbda ("lib: introduce test_meminit module")
Fixes: 94e8988d91c7 ("lib/test_meminit.c: fix -Wmaybe-uninitialized false positive")
Signed-off-by: Alexander Potapenko <glider@xxxxxxxxxx>
Cc: Arnd Bergmann <arnd@xxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: linux-mm@xxxxxxxxx
---
This patch is relative to the -mm tree
---
lib/test_meminit.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/test_meminit.c b/lib/test_meminit.c
index 7ae2183ff1f4..62d19f270cad 100644
--- a/lib/test_meminit.c
+++ b/lib/test_meminit.c
@@ -38,15 +38,14 @@ static int __init count_nonzero_bytes(void *ptr, size_t size)
}
/* Fill a buffer with garbage, skipping |skip| first bytes. */
-static void __init fill_with_garbage_skip(void *ptr, size_t size, size_t skip)
+static void __init fill_with_garbage_skip(void *ptr, int size, size_t skip)
{
- unsigned int *p = (unsigned int *)ptr;
+ unsigned int *p = (unsigned int *)((char *)ptr + skip);
int i = 0;
- if (skip) {
- WARN_ON(skip > size);
- p += skip;
- }
+ WARN_ON(skip > size);
+ size -= skip;
+
while (size >= sizeof(*p)) {
p[i] = GARBAGE_INT;
i++;
@@ -227,6 +226,7 @@ static int __init do_kmem_cache_size(size_t size, bool want_ctor,
if (buf_copy)
memcpy(buf_copy, buf, size);
+ kmem_cache_free(c, buf);
/*
* Check that |buf| is intact after kmem_cache_free().
* |want_zero| is false, because we wrote garbage to
--
2.22.0.410.gd8fdbe21b5-goog
