On Thu, Oct 17, 2019 at 11:19:46AM +0800, zhong jiang wrote:
> With the help of unsigned_lesser_than_zero.cocci. Unsigned 'nr_pages"'
> compare with zero. And __get_user_pages_locked will return an long value.
>
> The patch use a new local variable to store the return value of
> __get_user_pages_locked(). Then use it to compare with zero.
>
> Suggested-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Signed-off-by: zhong jiang <zhongjiang@xxxxxxxxxx>
> ---
> mm/gup.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/mm/gup.c b/mm/gup.c
> index 8f236a3..1fe0ceb 100644
> --- a/mm/gup.c
> +++ b/mm/gup.c
> @@ -1443,6 +1443,7 @@ static long check_and_migrate_cma_pages(struct task_struct *tsk,
> bool drain_allow = true;
> bool migrate_allow = true;
> LIST_HEAD(cma_page_list);
> + long ret;
>
> check_again:
> for (i = 0; i < nr_pages;) {
> @@ -1504,17 +1505,18 @@ static long check_and_migrate_cma_pages(struct task_struct *tsk,
> * again migrating any new CMA pages which we failed to isolate
> * earlier.
> */
> - nr_pages = __get_user_pages_locked(tsk, mm, start, nr_pages,
> + ret = __get_user_pages_locked(tsk, mm, start, nr_pages,
> pages, vmas, NULL,
> gup_flags);
>
> - if ((nr_pages > 0) && migrate_allow) {
> + nr_pages = ret;
I think if ret is negative we want to return the error here.
> + if ((ret > 0) && migrate_allow) {
> drain_allow = true;
> goto check_again;
> }
> }
>
> - return nr_pages;
> + return ret;
If the cma_page_list is empty doesn't this return uninitialized data?
Ira
> }
> #else
> static long check_and_migrate_cma_pages(struct task_struct *tsk,
> --
> 1.7.12.4
>
>
