It is possible that a buggy caller of unpin_user_pages()
(specially in error handling path) may end up calling it with
npages < 0 which is unnecessary.
This can be fixed by adding extra check inside unpin_user_pages().
Signed-off-by: Souptick Joarder <jrdr.linux@xxxxxxxxx>
Cc: John Hubbard <jhubbard@xxxxxxxxxx>
---
mm/gup.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mm/gup.c b/mm/gup.c
index 0b5c308b..2e19bd6 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -328,6 +328,9 @@ void unpin_user_pages(struct page **pages, unsigned long npages)
{
unsigned long index;
+ if (WARN_ON_ONCE(npages < 0))
+ return;
+
/*
* TODO: this can be optimized for huge pages: if a series of pages is
* physically contiguous and part of the same compound page, then a
--
1.9.1
