From: Miaohe Lin <linmiaohe@xxxxxxxxxx> Subject: mm/z3fold: avoid possible underflow in z3fold_alloc() It is not enough to just make sure the z3fold header is not larger than the page size. When z3fold header is equal to PAGE_SIZE, we would underflow when check alloc size against PAGE_SIZE - ZHDR_SIZE_ALIGNED - CHUNK_SIZE in z3fold_alloc(). Make sure there has remaining spaces for its buddy to fix this theoretical issue. Link: https://lkml.kernel.org/r/20210619093151.1492174-3-linmiaohe@xxxxxxxxxx Signed-off-by: Miaohe Lin <linmiaohe@xxxxxxxxxx> Reviewed-by: Vitaly Wool <vitaly.wool@xxxxxxxxxxxx> Cc: Hillf Danton <hdanton@xxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/z3fold.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/mm/z3fold.c~mm-z3fold-avoid-possible-underflow-in-z3fold_alloc +++ a/mm/z3fold.c @@ -1803,8 +1803,11 @@ static int __init init_z3fold(void) { int ret; - /* Make sure the z3fold header is not larger than the page size */ - BUILD_BUG_ON(ZHDR_SIZE_ALIGNED > PAGE_SIZE); + /* + * Make sure the z3fold header is not larger than the page size and + * there has remaining spaces for its buddy. + */ + BUILD_BUG_ON(ZHDR_SIZE_ALIGNED > PAGE_SIZE - CHUNK_SIZE); ret = z3fold_mount(); if (ret) return ret; _
