On Fri, Jun 17, 2022 at 12:19:28AM +0800, Xianting Tian wrote:
> Commit 787af64d05cd ("mm: page_alloc: validate buddy before check its migratetype.")
> fixes a bug in 1dd214b8f21c and there is a similar bug in d9dddbf55667 that
> can be fixed in a similar way too.
>
> In addition, for RISC-V arch the first 2MB RAM could be reserved for opensbi,
> so it would have pfn_base=512 and mem_map began with 512th PFN when
> CONFIG_FLATMEM=y.
> But __find_buddy_pfn algorithm thinks the start pfn 0, it could get 0 pfn or
> less than the pfn_base value. We need page_is_buddy() to verify the buddy to
> prevent accessing an invalid buddy.
>
> Fixes: d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: zjb194813@xxxxxxxxxxxxxxx
> Reported-by: tianhu.hh@xxxxxxxxxxxxxxx
> Signed-off-by: Xianting Tian <xianting.tian@xxxxxxxxxxxxxxxxx>
> ---
> mm/page_alloc.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index a6e682569e5b..1c423faa4b62 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -864,6 +864,9 @@ static inline void __free_one_page(struct page *page,
>
> buddy_idx = __find_buddy_index(page_idx, order);
> buddy = page + (buddy_idx - page_idx);
> +
> + if (!page_is_buddy(page, buddy, order))
> + goto done_merging;
> buddy_mt = get_pageblock_migratetype(buddy);
>
> if (migratetype != buddy_mt
> --
> 2.17.1
>
What is the git commit id of this change in Linus's tree?
thanks,
greg k-h
