From: "Hailong.Liu" <hailong.liu@xxxxxxxx> The function vm_map_ram() uses IS_ERR() to validate the return value of vb_alloc(). If vm_map_ram(page, 0, 0) is executed, vb_alloc(0, GFP_KERNEL) would return NULL. In such a case, IS_ERR() cannot handle the return value and lead to kernel panic by vmap_pages_range_noflush() at last. To resolve this issue, return ERR_PTR(-EINVAL) if the size is 0. Reviewed-by: Barry Song <baohua@xxxxxxxxxx> Reviewed-by: Uladzislau Rezki (Sony) <urezki@xxxxxxxxx> Signed-off-by: Hailong.Liu <hailong.liu@xxxxxxxx> --- Changes since v2 [2]: - Remove RFC tag - Modify commit msg, per Barry Changes since v1 [1]: - Return ERR_PTR(-EINVAL) or not check IS_ERR_OR_NULL [1] https://lore.kernel.org/all/84d7cd03-1cf8-401a-8edf-2524db0bd6d5@xxxxxxxx/ [2] https://lore.kernel.org/all/20240419101643.11534-1-hailong.liu@xxxxxxxx/ mm/vmalloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index d12a17fc0c17..44be3edb3f42 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -2173,7 +2173,7 @@ static void *vb_alloc(unsigned long size, gfp_t gfp_mask) * get_order(0) returns funny result. Just warn and terminate * early. */ - return NULL; + return ERR_PTR(-EINVAL); } order = get_order(size); -- 2.34.1
