Since alloc_loc_track() will alloc additional space, and already knows about 'max', so need be sure of 'max' must be larger than 't->count'. The caller may not notice about it, e.g. call from add_location() in "mm/slub.c", which only let "max = 2 * max" when "t->count >= t->max" Signed-off-by: Chen Gang <gang.chen@xxxxxxxxxxx> --- mm/slub.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 2b02d66..36f606d 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3993,6 +3993,9 @@ static int alloc_loc_track(struct loc_track *t, unsigned long max, gfp_t flags) struct location *l; int order; + if (t->count >= max) + return 0; + order = get_order(sizeof(struct location) * max); l = (void *)__get_free_pages(flags, order); -- 1.7.7.6 -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>