From: zhong jiang <zhongjiang@xxxxxxxxxx>
Subject: mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
When mainline introduced a96dfddbcc04 ("base/memory, hotplug: fix a kernel
oops in show_valid_zones()"), it obtained the valid start and end pfn from
the given pfn range. The valid start pfn can fix the actual issue, but it
introduced another issue. The valid end pfn will may exceed the given
end_pfn.
Although the incorrect overflow will not result in actual problem at
present, but I think it need to be fixed.
[toshi.kani@xxxxxxx: remove assumption that end_pfn is aligned by MAX_ORDER_NR_PAGES]
Fixes: a96dfddbcc04 ("base/memory, hotplug: fix a kernel oops in show_valid_zones()")
Link: http://lkml.kernel.org/r/1486467299-22648-1-git-send-email-zhongjiang@xxxxxxxxxx
Signed-off-by: zhong jiang <zhongjiang@xxxxxxxxxx>
Signed-off-by: Toshi Kani <toshi.kani@xxxxxxx>
Cc: Vlastimil Babka <vbabka@xxxxxxx>
Cc: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/memory_hotplug.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff -puN mm/memory_hotplug.c~mm-fix-a-overflow-in-test_pages_in_a_zone mm/memory_hotplug.c
--- a/mm/memory_hotplug.c~mm-fix-a-overflow-in-test_pages_in_a_zone
+++ a/mm/memory_hotplug.c
@@ -1509,7 +1509,7 @@ int test_pages_in_a_zone(unsigned long s
while ((i < MAX_ORDER_NR_PAGES) &&
!pfn_valid_within(pfn + i))
i++;
- if (i == MAX_ORDER_NR_PAGES)
+ if (i == MAX_ORDER_NR_PAGES || pfn + i >= end_pfn)
continue;
page = pfn_to_page(pfn + i);
if (zone && page_zone(page) != zone)
@@ -1523,7 +1523,7 @@ int test_pages_in_a_zone(unsigned long s
if (zone) {
*valid_start = start;
- *valid_end = end;
+ *valid_end = min(end, end_pfn);
return 1;
} else {
return 0;
_
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
