The patch titled
Subject: mm/compaction.c: fix an undefined behaviour
has been added to the -mm tree. Its filename is
mm-compaction-fix-an-undefined-behaviour.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/mm-compaction-fix-an-undefined-behaviour.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/mm-compaction-fix-an-undefined-behaviour.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Qian Cai <cai@xxxxxx>
Subject: mm/compaction.c: fix an undefined behaviour
In a low-memory situation, cc->fast_search_fail can keep increasing as it
is unable to find an available page to isolate in
fast_isolate_freepages(). As the result, it could trigger an error below,
so just compare with the maximum bits can be shifted first.
UBSAN: Undefined behaviour in mm/compaction.c:1160:30
shift exponent 64 is too large for 64-bit type 'unsigned long'
CPU: 131 PID: 1308 Comm: kcompactd1 Kdump: loaded Tainted: G
W L 5.0.0+ #17
Call trace:
dump_backtrace+0x0/0x450
show_stack+0x20/0x2c
dump_stack+0xc8/0x14c
__ubsan_handle_shift_out_of_bounds+0x7e8/0x8c4
compaction_alloc+0x2344/0x2484
unmap_and_move+0xdc/0x1dbc
migrate_pages+0x274/0x1310
compact_zone+0x26ec/0x43bc
kcompactd+0x15b8/0x1a24
kthread+0x374/0x390
ret_from_fork+0x10/0x18
Link: http://lkml.kernel.org/r/20190320203338.53367-1-cai@xxxxxx
Fixes: 70b44595eafe ("mm, compaction: use free lists to quickly locate a migration source")
Signed-off-by: Qian Cai <cai@xxxxxx>
Acked-by: Vlastimil Babka <vbabka@xxxxxxx>
Acked-by: Mel Gorman <mgorman@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
--- a/mm/compaction.c~mm-compaction-fix-an-undefined-behaviour
+++ a/mm/compaction.c
@@ -1157,7 +1157,9 @@ static bool suitable_migration_target(st
static inline unsigned int
freelist_scan_limit(struct compact_control *cc)
{
- return (COMPACT_CLUSTER_MAX >> cc->fast_search_fail) + 1;
+ return (COMPACT_CLUSTER_MAX >>
+ min((unsigned short)(BITS_PER_LONG - 1), cc->fast_search_fail))
+ + 1;
}
/*
_
Patches currently in -mm which might be from cai@xxxxxx are
kasan-fix-variable-tag-set-but-not-used-warning.patch
mm-debug-add-a-cast-to-u64-for-atomic64_read.patch
kmemleak-skip-scanning-holes-in-the-bss-section.patch
kmemleak-skip-scanning-holes-in-the-bss-section-v2.patch
mm-hotplug-fix-offline-undo_isolate_page_range.patch
mm-compaction-abort-search-if-isolation-fails-v2.patch
mm-compaction-fix-an-undefined-behaviour.patch
