From: Alastair D'Silva <alastair@xxxxxxxxxxx> Subject: mm/memremap.c: add a bounds check in devm_memremap_pages() The call to check_hotplug_memory_addressable() validates that the memory is fully addressable. Without this call, it is possible that we may remap pages that is not physically addressable, resulting in bogus section numbers being returned from __section_nr(). Link: http://lkml.kernel.org/r/20190917010752.28395-3-alastair@xxxxxxxxxxx Signed-off-by: Alastair D'Silva <alastair@xxxxxxxxxxx> Acked-by: David Hildenbrand <david@xxxxxxxxxx> Cc: Dan Williams <dan.j.williams@xxxxxxxxx> Cc: Ira Weiny <ira.weiny@xxxxxxxxx> Cc: Jason Gunthorpe <jgg@xxxxxxxx> Cc: Logan Gunthorpe <logang@xxxxxxxxxxxx> Cc: Michal Hocko <mhocko@xxxxxxxx> Cc: Oscar Salvador <osalvador@xxxxxxxx> Cc: Pavel Tatashin <pasha.tatashin@xxxxxxxxxx> Cc: Qian Cai <cai@xxxxxx> Cc: Wei Yang <richard.weiyang@xxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- mm/memremap.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/mm/memremap.c~mm-add-a-bounds-check-in-devm_memremap_pages +++ a/mm/memremap.c @@ -167,6 +167,11 @@ void *memremap_pages(struct dev_pagemap int error, is_ram; bool need_devmap_managed = true; + error = check_hotplug_memory_addressable(res->start, + resource_size(res)); + if (error) + return ERR_PTR(error); + switch (pgmap->type) { case MEMORY_DEVICE_PRIVATE: if (!IS_ENABLED(CONFIG_DEVICE_PRIVATE)) { _
