Patch "lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure" has been added to the 6.8-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     lib-test_hmm.c-handle-src_pfns-and-dst_pfns-allocati.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 92712564ab7fdccc93c1fe1f99907876a5c183d1
Author: Duoming Zhou <duoming@xxxxxxxxxx>
Date:   Tue Mar 12 08:59:05 2024 +0800

    lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
    
    [ Upstream commit c2af060d1c18beaec56351cf9c9bcbbc5af341a3 ]
    
    The kcalloc() in dmirror_device_evict_chunk() will return null if the
    physical memory has run out.  As a result, if src_pfns or dst_pfns is
    dereferenced, the null pointer dereference bug will happen.
    
    Moreover, the device is going away.  If the kcalloc() fails, the pages
    mapping a chunk could not be evicted.  So add a __GFP_NOFAIL flag in
    kcalloc().
    
    Finally, as there is no need to have physically contiguous memory, Switch
    kcalloc() to kvcalloc() in order to avoid failing allocations.
    
    Link: https://lkml.kernel.org/r/20240312005905.9939-1-duoming@xxxxxxxxxx
    Fixes: b2ef9f5a5cb3 ("mm/hmm/test: add selftest driver for HMM")
    Signed-off-by: Duoming Zhou <duoming@xxxxxxxxxx>
    Cc: Jérôme Glisse <jglisse@xxxxxxxxxx>
    Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/lib/test_hmm.c b/lib/test_hmm.c
index 717dcb8301273..b823ba7cb6a15 100644
--- a/lib/test_hmm.c
+++ b/lib/test_hmm.c
@@ -1226,8 +1226,8 @@ static void dmirror_device_evict_chunk(struct dmirror_chunk *chunk)
 	unsigned long *src_pfns;
 	unsigned long *dst_pfns;
 
-	src_pfns = kcalloc(npages, sizeof(*src_pfns), GFP_KERNEL);
-	dst_pfns = kcalloc(npages, sizeof(*dst_pfns), GFP_KERNEL);
+	src_pfns = kvcalloc(npages, sizeof(*src_pfns), GFP_KERNEL | __GFP_NOFAIL);
+	dst_pfns = kvcalloc(npages, sizeof(*dst_pfns), GFP_KERNEL | __GFP_NOFAIL);
 
 	migrate_device_range(src_pfns, start_pfn, npages);
 	for (i = 0; i < npages; i++) {
@@ -1250,8 +1250,8 @@ static void dmirror_device_evict_chunk(struct dmirror_chunk *chunk)
 	}
 	migrate_device_pages(src_pfns, dst_pfns, npages);
 	migrate_device_finalize(src_pfns, dst_pfns, npages);
-	kfree(src_pfns);
-	kfree(dst_pfns);
+	kvfree(src_pfns);
+	kvfree(dst_pfns);
 }
 
 /* Removes free pages from the free list so they can't be re-allocated */




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux