mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
authorzhong jiang <zhongjiang@huawei.com>
Fri, 24 Feb 2017 22:59:30 +0000 (14:59 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Sat, 25 Feb 2017 01:46:56 +0000 (17:46 -0800)
When mainline introduced commit a96dfddbcc04 ("base/memory, hotplug: fix
a kernel oops in show_valid_zones()"), it obtained the valid start and
end pfn from the given pfn range.  The valid start pfn can fix the
actual issue, but it introduced another issue.  The valid end pfn will
may exceed the given end_pfn.

Although the incorrect overflow will not result in actual problem at
present, but I think it need to be fixed.

[toshi.kani@hpe.com: remove assumption that end_pfn is aligned by MAX_ORDER_NR_PAGES]
Fixes: a96dfddbcc04 ("base/memory, hotplug: fix a kernel oops in show_valid_zones()")
Link: http://lkml.kernel.org/r/1486467299-22648-1-git-send-email-zhongjiang@huawei.com
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
mm/memory_hotplug.c

index 7946375fe4660ab49bb82a77c9a1884c1f0fa09d..c35dd19765744ffdc2e22833e2eb1200829141b9 100644 (file)
@@ -1509,7 +1509,7 @@ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn,
                        while ((i < MAX_ORDER_NR_PAGES) &&
                                !pfn_valid_within(pfn + i))
                                i++;
-                       if (i == MAX_ORDER_NR_PAGES)
+                       if (i == MAX_ORDER_NR_PAGES || pfn + i >= end_pfn)
                                continue;
                        page = pfn_to_page(pfn + i);
                        if (zone && page_zone(page) != zone)
@@ -1523,7 +1523,7 @@ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn,
 
        if (zone) {
                *valid_start = start;
-               *valid_end = end;
+               *valid_end = min(end, end_pfn);
                return 1;
        } else {
                return 0;