Commit d6d8c8a4 authored by zhong jiang's avatar zhong jiang Committed by Linus Torvalds

mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()

When mainline introduced commit a96dfddb ("base/memory, hotplug: fix
a kernel oops in show_valid_zones()"), it obtained the valid start and
end pfn from the given pfn range.  The valid start pfn can fix the
actual issue, but it introduced another issue.  The valid end pfn will
may exceed the given end_pfn.

Although the incorrect overflow will not result in actual problem at
present, but I think it need to be fixed.

[toshi.kani@hpe.com: remove assumption that end_pfn is aligned by MAX_ORDER_NR_PAGES]
Fixes: a96dfddb ("base/memory, hotplug: fix a kernel oops in show_valid_zones()")
Link: http://lkml.kernel.org/r/1486467299-22648-1-git-send-email-zhongjiang@huawei.comSigned-off-by: default avatarzhong jiang <zhongjiang@huawei.com>
Signed-off-by: default avatarToshi Kani <toshi.kani@hpe.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Mel Gorman <mgorman@techsingularity.net>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 8e19d540
...@@ -1509,7 +1509,7 @@ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn, ...@@ -1509,7 +1509,7 @@ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn,
while ((i < MAX_ORDER_NR_PAGES) && while ((i < MAX_ORDER_NR_PAGES) &&
!pfn_valid_within(pfn + i)) !pfn_valid_within(pfn + i))
i++; i++;
if (i == MAX_ORDER_NR_PAGES) if (i == MAX_ORDER_NR_PAGES || pfn + i >= end_pfn)
continue; continue;
page = pfn_to_page(pfn + i); page = pfn_to_page(pfn + i);
if (zone && page_zone(page) != zone) if (zone && page_zone(page) != zone)
...@@ -1523,7 +1523,7 @@ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn, ...@@ -1523,7 +1523,7 @@ int test_pages_in_a_zone(unsigned long start_pfn, unsigned long end_pfn,
if (zone) { if (zone) {
*valid_start = start; *valid_start = start;
*valid_end = end; *valid_end = min(end, end_pfn);
return 1; return 1;
} else { } else {
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment