From: kernel test robot <lkp@intel.com>
To: oe-kbuild@lists.linux.dev
Cc: lkp@intel.com, Dan Carpenter <error27@gmail.com>
Subject: [chrome-os:chromeos-6.1 5/16] mm/vmscan.c:3679 reset_ctrl_pos() error: buffer overflow 'lrugen->nr_pages[next_gen][type]' 3 <= 3
Date: Mon, 25 Nov 2024 21:58:17 +0800 [thread overview]
Message-ID: <202411252126.fpKorPPx-lkp@intel.com> (raw)
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: cros-kernel-buildreports@googlegroups.com
tree: https://chromium.googlesource.com/chromiumos/third_party/kernel chromeos-6.1
head: b2b621a35c99ae939056ecf51631858aff950acc
commit: 31ee01d6177c6425cac96c3a479ac109013f5755 [5/16] CHROMIUM: mm/mglru: age at different rates
:::::: branch date: 4 hours ago
:::::: commit date: 12 days ago
config: x86_64-randconfig-161-20241123 (https://download.01.org/0day-ci/archive/20241125/202411252126.fpKorPPx-lkp@intel.com/config)
compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202411252126.fpKorPPx-lkp@intel.com/
smatch warnings:
mm/vmscan.c:3679 reset_ctrl_pos() error: buffer overflow 'lrugen->nr_pages[next_gen][type]' 3 <= 3
vim +3679 mm/vmscan.c
2b29ac9f92f57d7 David Stevens 2024-07-12 3652
2b29ac9f92f57d7 David Stevens 2024-07-12 3653 static void reset_ctrl_pos(struct lruvec *lruvec, int type)
2b29ac9f92f57d7 David Stevens 2024-07-12 3654 {
2b29ac9f92f57d7 David Stevens 2024-07-12 3655 int hist, tier;
2b29ac9f92f57d7 David Stevens 2024-07-12 3656 struct lru_gen_folio *lrugen = &lruvec->lrugen;
31ee01d6177c642 David Stevens 2024-06-06 3657 unsigned long carry_from_seq = lrugen->min_seq[type];
31ee01d6177c642 David Stevens 2024-06-06 3658 unsigned long next_seq = carry_from_seq + 1;
31ee01d6177c642 David Stevens 2024-06-06 3659 unsigned long next_gen = lru_gen_from_seq(next_seq);
31ee01d6177c642 David Stevens 2024-06-06 3660 long total_nr_pages = 0;
2b29ac9f92f57d7 David Stevens 2024-07-12 3661
2b29ac9f92f57d7 David Stevens 2024-07-12 3662 lockdep_assert_held(&lruvec->lru_lock);
ac35a490237446b Yu Zhao 2022-09-18 3663
31ee01d6177c642 David Stevens 2024-06-06 3664 hist = lru_hist_from_seq(carry_from_seq);
ac35a490237446b Yu Zhao 2022-09-18 3665
ac35a490237446b Yu Zhao 2022-09-18 3666 for (tier = 0; tier < MAX_NR_TIERS; tier++) {
ac35a490237446b Yu Zhao 2022-09-18 3667 unsigned long sum;
ac35a490237446b Yu Zhao 2022-09-18 3668
ac35a490237446b Yu Zhao 2022-09-18 3669 sum = lrugen->avg_refaulted[type][tier] +
ac35a490237446b Yu Zhao 2022-09-18 3670 atomic_long_read(&lrugen->refaulted[hist][type][tier]);
ac35a490237446b Yu Zhao 2022-09-18 3671 WRITE_ONCE(lrugen->avg_refaulted[type][tier], sum / 2);
ac35a490237446b Yu Zhao 2022-09-18 3672
ac35a490237446b Yu Zhao 2022-09-18 3673 sum = lrugen->avg_total[type][tier] +
ac35a490237446b Yu Zhao 2022-09-18 3674 atomic_long_read(&lrugen->evicted[hist][type][tier]);
ac35a490237446b Yu Zhao 2022-09-18 3675 if (tier)
ac35a490237446b Yu Zhao 2022-09-18 3676 sum += lrugen->protected[hist][type][tier - 1];
ac35a490237446b Yu Zhao 2022-09-18 3677 WRITE_ONCE(lrugen->avg_total[type][tier], sum / 2);
ac35a490237446b Yu Zhao 2022-09-18 3678
31ee01d6177c642 David Stevens 2024-06-06 @3679 total_nr_pages += lrugen->nr_pages[next_gen][type][tier];
ac35a490237446b Yu Zhao 2022-09-18 3680 }
31ee01d6177c642 David Stevens 2024-06-06 3681 /* nr_pages is eventually consistent, so fix up the estimate if it's negative. */
31ee01d6177c642 David Stevens 2024-06-06 3682 total_nr_pages = max(total_nr_pages, 0);
2b29ac9f92f57d7 David Stevens 2024-07-12 3683
2b29ac9f92f57d7 David Stevens 2024-07-12 3684 if (NR_HIST_GENS == 1)
31ee01d6177c642 David Stevens 2024-06-06 3685 reset_histograms(lruvec, type, carry_from_seq);
31ee01d6177c642 David Stevens 2024-06-06 3686
31ee01d6177c642 David Stevens 2024-06-06 3687 hist = lru_hist_from_seq(next_seq);
31ee01d6177c642 David Stevens 2024-06-06 3688 WRITE_ONCE(lrugen->victim_seq[hist][type], READ_ONCE(lrugen->min_seq[!type]));
31ee01d6177c642 David Stevens 2024-06-06 3689 WRITE_ONCE(lrugen->oldest_gen_size[hist][type], total_nr_pages);
31ee01d6177c642 David Stevens 2024-06-06 3690 }
31ee01d6177c642 David Stevens 2024-06-06 3691
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2024-11-25 13:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-25 13:58 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-11-30 15:42 [chrome-os:chromeos-6.1 5/16] mm/vmscan.c:3679 reset_ctrl_pos() error: buffer overflow 'lrugen->nr_pages[next_gen][type]' 3 <= 3 Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202411252126.fpKorPPx-lkp@intel.com \
--to=lkp@intel.com \
--cc=error27@gmail.com \
--cc=oe-kbuild@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.