[PATCH] mm/memblock.c: fix NULL dereference error

All of lore.kernel.org
 help / color / mirror / Atom feed

From: zijun_hu <zijun_hu@zoho.com>
To: akpm@linux-foundation.org
Cc: ard.biesheuvel@linaro.org, david@gibson.dropbear.id.au,
	dev@g0hl1n.net, kuleshovmail@gmail.com, tangchen@cn.fujitsu.com,
	tj@kernel.org, weiyang@linux.vnet.ibm.com,
	mm-commits@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-mm@kvack.org, torvalds@linux-foundation.org
Subject: [PATCH] mm/memblock.c: fix NULL dereference error
Date: Tue, 2 Aug 2016 13:03:37 +0800	[thread overview]
Message-ID: <57A029A9.6060303@zoho.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 253 bytes --]

Hi Andrew,

this patch is part of https://lkml.org/lkml/2016/7/26/347 and isn't merged in
as you advised in another mail, i release this patch against linus's mainline
for fixing relevant bugs completely, see test patch attached for verification
details

WARNING: multiple messages have this Message-ID (diff)

From: zijun_hu <zijun_hu@zoho.com>
To: akpm@linux-foundation.org
Cc: ard.biesheuvel@linaro.org, david@gibson.dropbear.id.au,
	dev@g0hl1n.net, kuleshovmail@gmail.com, tangchen@cn.fujitsu.com,
	tj@kernel.org, weiyang@linux.vnet.ibm.com,
	mm-commits@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-mm@kvack.org, torvalds@linux-foundation.org
Subject: [PATCH] mm/memblock.c: fix NULL dereference error
Date: Tue, 2 Aug 2016 13:03:37 +0800	[thread overview]
Message-ID: <57A029A9.6060303@zoho.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1457 bytes --]

Hi Andrew,

this patch is part of https://lkml.org/lkml/2016/7/26/347 and isn't merged in
as you advised in another mail, i release this patch against linus's mainline
for fixing relevant bugs completely, see test patch attached for verification
details

>From 5a74cb46b7754a45428ff95f4653ad27025c3131 Mon Sep 17 00:00:00 2001
From: zijun_hu <zijun_hu@htc.com>
Date: Tue, 2 Aug 2016 12:35:28 +0800
Subject: [PATCH] mm/memblock.c: fix NULL dereference error

it causes NULL dereference error and failure to get type_a->regions[0] info
if parameter type_b of __next_mem_range_rev() == NULL

the bugs are fixed by checking before dereferring and initializing idx_b
to 0

the approach is tested by dumping all types of region via __memblock_dump_all()
and __next_mem_range_rev() fixed to UART separately, the result is okay after
checking the logs

Signed-off-by: zijun_hu <zijun_hu@htc.com>
Tested-by: zijun_hu <zijun_hu@htc.com>
Acked-by: Tejun Heo <tj@kernel.org>
---
 mm/memblock.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mm/memblock.c b/mm/memblock.c
index ff5ff3b..250dd48 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -994,7 +994,10 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags,
 
 	if (*idx == (u64)ULLONG_MAX) {
 		idx_a = type_a->cnt - 1;
-		idx_b = type_b->cnt;
+		if (type_b != NULL)
+			idx_b = type_b->cnt;
+		else
+			idx_b = 0;
 	}
 
 	for (; idx_a >= 0; idx_a--) {
-- 
1.9.1



[-- Attachment #2: 0002-mm-temporary-patch-for-fix-memblock-issue-test.patch --]
[-- Type: text/x-patch, Size: 2503 bytes --]

>From df753d7d9426b4d2a5518958d281be2985ccd40d Mon Sep 17 00:00:00 2001
From: zijun_hu <zijun_hu@htc.com>
Date: Wed, 27 Jul 2016 12:13:37 +0800
Subject: [PATCH 2/2] mm: temporary patch for fix memblock issue test

temporary patch for fix memblock issue test

Signed-off-by: zijun_hu <zijun_hu@htc.com>
---
 arch/arm64/mm/init.c     |  7 +++++++
 include/linux/memblock.h |  1 +
 mm/memblock.c            | 25 +++++++++++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index d45f862..0db80bb 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -326,6 +326,13 @@ void __init bootmem_init(void)
 
 	high_memory = __va((max << PAGE_SHIFT) - 1) + 1;
 	memblock_dump_all();
+
+	if (!memblock_debug)
+		__memblock_dump_all();
+	/*
+	 * extern void memblock_patch_verify(void);
+	 */
+	memblock_patch_verify();
 }
 
 #ifndef CONFIG_SPARSEMEM_VMEMMAP
diff --git a/include/linux/memblock.h b/include/linux/memblock.h
index 3106ac1..c62df1e 100644
--- a/include/linux/memblock.h
+++ b/include/linux/memblock.h
@@ -340,6 +340,7 @@ bool memblock_is_reserved(phys_addr_t addr);
 bool memblock_is_region_reserved(phys_addr_t base, phys_addr_t size);
 
 extern void __memblock_dump_all(void);
+extern void memblock_patch_verify(void);
 
 static inline void memblock_dump_all(void)
 {
diff --git a/mm/memblock.c b/mm/memblock.c
index e95f95f..5c179ae 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -1652,6 +1652,31 @@ void __init_memblock __memblock_dump_all(void)
 	memblock_dump(&memblock.reserved, "reserved");
 }
 
+void __init_memblock memblock_patch_verify(void)
+{
+	u64 i;
+	phys_addr_t this_start, this_end;
+
+	pr_info("in %s: memory\n", __func__);
+	for_each_mem_range_rev(i, &memblock.memory, NULL, NUMA_NO_NODE,
+			MEMBLOCK_NONE, &this_start, &this_end, NULL)
+		pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+				i, this_start, this_end);
+
+	pr_info("in %s: reserved\n", __func__);
+	for_each_mem_range_rev(i, &memblock.reserved, NULL, NUMA_NO_NODE,
+			MEMBLOCK_NONE, &this_start, &this_end, NULL)
+		pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+				i, this_start, this_end);
+
+	pr_info("in %s: memory X reserved\n", __func__);
+	for_each_mem_range_rev(i, &memblock.memory, &memblock.reserved,
+			NUMA_NO_NODE, MEMBLOCK_NONE,
+			&this_start, &this_end, NULL)
+		pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+				i, this_start, this_end);
+}
+
 void __init memblock_allow_resize(void)
 {
 	memblock_can_resize = 1;
-- 
1.9.1

next             reply	other threads:[~2016-08-02  5:05 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-08-02  5:03 zijun_hu [this message]
2016-08-02  5:03 ` [PATCH] mm/memblock.c: fix NULL dereference error zijun_hu
2016-08-02  5:20 ` zijun_hu
2016-08-02  5:20   ` zijun_hu
2016-08-02  5:23 ` kbuild test robot
2016-08-02  5:32   ` zijun_hu
2016-08-02  5:32     ` zijun_hu
2016-08-02  5:39 ` zijun_hu
2016-08-02  5:39   ` zijun_hu

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:ff5ff3b dfblob:250dd48 dfblob:d45f862 dfblob:0db80bb
dfblob:3106ac1 dfblob:c62df1e dfblob:e95f95f dfblob:5c179ae )
 OR (
bs:"mm: temporary patch for fix memblock issue test" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=57A029A9.6060303@zoho.com \
    --to=zijun_hu@zoho.com \
    --cc=akpm@linux-foundation.org \
    --cc=ard.biesheuvel@linaro.org \
    --cc=david@gibson.dropbear.id.au \
    --cc=dev@g0hl1n.net \
    --cc=kuleshovmail@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=mm-commits@vger.kernel.org \
    --cc=tangchen@cn.fujitsu.com \
    --cc=tj@kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=weiyang@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.