From: Lilitha Persefoni Gkini <lilithpgkini@gmail.com>
To: Christoph Lameter <cl@linux.com>,
Pekka Enberg <penberg@kernel.org>,
David Rientjes <rientjes@google.com>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vlastimil Babka <vbabka@suse.cz>,
Roman Gushchin <roman.gushchin@linux.dev>,
Hyeonggon Yoo <42.hyeyoo@gmail.com>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org
Subject: [PATCH] slub: Fix Off-By-One in the While condition in on_freelist()
Date: Sat, 15 Feb 2025 18:57:01 +0200 [thread overview]
Message-ID: <Z7DHXVNJ5aVBM2WA@Arch> (raw)
The condition `nr <= slab->objects` in the `on_freelist()` serves as
bound while walking through the `freelist` linked list because we can't
have more free objects than the maximum amount of objects in the slab.
But the `=` can result in an extra unnecessary iteration.
The patch changes it to `nr < slab->objects` to ensure it iterates
at most `slab->objects` number of times.
Signed-off-by: Lilitha Persefoni Gkini <lilithpgkini@gmail.com>
---
mm/slub.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/slub.c b/mm/slub.c
index 1f50129dcfb3..ad42450d4b0f 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1435,7 +1435,7 @@ static int on_freelist(struct kmem_cache *s, struct slab *slab, void *search)
int max_objects;
fp = slab->freelist;
- while (fp && nr <= slab->objects) {
+ while (fp && nr < slab->objects) {
if (fp == search)
return 1;
if (!check_valid_pointer(s, slab, fp)) {
--
2.48.1
next reply other threads:[~2025-02-15 16:57 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-15 16:57 Lilitha Persefoni Gkini [this message]
2025-02-20 8:20 ` [PATCH] slub: Fix Off-By-One in the While condition in on_freelist() Harry Yoo
2025-02-20 9:21 ` Harry Yoo
2025-02-21 14:57 ` Lilith Gkini
2025-02-22 3:58 ` Harry Yoo
2025-02-22 9:24 ` Lilith Gkini
2025-02-24 0:00 ` Harry Yoo
2025-02-24 12:12 ` Lilith Gkini
2025-02-25 10:08 ` Harry Yoo
2025-02-27 16:40 ` Lilith Gkini
2025-03-02 13:11 ` Harry Yoo
-- strict thread matches above, loose matches on Subject: below --
2025-03-02 18:01 Lilith Persefoni Gkini
2025-03-03 11:06 ` Vlastimil Babka
2025-03-03 16:41 ` Lilith Gkini
2025-03-03 17:39 ` Christoph Lameter (Ampere)
2025-03-03 19:06 ` Vlastimil Babka
2025-03-04 8:24 ` Lilith Gkini
2025-03-04 8:41 ` Vlastimil Babka
2025-03-04 11:06 ` Lilith Gkini
2025-03-04 11:20 ` Vlastimil Babka
2025-03-04 12:18 ` Lilith Gkini
2025-03-04 14:25 ` Vlastimil Babka
2025-03-04 17:14 ` Lilith Gkini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z7DHXVNJ5aVBM2WA@Arch \
--to=lilithpgkini@gmail.com \
--cc=42.hyeyoo@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=cl@linux.com \
--cc=iamjoonsoo.kim@lge.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=penberg@kernel.org \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.