[PATCH] PM / hibernate: Avoid overflow in hibernate_preallocate_memory

[PATCH] PM / hibernate: Avoid overflow in hibernate_preallocate_memory

[Aaron Lu]

When system has a lot of highmem(e.g. 16GiB using a 32 bits kernel), the
code to calculate how much memory we need to preallocate in normal zone
may cause overflow. As Leon has analysed:
"
It looks that during computing 'alloc' variable there is overflow:
alloc = (3943404 - 1970542) - 1978280 = -5418 (signed)
And this function goes to err_out.
"
Fix this by avoiding that overflow.

Reference: https://bugzilla.kernel.org/show_bug.cgi?id=60817
Reported-and-tested-by: Leon Drugi <eyak@wp.pl>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
---
 kernel/power/snapshot.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
index 98c3b34a4cff..91aa616a1f4e 100644
--- a/kernel/power/snapshot.c
+++ b/kernel/power/snapshot.c
@@ -1402,7 +1402,8 @@ int hibernate_preallocate_memory(void)
 	 * highmem and non-highmem zones separately.
 	 */
 	pages_highmem = preallocate_image_highmem(highmem / 2);
-	alloc = (count - max_size) - pages_highmem;
+	alloc = (count - max_size) > pages_highmem ?
+		(count - max_size - pages_highmem) : 0;
 	pages = preallocate_image_memory(alloc, avail_normal);
 	if (pages < alloc) {
 		/* We have exhausted non-highmem pages, try highmem. */
-- 
1.8.4.39.ga0d3f10

Re: [PATCH] PM / hibernate: Avoid overflow in hibernate_preallocate_memory

[Rafael J. Wysocki]

On Tuesday, November 05, 2013 03:16:01 PM Aaron Lu wrote:
> When system has a lot of highmem(e.g. 16GiB using a 32 bits kernel), the
> code to calculate how much memory we need to preallocate in normal zone
> may cause overflow. As Leon has analysed:
> "
> It looks that during computing 'alloc' variable there is overflow:
> alloc = (3943404 - 1970542) - 1978280 = -5418 (signed)
> And this function goes to err_out.
> "
> Fix this by avoiding that overflow.
> 
> Reference: https://bugzilla.kernel.org/show_bug.cgi?id=60817
> Reported-and-tested-by: Leon Drugi <eyak@wp.pl>
> Cc: stable <stable@vger.kernel.org>
> Signed-off-by: Aaron Lu <aaron.lu@intel.com>
> ---
>  kernel/power/snapshot.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
> index 98c3b34a4cff..91aa616a1f4e 100644
> --- a/kernel/power/snapshot.c
> +++ b/kernel/power/snapshot.c
> @@ -1402,7 +1402,8 @@ int hibernate_preallocate_memory(void)
>  	 * highmem and non-highmem zones separately.
>  	 */
>  	pages_highmem = preallocate_image_highmem(highmem / 2);
> -	alloc = (count - max_size) - pages_highmem;
> +	alloc = (count - max_size) > pages_highmem ?
> +		(count - max_size - pages_highmem) : 0;

Well, what about

	alloc = count - max_size;
	if (alloc > pages_highmem)
		alloc -= pages_highmem;
	else
		alloc = 0;

>  	pages = preallocate_image_memory(alloc, avail_normal);
>  	if (pages < alloc) {
>  		/* We have exhausted non-highmem pages, try highmem. */
> 
-- 
I speak only for myself.
Rafael J. Wysocki, Intel Open Source Technology Center.

[PATCH update] PM / hibernate: Avoid overflow in hibernate_preallocate_memory

[Aaron Lu]

On 11/05/2013 10:22 PM, Rafael J. Wysocki wrote:
> On Tuesday, November 05, 2013 03:16:01 PM Aaron Lu wrote:
>>  	pages_highmem = preallocate_image_highmem(highmem / 2);
>> -	alloc = (count - max_size) - pages_highmem;
>> +	alloc = (count - max_size) > pages_highmem ?
>> +		(count - max_size - pages_highmem) : 0;
> 
> Well, what about
> 
> 	alloc = count - max_size;
> 	if (alloc > pages_highmem)
> 		alloc -= pages_highmem;
> 	else
> 		alloc = 0;
> 

OK, here it comes:

From: Aaron Lu <aaron.lu@intel.com>
Subject: [PATCH] PM / hibernate: Avoid overflow in hibernate_preallocate_memory

When system has a lot of highmem(e.g. 16GiB using a 32 bits kernel), the
code to calculate how much memory we need to preallocate in normal zone
may cause overflow. As Leon has analysed:
"
It looks that during computing 'alloc' variable there is overflow:
alloc = (3943404 - 1970542) - 1978280 = -5418 (signed)
And this function goes to err_out.
"
Fix this by avoiding that overflow.

Reference: https://bugzilla.kernel.org/show_bug.cgi?id=60817
Reported-and-tested-by: Leon Drugi <eyak@wp.pl>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Aaron Lu <aaron.lu@intel.com>
---
 kernel/power/snapshot.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
index 98c3b34a4cff..10c22cae83a0 100644
--- a/kernel/power/snapshot.c
+++ b/kernel/power/snapshot.c
@@ -1402,7 +1402,11 @@ int hibernate_preallocate_memory(void)
 	 * highmem and non-highmem zones separately.
 	 */
 	pages_highmem = preallocate_image_highmem(highmem / 2);
-	alloc = (count - max_size) - pages_highmem;
+	alloc = count - max_size;
+	if (alloc > pages_highmem)
+		alloc -= pages_highmem;
+	else
+		alloc = 0;
 	pages = preallocate_image_memory(alloc, avail_normal);
 	if (pages < alloc) {
 		/* We have exhausted non-highmem pages, try highmem. */
-- 
1.8.4.39.ga0d3f10