From: zijun_hu <zijun_hu@zoho.com>
To: akpm@linux-foundation.org
Cc: ard.biesheuvel@linaro.org, david@gibson.dropbear.id.au,
dev@g0hl1n.net, kuleshovmail@gmail.com, tangchen@cn.fujitsu.com,
tj@kernel.org, weiyang@linux.vnet.ibm.com,
mm-commits@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-mm@kvack.org, torvalds@linux-foundation.org
Subject: [PATCH] mm/memblock.c: fix NULL dereference error
Date: Tue, 2 Aug 2016 13:03:37 +0800 [thread overview]
Message-ID: <57A029A9.6060303@zoho.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1457 bytes --]
Hi Andrew,
this patch is part of https://lkml.org/lkml/2016/7/26/347 and isn't merged in
as you advised in another mail, i release this patch against linus's mainline
for fixing relevant bugs completely, see test patch attached for verification
details
>From 5a74cb46b7754a45428ff95f4653ad27025c3131 Mon Sep 17 00:00:00 2001
From: zijun_hu <zijun_hu@htc.com>
Date: Tue, 2 Aug 2016 12:35:28 +0800
Subject: [PATCH] mm/memblock.c: fix NULL dereference error
it causes NULL dereference error and failure to get type_a->regions[0] info
if parameter type_b of __next_mem_range_rev() == NULL
the bugs are fixed by checking before dereferring and initializing idx_b
to 0
the approach is tested by dumping all types of region via __memblock_dump_all()
and __next_mem_range_rev() fixed to UART separately, the result is okay after
checking the logs
Signed-off-by: zijun_hu <zijun_hu@htc.com>
Tested-by: zijun_hu <zijun_hu@htc.com>
Acked-by: Tejun Heo <tj@kernel.org>
---
mm/memblock.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/memblock.c b/mm/memblock.c
index ff5ff3b..250dd48 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -994,7 +994,10 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags,
if (*idx == (u64)ULLONG_MAX) {
idx_a = type_a->cnt - 1;
- idx_b = type_b->cnt;
+ if (type_b != NULL)
+ idx_b = type_b->cnt;
+ else
+ idx_b = 0;
}
for (; idx_a >= 0; idx_a--) {
--
1.9.1
[-- Attachment #2: 0002-mm-temporary-patch-for-fix-memblock-issue-test.patch --]
[-- Type: text/x-patch, Size: 2503 bytes --]
>From df753d7d9426b4d2a5518958d281be2985ccd40d Mon Sep 17 00:00:00 2001
From: zijun_hu <zijun_hu@htc.com>
Date: Wed, 27 Jul 2016 12:13:37 +0800
Subject: [PATCH 2/2] mm: temporary patch for fix memblock issue test
temporary patch for fix memblock issue test
Signed-off-by: zijun_hu <zijun_hu@htc.com>
---
arch/arm64/mm/init.c | 7 +++++++
include/linux/memblock.h | 1 +
mm/memblock.c | 25 +++++++++++++++++++++++++
3 files changed, 33 insertions(+)
diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index d45f862..0db80bb 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -326,6 +326,13 @@ void __init bootmem_init(void)
high_memory = __va((max << PAGE_SHIFT) - 1) + 1;
memblock_dump_all();
+
+ if (!memblock_debug)
+ __memblock_dump_all();
+ /*
+ * extern void memblock_patch_verify(void);
+ */
+ memblock_patch_verify();
}
#ifndef CONFIG_SPARSEMEM_VMEMMAP
diff --git a/include/linux/memblock.h b/include/linux/memblock.h
index 3106ac1..c62df1e 100644
--- a/include/linux/memblock.h
+++ b/include/linux/memblock.h
@@ -340,6 +340,7 @@ bool memblock_is_reserved(phys_addr_t addr);
bool memblock_is_region_reserved(phys_addr_t base, phys_addr_t size);
extern void __memblock_dump_all(void);
+extern void memblock_patch_verify(void);
static inline void memblock_dump_all(void)
{
diff --git a/mm/memblock.c b/mm/memblock.c
index e95f95f..5c179ae 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -1652,6 +1652,31 @@ void __init_memblock __memblock_dump_all(void)
memblock_dump(&memblock.reserved, "reserved");
}
+void __init_memblock memblock_patch_verify(void)
+{
+ u64 i;
+ phys_addr_t this_start, this_end;
+
+ pr_info("in %s: memory\n", __func__);
+ for_each_mem_range_rev(i, &memblock.memory, NULL, NUMA_NO_NODE,
+ MEMBLOCK_NONE, &this_start, &this_end, NULL)
+ pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+ i, this_start, this_end);
+
+ pr_info("in %s: reserved\n", __func__);
+ for_each_mem_range_rev(i, &memblock.reserved, NULL, NUMA_NO_NODE,
+ MEMBLOCK_NONE, &this_start, &this_end, NULL)
+ pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+ i, this_start, this_end);
+
+ pr_info("in %s: memory X reserved\n", __func__);
+ for_each_mem_range_rev(i, &memblock.memory, &memblock.reserved,
+ NUMA_NO_NODE, MEMBLOCK_NONE,
+ &this_start, &this_end, NULL)
+ pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+ i, this_start, this_end);
+}
+
void __init memblock_allow_resize(void)
{
memblock_can_resize = 1;
--
1.9.1
next reply other threads:[~2016-08-02 5:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-02 5:03 zijun_hu [this message]
2016-08-02 5:20 ` [PATCH] mm/memblock.c: fix NULL dereference error zijun_hu
2016-08-02 5:23 ` kbuild test robot
2016-08-02 5:32 ` zijun_hu
2016-08-02 5:39 ` zijun_hu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57A029A9.6060303@zoho.com \
--to=zijun_hu@zoho.com \
--cc=akpm@linux-foundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=david@gibson.dropbear.id.au \
--cc=dev@g0hl1n.net \
--cc=kuleshovmail@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mm-commits@vger.kernel.org \
--cc=tangchen@cn.fujitsu.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=weiyang@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox