* [PATCH] mm/memblock.c: fix NULL dereference error
@ 2016-08-02 5:03 zijun_hu
2016-08-02 5:20 ` zijun_hu
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: zijun_hu @ 2016-08-02 5:03 UTC (permalink / raw)
To: akpm
Cc: ard.biesheuvel, david, dev, kuleshovmail, tangchen, tj, weiyang,
mm-commits, linux-kernel, linux-mm, torvalds
[-- Attachment #1: Type: text/plain, Size: 1457 bytes --]
Hi Andrew,
this patch is part of https://lkml.org/lkml/2016/7/26/347 and isn't merged in
as you advised in another mail, i release this patch against linus's mainline
for fixing relevant bugs completely, see test patch attached for verification
details
>From 5a74cb46b7754a45428ff95f4653ad27025c3131 Mon Sep 17 00:00:00 2001
From: zijun_hu <zijun_hu@htc.com>
Date: Tue, 2 Aug 2016 12:35:28 +0800
Subject: [PATCH] mm/memblock.c: fix NULL dereference error
it causes NULL dereference error and failure to get type_a->regions[0] info
if parameter type_b of __next_mem_range_rev() == NULL
the bugs are fixed by checking before dereferring and initializing idx_b
to 0
the approach is tested by dumping all types of region via __memblock_dump_all()
and __next_mem_range_rev() fixed to UART separately, the result is okay after
checking the logs
Signed-off-by: zijun_hu <zijun_hu@htc.com>
Tested-by: zijun_hu <zijun_hu@htc.com>
Acked-by: Tejun Heo <tj@kernel.org>
---
mm/memblock.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/memblock.c b/mm/memblock.c
index ff5ff3b..250dd48 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -994,7 +994,10 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags,
if (*idx == (u64)ULLONG_MAX) {
idx_a = type_a->cnt - 1;
- idx_b = type_b->cnt;
+ if (type_b != NULL)
+ idx_b = type_b->cnt;
+ else
+ idx_b = 0;
}
for (; idx_a >= 0; idx_a--) {
--
1.9.1
[-- Attachment #2: 0002-mm-temporary-patch-for-fix-memblock-issue-test.patch --]
[-- Type: text/x-patch, Size: 2503 bytes --]
>From df753d7d9426b4d2a5518958d281be2985ccd40d Mon Sep 17 00:00:00 2001
From: zijun_hu <zijun_hu@htc.com>
Date: Wed, 27 Jul 2016 12:13:37 +0800
Subject: [PATCH 2/2] mm: temporary patch for fix memblock issue test
temporary patch for fix memblock issue test
Signed-off-by: zijun_hu <zijun_hu@htc.com>
---
arch/arm64/mm/init.c | 7 +++++++
include/linux/memblock.h | 1 +
mm/memblock.c | 25 +++++++++++++++++++++++++
3 files changed, 33 insertions(+)
diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index d45f862..0db80bb 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -326,6 +326,13 @@ void __init bootmem_init(void)
high_memory = __va((max << PAGE_SHIFT) - 1) + 1;
memblock_dump_all();
+
+ if (!memblock_debug)
+ __memblock_dump_all();
+ /*
+ * extern void memblock_patch_verify(void);
+ */
+ memblock_patch_verify();
}
#ifndef CONFIG_SPARSEMEM_VMEMMAP
diff --git a/include/linux/memblock.h b/include/linux/memblock.h
index 3106ac1..c62df1e 100644
--- a/include/linux/memblock.h
+++ b/include/linux/memblock.h
@@ -340,6 +340,7 @@ bool memblock_is_reserved(phys_addr_t addr);
bool memblock_is_region_reserved(phys_addr_t base, phys_addr_t size);
extern void __memblock_dump_all(void);
+extern void memblock_patch_verify(void);
static inline void memblock_dump_all(void)
{
diff --git a/mm/memblock.c b/mm/memblock.c
index e95f95f..5c179ae 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -1652,6 +1652,31 @@ void __init_memblock __memblock_dump_all(void)
memblock_dump(&memblock.reserved, "reserved");
}
+void __init_memblock memblock_patch_verify(void)
+{
+ u64 i;
+ phys_addr_t this_start, this_end;
+
+ pr_info("in %s: memory\n", __func__);
+ for_each_mem_range_rev(i, &memblock.memory, NULL, NUMA_NO_NODE,
+ MEMBLOCK_NONE, &this_start, &this_end, NULL)
+ pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+ i, this_start, this_end);
+
+ pr_info("in %s: reserved\n", __func__);
+ for_each_mem_range_rev(i, &memblock.reserved, NULL, NUMA_NO_NODE,
+ MEMBLOCK_NONE, &this_start, &this_end, NULL)
+ pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+ i, this_start, this_end);
+
+ pr_info("in %s: memory X reserved\n", __func__);
+ for_each_mem_range_rev(i, &memblock.memory, &memblock.reserved,
+ NUMA_NO_NODE, MEMBLOCK_NONE,
+ &this_start, &this_end, NULL)
+ pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+ i, this_start, this_end);
+}
+
void __init memblock_allow_resize(void)
{
memblock_can_resize = 1;
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/memblock.c: fix NULL dereference error
2016-08-02 5:03 [PATCH] mm/memblock.c: fix NULL dereference error zijun_hu
@ 2016-08-02 5:20 ` zijun_hu
2016-08-02 5:23 ` kbuild test robot
2016-08-02 5:39 ` zijun_hu
2 siblings, 0 replies; 5+ messages in thread
From: zijun_hu @ 2016-08-02 5:20 UTC (permalink / raw)
Cc: zijun_hu, kuleshovmail, tangchen, tj, weiyang, mm-commits,
linux-kernel, linux-mm, torvalds
On 08/02/2016 01:03 PM, zijun_hu wrote:
> Hi Andrew,
>
> this patch is part of https://lkml.org/lkml/2016/7/26/347 and isn't merged in
> as you advised in another mail, i release this patch against linus's mainline
> for fixing relevant bugs completely, see test patch attached for verification
> details
>
>>From 5a74cb46b7754a45428ff95f4653ad27025c3131 Mon Sep 17 00:00:00 2001
> From: zijun_hu <zijun_hu@htc.com>
> Date: Tue, 2 Aug 2016 12:35:28 +0800
> Subject: [PATCH] mm/memblock.c: fix NULL dereference error
>
> it causes NULL dereference error and failure to get type_a->regions[0] info
> if parameter type_b of __next_mem_range_rev() == NULL
>
> the bugs are fixed by checking before dereferring and initializing idx_b
> to 0
>
> the approach is tested by dumping all types of region via __memblock_dump_all()
> and __next_mem_range_rev() fixed to UART separately, the result is okay after
> checking the logs
>
> Signed-off-by: zijun_hu <zijun_hu@htc.com>
> Tested-by: zijun_hu <zijun_hu@htc.com>
> Acked-by: Tejun Heo <tj@kernel.org>
> ---
> mm/memblock.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/mm/memblock.c b/mm/memblock.c
> index ff5ff3b..250dd48 100644
> --- a/mm/memblock.c
> +++ b/mm/memblock.c
> @@ -994,7 +994,10 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags,
>
> if (*idx == (u64)ULLONG_MAX) {
> idx_a = type_a->cnt - 1;
> - idx_b = type_b->cnt;
> + if (type_b != NULL)
> + idx_b = type_b->cnt;
> + else
> + idx_b = 0;
> }
>
> for (; idx_a >= 0; idx_a--) {
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/memblock.c: fix NULL dereference error
2016-08-02 5:03 [PATCH] mm/memblock.c: fix NULL dereference error zijun_hu
2016-08-02 5:20 ` zijun_hu
@ 2016-08-02 5:23 ` kbuild test robot
2016-08-02 5:32 ` zijun_hu
2016-08-02 5:39 ` zijun_hu
2 siblings, 1 reply; 5+ messages in thread
From: kbuild test robot @ 2016-08-02 5:23 UTC (permalink / raw)
To: zijun_hu
Cc: kbuild-all, akpm, ard.biesheuvel, david, dev, kuleshovmail,
tangchen, tj, weiyang, mm-commits, linux-kernel, linux-mm,
torvalds
[-- Attachment #1: Type: text/plain, Size: 4892 bytes --]
Hi zijun_hu,
[auto build test WARNING on mmotm/master]
[also build test WARNING on v4.7 next-20160801]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/zijun_hu/mm-memblock-c-fix-NULL-dereference-error/20160802-130708
base: git://git.cmpxchg.org/linux-mmotm.git master
config: i386-randconfig-x009-201631 (attached as .config)
compiler: gcc-6 (Debian 6.1.1-9) 6.1.1 20160705
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All warnings (new ones prefixed by >>):
In file included from include/linux/kernel.h:13:0,
from mm/memblock.c:13:
mm/memblock.c: In function 'memblock_patch_verify':
>> mm/memblock.c:1713:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 3 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^
include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
#define pr_fmt(fmt) fmt
^~~
>> mm/memblock.c:1713:3: note: in expansion of macro 'pr_info'
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^~~~~~~
mm/memblock.c:1713:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 4 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^
include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
#define pr_fmt(fmt) fmt
^~~
>> mm/memblock.c:1713:3: note: in expansion of macro 'pr_info'
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^~~~~~~
mm/memblock.c:1719:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 3 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^
include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
#define pr_fmt(fmt) fmt
^~~
mm/memblock.c:1719:3: note: in expansion of macro 'pr_info'
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^~~~~~~
mm/memblock.c:1719:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 4 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^
include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
#define pr_fmt(fmt) fmt
^~~
mm/memblock.c:1719:3: note: in expansion of macro 'pr_info'
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^~~~~~~
mm/memblock.c:1726:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 3 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^
include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
#define pr_fmt(fmt) fmt
^~~
mm/memblock.c:1726:3: note: in expansion of macro 'pr_info'
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^~~~~~~
mm/memblock.c:1726:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 4 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^
include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
#define pr_fmt(fmt) fmt
^~~
mm/memblock.c:1726:3: note: in expansion of macro 'pr_info'
pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
^~~~~~~
vim +1713 mm/memblock.c
1697 pr_info(" memory size = %#llx reserved size = %#llx\n",
1698 (unsigned long long)memblock.memory.total_size,
1699 (unsigned long long)memblock.reserved.total_size);
1700
1701 memblock_dump(&memblock.memory, "memory");
1702 memblock_dump(&memblock.reserved, "reserved");
1703 }
1704
1705 void __init_memblock memblock_patch_verify(void)
1706 {
1707 u64 i;
1708 phys_addr_t this_start, this_end;
1709
1710 pr_info("in %s: memory\n", __func__);
1711 for_each_mem_range_rev(i, &memblock.memory, NULL, NUMA_NO_NODE,
1712 MEMBLOCK_NONE, &this_start, &this_end, NULL)
> 1713 pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
1714 i, this_start, this_end);
1715
1716 pr_info("in %s: reserved\n", __func__);
1717 for_each_mem_range_rev(i, &memblock.reserved, NULL, NUMA_NO_NODE,
1718 MEMBLOCK_NONE, &this_start, &this_end, NULL)
1719 pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
1720 i, this_start, this_end);
1721
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 24821 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/memblock.c: fix NULL dereference error
2016-08-02 5:23 ` kbuild test robot
@ 2016-08-02 5:32 ` zijun_hu
0 siblings, 0 replies; 5+ messages in thread
From: zijun_hu @ 2016-08-02 5:32 UTC (permalink / raw)
To: kbuild test robot
Cc: kbuild-all, akpm, ard.biesheuvel, david, dev, kuleshovmail,
tangchen, tj, weiyang, mm-commits, linux-kernel, linux-mm,
torvalds
i am sorry, the second patch is only a test patch, please don't apply it
i will send another mail for correct this
On 08/02/2016 01:23 PM, kbuild test robot wrote:
> Hi zijun_hu,
>
> [auto build test WARNING on mmotm/master]
> [also build test WARNING on v4.7 next-20160801]
> [if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
>
> url: https://github.com/0day-ci/linux/commits/zijun_hu/mm-memblock-c-fix-NULL-dereference-error/20160802-130708
> base: git://git.cmpxchg.org/linux-mmotm.git master
> config: i386-randconfig-x009-201631 (attached as .config)
> compiler: gcc-6 (Debian 6.1.1-9) 6.1.1 20160705
> reproduce:
> # save the attached .config to linux build tree
> make ARCH=i386
>
> All warnings (new ones prefixed by >>):
>
> In file included from include/linux/kernel.h:13:0,
> from mm/memblock.c:13:
> mm/memblock.c: In function 'memblock_patch_verify':
>>> mm/memblock.c:1713:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 3 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^
> include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
> #define pr_fmt(fmt) fmt
> ^~~
>>> mm/memblock.c:1713:3: note: in expansion of macro 'pr_info'
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^~~~~~~
> mm/memblock.c:1713:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 4 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^
> include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
> #define pr_fmt(fmt) fmt
> ^~~
>>> mm/memblock.c:1713:3: note: in expansion of macro 'pr_info'
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^~~~~~~
> mm/memblock.c:1719:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 3 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^
> include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
> #define pr_fmt(fmt) fmt
> ^~~
> mm/memblock.c:1719:3: note: in expansion of macro 'pr_info'
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^~~~~~~
> mm/memblock.c:1719:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 4 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^
> include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
> #define pr_fmt(fmt) fmt
> ^~~
> mm/memblock.c:1719:3: note: in expansion of macro 'pr_info'
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^~~~~~~
> mm/memblock.c:1726:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 3 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^
> include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
> #define pr_fmt(fmt) fmt
> ^~~
> mm/memblock.c:1726:3: note: in expansion of macro 'pr_info'
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^~~~~~~
> mm/memblock.c:1726:11: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 4 has type 'phys_addr_t {aka unsigned int}' [-Wformat=]
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^
> include/linux/printk.h:260:21: note: in definition of macro 'pr_fmt'
> #define pr_fmt(fmt) fmt
> ^~~
> mm/memblock.c:1726:3: note: in expansion of macro 'pr_info'
> pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> ^~~~~~~
>
> vim +1713 mm/memblock.c
>
> 1697 pr_info(" memory size = %#llx reserved size = %#llx\n",
> 1698 (unsigned long long)memblock.memory.total_size,
> 1699 (unsigned long long)memblock.reserved.total_size);
> 1700
> 1701 memblock_dump(&memblock.memory, "memory");
> 1702 memblock_dump(&memblock.reserved, "reserved");
> 1703 }
> 1704
> 1705 void __init_memblock memblock_patch_verify(void)
> 1706 {
> 1707 u64 i;
> 1708 phys_addr_t this_start, this_end;
> 1709
> 1710 pr_info("in %s: memory\n", __func__);
> 1711 for_each_mem_range_rev(i, &memblock.memory, NULL, NUMA_NO_NODE,
> 1712 MEMBLOCK_NONE, &this_start, &this_end, NULL)
>> 1713 pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> 1714 i, this_start, this_end);
> 1715
> 1716 pr_info("in %s: reserved\n", __func__);
> 1717 for_each_mem_range_rev(i, &memblock.reserved, NULL, NUMA_NO_NODE,
> 1718 MEMBLOCK_NONE, &this_start, &this_end, NULL)
> 1719 pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
> 1720 i, this_start, this_end);
> 1721
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] mm/memblock.c: fix NULL dereference error
2016-08-02 5:03 [PATCH] mm/memblock.c: fix NULL dereference error zijun_hu
2016-08-02 5:20 ` zijun_hu
2016-08-02 5:23 ` kbuild test robot
@ 2016-08-02 5:39 ` zijun_hu
2 siblings, 0 replies; 5+ messages in thread
From: zijun_hu @ 2016-08-02 5:39 UTC (permalink / raw)
To: akpm
Cc: ard.biesheuvel, david, dev, kuleshovmail, tangchen, tj, weiyang,
mm-commits, linux-kernel, linux-mm, torvalds
Hi All,
this mail correct the following mistakes in last mail
1, remove test patch attached
2, format patch to satisfy rules
i am so sorry for my mistake
Hi Andrew,
this patch is part of https://lkml.org/lkml/2016/7/26/347 and isn't merged in
as you advised in another mail, i release this patch against linus's mainline
for fixing relevant bugs completely
>From 5d79c31d755dc3f03ecc5b4134f21793258636cd Mon Sep 17 00:00:00 2001
From: zijun_hu <zijun_hu@htc.com>
Date: Tue, 2 Aug 2016 12:35:28 +0800
Subject: [PATCH] mm/memblock.c: fix NULL dereference error
it causes NULL dereference error and failure to get type_a->regions[0] info
if parameter type_b of __next_mem_range_rev() == NULL
the bugs are fixed by checking before dereferring and initializing idx_b
to 0
the approach is tested by dumping all types of region via
__memblock_dump_all() and __next_mem_range_rev() fixed to UART separately
the result is okay after checking the logs
Signed-off-by: zijun_hu <zijun_hu@htc.com>
Tested-by: zijun_hu <zijun_hu@htc.com>
Acked-by: Tejun Heo <tj@kernel.org>
---
mm/memblock.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/mm/memblock.c b/mm/memblock.c
index ff5ff3b..250dd48 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -994,7 +994,10 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags,
if (*idx == (u64)ULLONG_MAX) {
idx_a = type_a->cnt - 1;
- idx_b = type_b->cnt;
+ if (type_b != NULL)
+ idx_b = type_b->cnt;
+ else
+ idx_b = 0;
}
for (; idx_a >= 0; idx_a--) {
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-08-02 21:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-02 5:03 [PATCH] mm/memblock.c: fix NULL dereference error zijun_hu
2016-08-02 5:20 ` zijun_hu
2016-08-02 5:23 ` kbuild test robot
2016-08-02 5:32 ` zijun_hu
2016-08-02 5:39 ` zijun_hu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox