lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <387ca68d-7c59-b316-7d95-cf13a3b26770@rasmusvillemoes.dk>
Date:   Mon, 21 Jun 2021 18:01:17 +0200
From:   Rasmus Villemoes <linux@...musvillemoes.dk>
To:     Mel Gorman <mgorman@...hsingularity.net>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Alexander Lobakin <alobakin@...me>,
        Vlastimil Babka <vbabka@...e.cz>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check
 before accessing array

On 07/05/2021 12.26, Mel Gorman wrote:
> On Fri, May 07, 2021 at 08:45:03AM +0200, Rasmus Villemoes wrote:
>> In the event that somebody would call this with an already fully
>> populated page_array, the last loop iteration would do an access
>> beyond the end of page_array.
>>
>> It's of course extremely unlikely that would ever be done, but this
>> triggers my internal static analyzer. Also, if it really is not
>> supposed to be invoked this way (i.e., with no NULL entries in
>> page_array), the nr_populated<nr_pages check could simply be removed
>> instead.
>>
>> Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
>> Signed-off-by: Rasmus Villemoes <linux@...musvillemoes.dk>
> 
> Acked-by: Mel Gorman <mgorman@...hsingularity.net>
> 

Andrew, will you get this to Linus before 5.13 is released? I got a mail
on May 9 that it had been added to your queue, but I don't see it in
master yet.

Rasmus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ