lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 22 Jun 2021 21:49:22 -0700
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Rasmus Villemoes <linux@...musvillemoes.dk>
Cc:     Mel Gorman <mgorman@...hsingularity.net>,
        Alexander Lobakin <alobakin@...me>,
        Vlastimil Babka <vbabka@...e.cz>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] mm/page_alloc: __alloc_pages_bulk(): do bounds check
 before accessing array

On Mon, 21 Jun 2021 18:01:17 +0200 Rasmus Villemoes <linux@...musvillemoes.dk> wrote:

> On 07/05/2021 12.26, Mel Gorman wrote:
> > On Fri, May 07, 2021 at 08:45:03AM +0200, Rasmus Villemoes wrote:
> >> In the event that somebody would call this with an already fully
> >> populated page_array, the last loop iteration would do an access
> >> beyond the end of page_array.
> >>
> >> It's of course extremely unlikely that would ever be done, but this
> >> triggers my internal static analyzer. Also, if it really is not
> >> supposed to be invoked this way (i.e., with no NULL entries in
> >> page_array), the nr_populated<nr_pages check could simply be removed
> >> instead.
> >>
> >> Fixes: 0f87d9d30f21 (mm/page_alloc: add an array-based interface to the bulk page allocator)
> >> Signed-off-by: Rasmus Villemoes <linux@...musvillemoes.dk>
> > 
> > Acked-by: Mel Gorman <mgorman@...hsingularity.net>
> > 
> 
> Andrew, will you get this to Linus before 5.13 is released? I got a mail
> on May 9 that it had been added to your queue, but I don't see it in
> master yet.

I had it queued for 5.14-rc1.

I'll move it into the 5.13 queue as it fixes a post-5.12 thing, but
nothing in the changelog indicates that it's at all urgent?  Was the
changelog missing some important info?

: In the event that somebody would call this with an already fully populated
: page_array, the last loop iteration would do an access beyond the end of
: page_array.
: 
: It's of course extremely unlikely that would ever be done, but this
: triggers my internal static analyzer.  Also, if it really is not supposed
: to be invoked this way (i.e., with no NULL entries in page_array), the
: nr_populated<nr_pages check could simply be removed instead.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ