[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20250804002747.3617039-17-sashal@kernel.org>
Date: Sun, 3 Aug 2025 20:26:44 -0400
From: Sasha Levin <sashal@...nel.org>
To: patches@...ts.linux.dev,
stable@...r.kernel.org
Cc: Tiffany Yang <ynaffit@...gle.com>,
Carlos Llamas <cmllamas@...gle.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Sasha Levin <sashal@...nel.org>,
arve@...roid.com,
tkjos@...roid.com,
maco@...roid.com,
joelagnelf@...dia.com,
surenb@...gle.com,
linux-kernel@...r.kernel.org
Subject: [PATCH AUTOSEL 6.15 17/80] binder: Fix selftest page indexing
From: Tiffany Yang <ynaffit@...gle.com>
[ Upstream commit bea3e7bfa2957d986683543cbf57092715f9a91b ]
The binder allocator selftest was only checking the last page of buffers
that ended on a page boundary. Correct the page indexing to account for
buffers that are not page-aligned.
Signed-off-by: Tiffany Yang <ynaffit@...gle.com>
Acked-by: Carlos Llamas <cmllamas@...gle.com>
Link: https://lore.kernel.org/r/20250714185321.2417234-2-ynaffit@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
LLM Generated explanations, may be completely bogus:
**Backport Status: YES**
This commit fixes a genuine bug in the binder allocator selftest that
causes incorrect page boundary checking. The bug is an off-by-one error
in the page indexing calculation.
**Detailed Analysis:**
1. **Bug Description**: The original code uses `i < end / PAGE_SIZE`
which misses checking the last page when buffers end exactly on a
page boundary. For example:
- If `end = 8192` (exactly 2 pages), `end / PAGE_SIZE = 2`, so the
loop checks pages 0 and 1
- However, when a buffer ends at byte 8192, it actually spans into
the third page (pages 0, 1, and 2)
- The fix `i <= (end - 1) / PAGE_SIZE` correctly calculates the last
page index
2. **Impact**: This bug causes the selftest to skip validation of the
last page for buffers that end on page boundaries, potentially
missing memory allocation issues that the selftest is designed to
catch.
3. **Fix Quality**: The fix is minimal (single line change),
mathematically correct, and focused solely on fixing the indexing bug
without introducing new functionality.
4. **Backport Criteria Met**:
- **Bug fix**: Yes - fixes incorrect test coverage
- **Small and contained**: Yes - single line change in selftest code
- **No architectural changes**: Yes - simple indexing fix
- **Minimal regression risk**: Yes - only affects selftest code, not
production binder functionality
- **Clear benefit**: Yes - ensures proper testing coverage for memory
allocation
5. **Additional Evidence**:
- The commit is acked by Carlos Llamas, a binder maintainer
- The fix is in selftest code, which has lower risk than production
code changes
- The mathematical correction is straightforward and verifiable
This is an ideal candidate for stable backporting as it fixes a testing
gap that could allow memory allocation bugs to go undetected in stable
kernels.
drivers/android/binder_alloc_selftest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/android/binder_alloc_selftest.c b/drivers/android/binder_alloc_selftest.c
index c88735c54848..486af3ec3c02 100644
--- a/drivers/android/binder_alloc_selftest.c
+++ b/drivers/android/binder_alloc_selftest.c
@@ -142,12 +142,12 @@ static void binder_selftest_free_buf(struct binder_alloc *alloc,
for (i = 0; i < BUFFER_NUM; i++)
binder_alloc_free_buf(alloc, buffers[seq[i]]);
- for (i = 0; i < end / PAGE_SIZE; i++) {
/**
* Error message on a free page can be false positive
* if binder shrinker ran during binder_alloc_free_buf
* calls above.
*/
+ for (i = 0; i <= (end - 1) / PAGE_SIZE; i++) {
if (list_empty(page_to_lru(alloc->pages[i]))) {
pr_err_size_seq(sizes, seq);
pr_err("expect lru but is %s at page index %d\n",
--
2.39.5
Powered by blists - more mailing lists