From: Wei Yang Date: Wed, 22 Feb 2017 23:45:07 +0000 (-0800) Subject: mm/memblock.c: check return value of memblock_reserve() in memblock_virt_alloc_internal() X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=7d41c03e2dc6a650f69655a42c0ddb72a7c121bf;p=openwrt%2Fstaging%2Fblogic.git mm/memblock.c: check return value of memblock_reserve() in memblock_virt_alloc_internal() memblock_reserve() would add a new range to memblock.reserved in case the new range is not totally covered by any of the current memblock.reserved range. If the memblock.reserved is full and can't resize, memblock_reserve() would fail. This doesn't happen in real world now, I observed this during code review. While theoretically, it has the chance to happen. And if it happens, others would think this range of memory is still available and may corrupt the memory. This patch checks the return value and goto "done" after it succeeds. Link: http://lkml.kernel.org/r/1482363033-24754-3-git-send-email-richard.weiyang@gmail.com Signed-off-by: Wei Yang Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/mm/memblock.c b/mm/memblock.c index 90171d508b09..d105d6c81d53 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -1299,18 +1299,17 @@ static void * __init memblock_virt_alloc_internal( if (max_addr > memblock.current_limit) max_addr = memblock.current_limit; - again: alloc = memblock_find_in_range_node(size, align, min_addr, max_addr, nid, flags); - if (alloc) + if (alloc && !memblock_reserve(alloc, size)) goto done; if (nid != NUMA_NO_NODE) { alloc = memblock_find_in_range_node(size, align, min_addr, max_addr, NUMA_NO_NODE, flags); - if (alloc) + if (alloc && !memblock_reserve(alloc, size)) goto done; } @@ -1328,7 +1327,6 @@ again: return NULL; done: - memblock_reserve(alloc, size); ptr = phys_to_virt(alloc); memset(ptr, 0, size);