diff options
author | Miaohe Lin <linmiaohe@huawei.com> | 2021-06-30 18:50:27 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-06-30 20:47:28 -0700 |
commit | 014284a0815f6b9a6e10c8d575d37a5357ce033d (patch) | |
tree | 7c6bcfdf892c9c32c5db5f19f141e6d87d305804 /mm/z3fold.c | |
parent | e3c0db4fec46b46a0c22b46bb55392b36ec940fc (diff) | |
download | lwn-014284a0815f6b9a6e10c8d575d37a5357ce033d.tar.gz lwn-014284a0815f6b9a6e10c8d575d37a5357ce033d.zip |
mm/z3fold: avoid possible underflow in z3fold_alloc()
It is not enough to just make sure the z3fold header is not larger than
the page size. When z3fold header is equal to PAGE_SIZE, we would
underflow when check alloc size against PAGE_SIZE - ZHDR_SIZE_ALIGNED -
CHUNK_SIZE in z3fold_alloc(). Make sure there has remaining spaces for
its buddy to fix this theoretical issue.
Link: https://lkml.kernel.org/r/20210619093151.1492174-3-linmiaohe@huawei.com
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Reviewed-by: Vitaly Wool <vitaly.wool@konsulko.com>
Cc: Hillf Danton <hdanton@sina.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'mm/z3fold.c')
-rw-r--r-- | mm/z3fold.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/mm/z3fold.c b/mm/z3fold.c index 0d0b81637f84..64ddf864d5ee 100644 --- a/mm/z3fold.c +++ b/mm/z3fold.c @@ -1803,8 +1803,11 @@ static int __init init_z3fold(void) { int ret; - /* Make sure the z3fold header is not larger than the page size */ - BUILD_BUG_ON(ZHDR_SIZE_ALIGNED > PAGE_SIZE); + /* + * Make sure the z3fold header is not larger than the page size and + * there has remaining spaces for its buddy. + */ + BUILD_BUG_ON(ZHDR_SIZE_ALIGNED > PAGE_SIZE - CHUNK_SIZE); ret = z3fold_mount(); if (ret) return ret; |