diff options
| author | David Laight <david.laight@aculab.com> | 2023-09-07 12:42:20 +0000 |
|---|---|---|
| committer | Vlastimil Babka <vbabka@suse.cz> | 2023-09-20 14:50:22 +0200 |
| commit | 8446a4deb6b6bc998f1d8d2a85d1a0c64b9e3a71 (patch) | |
| tree | d2328f88fff10b31518676171782cd11237c0191 /mm/mapping_dirty_helpers.c | |
| parent | 46a9ea6681907a3be6b6b0d43776dccc62cad6cf (diff) | |
slab: kmalloc_size_roundup() must not return 0 for non-zero size
The typical use of kmalloc_size_roundup() is:
ptr = kmalloc(sz = kmalloc_size_roundup(size), ...);
if (!ptr) return -ENOMEM.
This means it is vitally important that the returned value isn't less
than the argument even if the argument is insane.
In particular if kmalloc_slab() fails or the value is above
(MAX_ULONG - PAGE_SIZE) zero is returned and kmalloc() will return
its single zero-length buffer ZERO_SIZE_PTR.
Fix this by returning the input size if the size exceeds
KMALLOC_MAX_SIZE. kmalloc() will then return NULL as the size really is
too big.
kmalloc_slab() should not normally return NULL, unless called too early.
Again, returning zero is not the correct action as it can be in some
usage scenarios stored to a variable and only later cause kmalloc()
return ZERO_SIZE_PTR and subsequent crashes on access. Instead we can
simply stop checking the kmalloc_slab() result completely, as calling
kmalloc_size_roundup() too early would then result in an immediate crash
during boot and the developer noticing an issue in their code.
[vbabka@suse.cz: remove kmalloc_slab() result check, tweak comments and
commit log]
Fixes: 05a940656e1e ("slab: Introduce kmalloc_size_roundup()")
Signed-off-by: David Laight <david.laight@aculab.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Diffstat (limited to 'mm/mapping_dirty_helpers.c')
0 files changed, 0 insertions, 0 deletions