hugetlb: remove use of list iterator variable after loop
In preparation to limit the scope of the list iterator to the list traversal loop, use a dedicated pointer to iterate through the list [1]. Before hugetlb_resv_map_add() was expecting a file_region struct, but in case the list iterator in add_reservation_in_range() did not exit early, the variable passed in, is not actually a valid structure. In such a case 'rg' is computed on the head element of the list and represents an out-of-bounds pointer. This still remains safe *iff* you only use the link member (as it is done in hugetlb_resv_map_add()). To avoid the type-confusion altogether and limit the list iterator to the loop, only a list_head pointer is kept to pass to hugetlb_resv_map_add(). Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ [1] Link: https://lkml.kernel.org/r/20220331224323.903842-1-jakobkoschel@gmail.com Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Mike Rapoport <rppt@kernel.org> Cc: "Brian Johannesmeyer" <bjohannesmeyer@gmail.com> Cc: Cristiano Giuffrida <c.giuffrida@vu.nl> Cc: "Bos, H.J." <h.j.bos@vu.nl> Cc: Jakob Koschel <jakobkoschel@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
This commit is contained in:
parent
b283d983a7
commit
84448c8ecd
33
mm/hugetlb.c
33
mm/hugetlb.c
|
@ -370,7 +370,7 @@ static void coalesce_file_region(struct resv_map *resv, struct file_region *rg)
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline long
|
static inline long
|
||||||
hugetlb_resv_map_add(struct resv_map *map, struct file_region *rg, long from,
|
hugetlb_resv_map_add(struct resv_map *map, struct list_head *rg, long from,
|
||||||
long to, struct hstate *h, struct hugetlb_cgroup *cg,
|
long to, struct hstate *h, struct hugetlb_cgroup *cg,
|
||||||
long *regions_needed)
|
long *regions_needed)
|
||||||
{
|
{
|
||||||
|
@ -379,7 +379,7 @@ hugetlb_resv_map_add(struct resv_map *map, struct file_region *rg, long from,
|
||||||
if (!regions_needed) {
|
if (!regions_needed) {
|
||||||
nrg = get_file_region_entry_from_cache(map, from, to);
|
nrg = get_file_region_entry_from_cache(map, from, to);
|
||||||
record_hugetlb_cgroup_uncharge_info(cg, h, map, nrg);
|
record_hugetlb_cgroup_uncharge_info(cg, h, map, nrg);
|
||||||
list_add(&nrg->link, rg->link.prev);
|
list_add(&nrg->link, rg);
|
||||||
coalesce_file_region(map, nrg);
|
coalesce_file_region(map, nrg);
|
||||||
} else
|
} else
|
||||||
*regions_needed += 1;
|
*regions_needed += 1;
|
||||||
|
@ -402,47 +402,52 @@ static long add_reservation_in_range(struct resv_map *resv, long f, long t,
|
||||||
long add = 0;
|
long add = 0;
|
||||||
struct list_head *head = &resv->regions;
|
struct list_head *head = &resv->regions;
|
||||||
long last_accounted_offset = f;
|
long last_accounted_offset = f;
|
||||||
struct file_region *rg = NULL, *trg = NULL;
|
struct file_region *iter, *trg = NULL;
|
||||||
|
struct list_head *rg = NULL;
|
||||||
|
|
||||||
if (regions_needed)
|
if (regions_needed)
|
||||||
*regions_needed = 0;
|
*regions_needed = 0;
|
||||||
|
|
||||||
/* In this loop, we essentially handle an entry for the range
|
/* In this loop, we essentially handle an entry for the range
|
||||||
* [last_accounted_offset, rg->from), at every iteration, with some
|
* [last_accounted_offset, iter->from), at every iteration, with some
|
||||||
* bounds checking.
|
* bounds checking.
|
||||||
*/
|
*/
|
||||||
list_for_each_entry_safe(rg, trg, head, link) {
|
list_for_each_entry_safe(iter, trg, head, link) {
|
||||||
/* Skip irrelevant regions that start before our range. */
|
/* Skip irrelevant regions that start before our range. */
|
||||||
if (rg->from < f) {
|
if (iter->from < f) {
|
||||||
/* If this region ends after the last accounted offset,
|
/* If this region ends after the last accounted offset,
|
||||||
* then we need to update last_accounted_offset.
|
* then we need to update last_accounted_offset.
|
||||||
*/
|
*/
|
||||||
if (rg->to > last_accounted_offset)
|
if (iter->to > last_accounted_offset)
|
||||||
last_accounted_offset = rg->to;
|
last_accounted_offset = iter->to;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* When we find a region that starts beyond our range, we've
|
/* When we find a region that starts beyond our range, we've
|
||||||
* finished.
|
* finished.
|
||||||
*/
|
*/
|
||||||
if (rg->from >= t)
|
if (iter->from >= t) {
|
||||||
|
rg = iter->link.prev;
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
/* Add an entry for last_accounted_offset -> rg->from, and
|
/* Add an entry for last_accounted_offset -> iter->from, and
|
||||||
* update last_accounted_offset.
|
* update last_accounted_offset.
|
||||||
*/
|
*/
|
||||||
if (rg->from > last_accounted_offset)
|
if (iter->from > last_accounted_offset)
|
||||||
add += hugetlb_resv_map_add(resv, rg,
|
add += hugetlb_resv_map_add(resv, iter->link.prev,
|
||||||
last_accounted_offset,
|
last_accounted_offset,
|
||||||
rg->from, h, h_cg,
|
iter->from, h, h_cg,
|
||||||
regions_needed);
|
regions_needed);
|
||||||
|
|
||||||
last_accounted_offset = rg->to;
|
last_accounted_offset = iter->to;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Handle the case where our range extends beyond
|
/* Handle the case where our range extends beyond
|
||||||
* last_accounted_offset.
|
* last_accounted_offset.
|
||||||
*/
|
*/
|
||||||
|
if (!rg)
|
||||||
|
rg = head->prev;
|
||||||
if (last_accounted_offset < t)
|
if (last_accounted_offset < t)
|
||||||
add += hugetlb_resv_map_add(resv, rg, last_accounted_offset,
|
add += hugetlb_resv_map_add(resv, rg, last_accounted_offset,
|
||||||
t, h, h_cg, regions_needed);
|
t, h, h_cg, regions_needed);
|
||||||
|
|
Loading…
Reference in New Issue