From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CEE21FC6197 for ; Fri, 8 Nov 2019 20:44:20 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 81E3620674 for ; Fri, 8 Nov 2019 20:44:20 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=lca.pw header.i=@lca.pw header.b="rKeQu1Zi" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 81E3620674 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=lca.pw Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 282D26B0003; Fri, 8 Nov 2019 15:44:20 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 234096B0006; Fri, 8 Nov 2019 15:44:20 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 149F56B0007; Fri, 8 Nov 2019 15:44:20 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0153.hostedemail.com [216.40.44.153]) by kanga.kvack.org (Postfix) with ESMTP id 007536B0003 for ; Fri, 8 Nov 2019 15:44:19 -0500 (EST) Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with SMTP id A672F2DFA for ; Fri, 8 Nov 2019 20:44:19 +0000 (UTC) X-FDA: 76134287838.21.rifle39_7d069646b3303 X-HE-Tag: rifle39_7d069646b3303 X-Filterd-Recvd-Size: 4730 Received: from mail-qt1-f196.google.com (mail-qt1-f196.google.com [209.85.160.196]) by imf42.hostedemail.com (Postfix) with ESMTP for ; Fri, 8 Nov 2019 20:44:19 +0000 (UTC) Received: by mail-qt1-f196.google.com with SMTP id y39so8008143qty.0 for ; Fri, 08 Nov 2019 12:44:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lca.pw; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=+x5g1UVg7HX2xGAQ0OJa7E0znsv6MEg8H6qRGEA46KQ=; b=rKeQu1ZisiH1z4nG/Spx3Hk5NI7OH7ghWVVE4sJnGjupBFTUb0/cXDmc9WqVGLNgsG 9xiS6GWqUeOvlke3Xd8+2imV2vlrx4dxiG5s7/4la0ZDYNCrhcC084LahTpo0+lwN85G K5U6U0mLGthyDy/l6qk4yji+GJEmXY4OaFD527GpqiJy/F83NKDgRM6+NiD9xiaeOa2S JOTXb6/dyb+AcZipK9q1SMW/PGTQ+KV0XtGZB9Nfs/u/0wSc+Sl7Bg1VfBkVE16Qtp7O saY+Ml0JLyAYbZiW/eX2UOIVkAcpv2AQ0O+WSAzhRvqUjpyNVq9oJR6OUGdkXzeWlk7w eYeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=+x5g1UVg7HX2xGAQ0OJa7E0znsv6MEg8H6qRGEA46KQ=; b=lPNnA5Lmfts4QzgtY1nCxywJXfb5RP71M0lDPSldlQ7XwYrI8q6hsHgizVedVBFawv SKn2HwT5iaZCw+XpmW7/YOHbHN7RAHxpNGwTqsBVfQW9Qgh3T2hxIS4mlvK8V3zWkQ0+ SqXjM+E6i8Rn+AjSShNv1XZPe48z9lgMU0ImyUrjJRxfRNfZMAbDxPQaQCBxD9ayjl2m OdQ+88HEEe/rjfswq6UuSsuVQDId3Zmrc6qQ66Z9ouGlxuCnluM3Uxeb4OSBw+OVurIW XvbP5Sn23ysXXYLQ1ZDvOOkvFpsG8/ZRtbB2624Nu0XbVSnZ7Eg+myyIu5wz1U5dZLi5 TLnw== X-Gm-Message-State: APjAAAXpVorl66a9DQLmZKqAso4ZWSTHA0x9Qs6CgxFa7MegnMBgD0W6 R6nII4BU6l2FPWLBGs2BMr+BwQ== X-Google-Smtp-Source: APXvYqw//vDNtVmESgIvld+GVVJAa8OFASSIYuyNEbIaC229uB5fxFRo2kZDfigEVv3+zsL1IKATgw== X-Received: by 2002:ac8:2fda:: with SMTP id m26mr13159952qta.374.1573245858287; Fri, 08 Nov 2019 12:44:18 -0800 (PST) Received: from ovpn-124-239.rdu2.redhat.com (pool-71-184-117-43.bstnma.fios.verizon.net. [71.184.117.43]) by smtp.gmail.com with ESMTPSA id s75sm3602579qke.14.2019.11.08.12.44.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Nov 2019 12:44:17 -0800 (PST) From: Qian Cai To: akpm@linux-foundation.org Cc: mhocko@suse.com, hannes@cmpxchg.org, guro@fb.com, linux-mm@kvack.org, cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, Qian Cai Subject: [PATCH -next] mm/vmscan: fix an undefined behavior for zone id Date: Fri, 8 Nov 2019 15:44:07 -0500 Message-Id: <20191108204407.1435-1-cai@lca.pw> X-Mailer: git-send-email 2.21.0 (Apple Git-122.2) MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000024, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The -next commit "mm: vmscan: simplify lruvec_lru_size()" [1] introduced an undefined behavior as zone_idx could equal to MAX_NR_ZONES, and then zid is then out of range. [ 5399.483257] LTP: starting mtest01w (mtest01 -p80 -w) [ 5400.245051] =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D [ 5400.255784] UBSAN: Undefined behaviour in ./include/linux/memcontrol.h= :536:26 [ 5400.265235] index 5 is out of range for type 'long unsigned int [5][5]= ' [ 5400.273925] CPU: 28 PID: 455 Comm: kswapd7 Tainted: G W = 5.4.0-rc6-next-20191108 #3 [ 5400.285461] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen= 10, BIOS A40 07/10/2019 [ 5400.295784] Call Trace: [ 5400.299483] dump_stack+0x7a/0xaa [ 5400.304052] ubsan_epilogue+0x9/0x26 [ 5400.309180] __ubsan_handle_out_of_bounds.cold.13+0x2b/0x36 [ 5400.316192] inactive_list_is_low+0x8bb/0x9f0 [ 5400.321952] balance_pgdat+0x252/0x7d0 [ 5400.327006] kswapd+0x251/0x590 [ 5400.331725] ? finish_wait+0x90/0x90 [ 5400.336574] kthread+0x12a/0x140 [ 5400.341102] ? balance_pgdat+0x7d0/0x7d0 [ 5400.346330] ? kthread_create_worker_on_cpu+0x70/0x70 [ 5400.352810] ret_from_fork+0x27/0x50 [1] https://lore.kernel.org/linux-mm/20191022144803.302233-2-hannes@cmpxc= hg.org/ Signed-off-by: Qian Cai --- mm/vmscan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/vmscan.c b/mm/vmscan.c index d97985262dda..9485b80d6b5b 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -317,7 +317,7 @@ unsigned long lruvec_lru_size(struct lruvec *lruvec, = enum lru_list lru, int zone unsigned long size =3D 0; int zid; =20 - for (zid =3D 0; zid <=3D zone_idx; zid++) { + for (zid =3D 0; zid < zone_idx; zid++) { struct zone *zone =3D &lruvec_pgdat(lruvec)->node_zones[zid]; =20 if (!managed_zone(zone)) --=20 2.21.0 (Apple Git-122.2)