diff options
| author | Huang Shijie <sjhuang@iluvatar.ai> | 2020-12-30 02:14:58 +0300 | 
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-30 02:36:49 +0300 | 
| commit | 36845663843fc59c5d794e3dc0641472e3e572da (patch) | |
| tree | 5b17c31ce958ea18183a17cad58f7f3bd31d3c47 /net/lapb/lapb_out.c | |
| parent | aa8c7db494d0a83ecae583aa193f1134ef25d506 (diff) | |
| download | linux-36845663843fc59c5d794e3dc0641472e3e572da.tar.xz | |
lib/genalloc: fix the overflow when size is too big
Some graphic card has very big memory on chip, such as 32G bytes.
In the following case, it will cause overflow:
    pool = gen_pool_create(PAGE_SHIFT, NUMA_NO_NODE);
    ret = gen_pool_add(pool, 0x1000000, SZ_32G, NUMA_NO_NODE);
    va = gen_pool_alloc(pool, SZ_4G);
The overflow occurs in gen_pool_alloc_algo_owner():
		....
		size = nbits << order;
		....
The @nbits is "int" type, so it will overflow.
Then the gen_pool_avail() will return the wrong value.
This patch converts some "int" to "unsigned long", and
changes the compare code in while.
Link: https://lkml.kernel.org/r/20201229060657.3389-1-sjhuang@iluvatar.ai
Signed-off-by: Huang Shijie <sjhuang@iluvatar.ai>
Reported-by: Shi Jiasheng <jiasheng.shi@iluvatar.ai>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'net/lapb/lapb_out.c')
0 files changed, 0 insertions, 0 deletions
