On Wed, 2013-11-20 at 22:16 +0000, Al Viro wrote:
> While digging in the same area:
>
> Wrong page freed on preallocate_pmds() failure exit
>
> Note that pmds[i] is simply uninitialized at that point...
> Granted, it's very hard to hit (you need split page locks
> *and* kmalloc(sizeof(spinlock_t), GFP_KERNEL) failing),
> but the code is obviously bogus.
>
> Signed-off-by: Al Viro <[email protected]>
> ---
> diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
> index a7cccb6d..36aa999 100644
> --- a/arch/x86/mm/pgtable.c
> +++ b/arch/x86/mm/pgtable.c
> @@ -209,7 +209,7 @@ static int preallocate_pmds(pmd_t *pmds[])
> if (!pmd)
> failed = true;
> if (pmd && !pgtable_pmd_page_ctor(virt_to_page(pmd))) {
> - free_page((unsigned long)pmds[i]);
> + free_page((unsigned long)pmd);
> pmd = NULL;
> failed = true;
> }
trivia: It'd probably read better with an else too
if (!pmd) {
failed = true;
} else if (!pgtable_pmd_page_ctor(virt_to_page(pmd))) {
etc...
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
