From: Chuck Lever chuck.lever@oracle.com
mainline inclusion from mainline-5.14-rc2 commit 061478438d04779181c2ce4d7ffeeca343a70a98 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I3ZVL2 CVE: NA
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
-------------------------------------------------
The author of commit b3b64ebd3822 ("mm/page_alloc: do bulk array bounds check after checking populated elements") was possibly confused by the mixture of return values throughout the function.
The API contract is clear that the function "Returns the number of pages on the list or array." It does not list zero as a unique return value with a special meaning. Therefore zero is a plausible return value only if @nr_pages is zero or less.
Clean up the return logic to make it clear that the returned value is always the total number of pages in the array/list, not the number of pages that were allocated during this call.
The only change in behavior with this patch is the value returned if prepare_alloc_pages() fails. To match the API contract, the number of pages currently in the array/list is returned in this case.
The call site in __page_pool_alloc_pages_slow() also seems to be confused on this matter. It should be attended to by someone who is familiar with that code.
[mel@techsingularity.net: Return nr_populated if 0 pages are requested]
Link: https://lkml.kernel.org/r/20210713152100.10381-4-mgorman@techsingularity.net Signed-off-by: Chuck Lever chuck.lever@oracle.com Signed-off-by: Mel Gorman mgorman@techsingularity.net Acked-by: Jesper Dangaard Brouer brouer@redhat.com Cc: Desmond Cheong Zhi Xi desmondcheongzx@gmail.com Cc: Zhang Qiang Qiang.Zhang@windriver.com Cc: Yanfei Xu yanfei.xu@windriver.com Cc: Matteo Croce mcroce@microsoft.com Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org (cherry picked from commit 061478438d04779181c2ce4d7ffeeca343a70a98) Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com Reviewed-by: tong tiangen tongtiangen@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- mm/page_alloc.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 090c23060be8..a5adfda63ff5 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -4953,9 +4953,6 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, unsigned int alloc_flags = ALLOC_WMARK_LOW; int nr_populated = 0;
- if (unlikely(nr_pages <= 0)) - return 0; - /* * Skip populated array elements to determine if any pages need * to be allocated before disabling IRQs. @@ -4963,9 +4960,13 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, while (page_array && nr_populated < nr_pages && page_array[nr_populated]) nr_populated++;
+ /* No pages requested? */ + if (unlikely(nr_pages <= 0)) + goto out; + /* Already populated array? */ if (unlikely(page_array && nr_pages - nr_populated == 0)) - return nr_populated; + goto out;
/* Use the single page allocator for one page. */ if (nr_pages - nr_populated == 1) @@ -4987,7 +4988,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, gfp &= gfp_allowed_mask; alloc_gfp = gfp; if (!prepare_alloc_pages(gfp, 0, preferred_nid, nodemask, &ac, &alloc_gfp, &alloc_flags)) - return nr_populated; + goto out; gfp = alloc_gfp;
/* Find an allowed local zone that meets the low watermark. */ @@ -5060,6 +5061,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid,
local_irq_restore(flags);
+out: return nr_populated;
failed_irq: @@ -5075,7 +5077,7 @@ unsigned long __alloc_pages_bulk(gfp_t gfp, int preferred_nid, nr_populated++; }
- return nr_populated; + goto out; } EXPORT_SYMBOL_GPL(__alloc_pages_bulk);