Commit 77d1f4f9 authored Feb 05, 2025 by Liu Shixin

mm/compaction: fix UBSAN shift-out-of-bounds warning

mainline inclusion
from mainline-v6.14-rc1
commit d1366e74342e75555af2648a2964deb2d5c92200
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IBK3VP
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1366e74342e75555af2648a2964deb2d5c92200

--------------------------------

syzkaller reported a UBSAN shift-out-of-bounds warning of (1UL << order)
in isolate_freepages_block().  The bogus compound_order can be any value
because it is union with flags.  Add back the MAX_PAGE_ORDER check to fix
the warning.

Link: https://lkml.kernel.org/r/20250123021029.2826736-1-liushixin2@huawei.com


Fixes: 3da0272a4c7d ("mm/compaction: correctly return failure with bogus compound_order in strict mode")
Signed-off-by: Liu Shixin <liushixin2@huawei.com>
Reviewed-by: Kemeng Shi <shikemeng@huaweicloud.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Kemeng Shi <shikemeng@huaweicloud.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Nanyong Sun <sunnanyong@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Conflicts:
	mm/compaction.c
[ This is partial revert of commit 343e35e5. ]
Signed-off-by: Liu Shixin <liushixin2@huawei.com>

parent da51139d

mm/compaction.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -476,7 +476,8 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
		if (PageCompound(page)) {
		const unsigned int order = compound_order(page);

		if (blockpfn + (1UL << order) <= end_pfn) {
		if (likely(order < MAX_ORDER) &&
		(blockpfn + (1UL << order) <= end_pfn)) {
		blockpfn += (1UL << order) - 1;
		cursor += (1UL << order) - 1;
		}