Commit 7b3c13a8 authored by Hyesoo Yu's avatar Hyesoo Yu Committed by Liu Shixin
Browse files

mm: page_alloc: check the order of compound page even when the order is zero 

mainline inclusion
from mainline-v6.7-rc1
commit 76f26535d1446373d4735a252ea4247c39d64ba6
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I9CXS6
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76f26535d1446373d4735a252ea4247c39d64ba6

--------------------------------

For compound pages, the head sets the PG_head flag and the tail sets the
compound_head to indicate the head page.  If a user allocates a compound
page and frees it with a different order, the compound page information
will not be properly initialized.  To detect this problem,
compound_order(page) and the order argument are compared, but this is not
checked when the order argument is zero.  That error should be checked
regardless of the order.

Link: https://lkml.kernel.org/r/20231023083217.1866451-1-hyesoo.yu@samsung.com


Signed-off-by: default avatarHyesoo Yu <hyesoo.yu@samsung.com>
Reviewed-by: default avatarVishal Moola (Oracle) <vishal.moola@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLiu Shixin <liushixin2@huawei.com>
parent 61bd8353

mm/page_alloc.c

+3 −3
Original line number Diff line number Diff line
@@ -1086,6 +1086,7 @@ static __always_inline bool free_pages_prepare(struct page *page, 
	int bad = 0;

	bool skip_kasan_poison = should_skip_kasan_poison(page, fpi_flags);

	bool init = want_init_on_free();

	bool compound = PageCompound(page);



	VM_BUG_ON_PAGE(PageTail(page), page);
@@ -1104,16 +1105,15 @@ static __always_inline bool free_pages_prepare(struct page *page, 
		return false;

	}



	VM_BUG_ON_PAGE(compound && compound_order(page) != order, page);



	/*

	 * Check tail pages before head page information is cleared to

	 * avoid checking PageCompound for order-0 pages.

	 */

	if (unlikely(order)) {

		bool compound = PageCompound(page);

		int i;



		VM_BUG_ON_PAGE(compound && compound_order(page) != order, page);



		if (compound)

			page[1].flags &= ~PAGE_FLAGS_SECOND;

		for (i = 1; i < (1 << order); i++) {