vm_phys: Make sure that vm_phys_enq_chunk() stays in bounds
ClosedPublic
Actions

Authored by markj on Jun 14 2024, 4:03 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Mon, Oct 13, 12:35 AM

	Unknown Object (File)
	Tue, Sep 23, 7:13 AM

	Unknown Object (File)
	Sat, Sep 20, 11:51 AM

	Unknown Object (File)
	Aug 27 2025, 11:55 PM

	Unknown Object (File)
	Aug 27 2025, 1:07 PM

	Unknown Object (File)
	Aug 26 2025, 5:05 AM

	Unknown Object (File)
	Jul 29 2025, 3:34 AM

	Unknown Object (File)
	Jul 26 2025, 9:19 AM

View All 53 Files

Subscribers

imp

Details

Reviewers

alc
dougm
kib

Summary

vm_phys_enq_chunk() inserts a run of pages into the buddy queues. When
lazy initialization is enabled, only the first page of each run is
initialized; vm_phys_enq_chunk() thus initializes the page following the
just-inserted run.

This fails to account for the possibility that the page following the
run doesn't belong to the segment. Handle that in vm_phys_enq_chunk().

Reported by: KASAN
Reported by: syzbot+1097ef4cee8dfb240e31@syzkaller.appspotmail.com
Fixes: b16b4c22d2d1 ("vm_page: Implement lazy page initialization")