vm_phys: Make sure that vm_phys_enq_chunk() stays in bounds
ClosedPublic
Actions

Authored by markj on Jun 14 2024, 4:03 PM.

Tags

None

Referenced Files

	F153156809: D45596.diff
	Sun, Apr 19, 12:44 PM

	F153097304: D45596.diff
	Sun, Apr 19, 3:15 AM

	Unknown Object (File)
	Fri, Apr 3, 11:26 PM

	Unknown Object (File)
	Fri, Apr 3, 10:50 AM

	Unknown Object (File)
	Thu, Apr 2, 9:54 AM

	Unknown Object (File)
	Mon, Mar 30, 4:26 PM

	Unknown Object (File)
	Sun, Mar 29, 9:24 PM

	Unknown Object (File)
	Fri, Mar 27, 11:36 PM

View All 80 Files

Subscribers

imp

Details

Reviewers

alc
dougm
kib

Summary

vm_phys_enq_chunk() inserts a run of pages into the buddy queues. When
lazy initialization is enabled, only the first page of each run is
initialized; vm_phys_enq_chunk() thus initializes the page following the
just-inserted run.

This fails to account for the possibility that the page following the
run doesn't belong to the segment. Handle that in vm_phys_enq_chunk().

Reported by: KASAN
Reported by: syzbot+1097ef4cee8dfb240e31@syzkaller.appspotmail.com
Fixes: b16b4c22d2d1 ("vm_page: Implement lazy page initialization")