| Message ID | 456a021c7ef3636d7668cec9dcb4a446a4244812.1609855564.git.jstancek@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | mm: migrate: initialize err in do_migrate_pages | expand |
On Tue 05-01-21 15:14:20, Jan Stancek wrote: > After commit 236c32eb1096 ("mm: migrate: clean up migrate_prep{_local}")', > do_migrate_pages can return uninitialized variable 'err' (which is > propagated to user-space as error) when 'from' and 'to' nodesets > are identical. This can be reproduced with LTP migrate_pages01, > which calls migrate_pages() with same set for both old/new_nodes. > > Add 'err' initialization back. > > Fixes: 236c32eb1096 ("mm: migrate: clean up migrate_prep{_local}") > Cc: Zi Yan <ziy@nvidia.com> > Cc: Yang Shi <shy828301@gmail.com> > Cc: Jan Kara <jack@suse.cz> > Cc: Matthew Wilcox <willy@infradead.org> > Cc: Mel Gorman <mgorman@suse.de> > Cc: Michal Hocko <mhocko@suse.com> > Cc: Song Liu <songliubraving@fb.com> > Cc: Andrew Morton <akpm@linux-foundation.org> > Signed-off-by: Jan Stancek <jstancek@redhat.com> Acked-by: Michal Hocko <mhocko@suse.com> Thanks! > --- > mm/mempolicy.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/mempolicy.c b/mm/mempolicy.c > index 8cf96bd21341..2c3a86502053 100644 > --- a/mm/mempolicy.c > +++ b/mm/mempolicy.c > @@ -1111,7 +1111,7 @@ int do_migrate_pages(struct mm_struct *mm, const nodemask_t *from, > const nodemask_t *to, int flags) > { > int busy = 0; > - int err; > + int err = 0; > nodemask_t tmp; > > migrate_prep(); > -- > 2.18.1 >
On Tue, Jan 5, 2021 at 6:14 AM Jan Stancek <jstancek@redhat.com> wrote: > > After commit 236c32eb1096 ("mm: migrate: clean up migrate_prep{_local}")', > do_migrate_pages can return uninitialized variable 'err' (which is > propagated to user-space as error) when 'from' and 'to' nodesets > are identical. This can be reproduced with LTP migrate_pages01, > which calls migrate_pages() with same set for both old/new_nodes. > > Add 'err' initialization back. Thanks for catching this. Acked-by: Yang Shi <shy828301@gmail.com> > > Fixes: 236c32eb1096 ("mm: migrate: clean up migrate_prep{_local}") > Cc: Zi Yan <ziy@nvidia.com> > Cc: Yang Shi <shy828301@gmail.com> > Cc: Jan Kara <jack@suse.cz> > Cc: Matthew Wilcox <willy@infradead.org> > Cc: Mel Gorman <mgorman@suse.de> > Cc: Michal Hocko <mhocko@suse.com> > Cc: Song Liu <songliubraving@fb.com> > Cc: Andrew Morton <akpm@linux-foundation.org> > Signed-off-by: Jan Stancek <jstancek@redhat.com> > --- > mm/mempolicy.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/mempolicy.c b/mm/mempolicy.c > index 8cf96bd21341..2c3a86502053 100644 > --- a/mm/mempolicy.c > +++ b/mm/mempolicy.c > @@ -1111,7 +1111,7 @@ int do_migrate_pages(struct mm_struct *mm, const nodemask_t *from, > const nodemask_t *to, int flags) > { > int busy = 0; > - int err; > + int err = 0; > nodemask_t tmp; > > migrate_prep(); > -- > 2.18.1 >
diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 8cf96bd21341..2c3a86502053 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1111,7 +1111,7 @@ int do_migrate_pages(struct mm_struct *mm, const nodemask_t *from, const nodemask_t *to, int flags) { int busy = 0; - int err; + int err = 0; nodemask_t tmp; migrate_prep();
After commit 236c32eb1096 ("mm: migrate: clean up migrate_prep{_local}")', do_migrate_pages can return uninitialized variable 'err' (which is propagated to user-space as error) when 'from' and 'to' nodesets are identical. This can be reproduced with LTP migrate_pages01, which calls migrate_pages() with same set for both old/new_nodes. Add 'err' initialization back. Fixes: 236c32eb1096 ("mm: migrate: clean up migrate_prep{_local}") Cc: Zi Yan <ziy@nvidia.com> Cc: Yang Shi <shy828301@gmail.com> Cc: Jan Kara <jack@suse.cz> Cc: Matthew Wilcox <willy@infradead.org> Cc: Mel Gorman <mgorman@suse.de> Cc: Michal Hocko <mhocko@suse.com> Cc: Song Liu <songliubraving@fb.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jan Stancek <jstancek@redhat.com> --- mm/mempolicy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)