wash/mango
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vm: fix overflow in memblock do_alloc when allocating large aligned blocks

Browse Source 
allocating a large power-of-2 block with memblock may cause the base pointer of a region to exceed the limit pointer after it has been aligned during the free region scan in do_alloc().
This commit is contained in:
max 🍓
2023-12-24 09:37:52 +00:00
parent 63b69d8d85
commit 8b99158d66
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
vm/memblock.c
View File

@@ -252,7 +252,12 @@ static phys_addr_t do_alloc(size_t size, phys_addr_t align)
base += align; base += align;
} }
size_t region_size = it.it_limit - base + 1; size_t region_size = 0;
if (it.it_limit > base) {
region_size = it.it_limit - base + 1;
}
if (region_size >= size) { if (region_size >= size) {
allocated_base = it.it_base; allocated_base = it.it_base;
allocated_limit = base + size; allocated_limit = base + size;
@@ -376,8 +381,8 @@ void __next_memory_region(struct memblock_iter *it, struct memblock_type *type_a
} }
/* we want the area that is overlapped by both /* we want the area that is overlapped by both
region M (m_start - m_end) : The region defined as system memory. region M (m_start - m_end) : The region defined as system memory.
region R (r_start - r_end) : The region defined as free / outside of any reserved regions. region R (r_start - r_end) : The region defined as free / outside of any reserved regions.
*/ */
it->it_base = MAX(m_start, r_start); it->it_base = MAX(m_start, r_start);
it->it_limit = MIN(m_end, r_end); it->it_limit = MIN(m_end, r_end);