From 9ca96b5d8eeb866b765d9386915857d588e9af62 Mon Sep 17 00:00:00 2001
From: Yang Yingliang <yangyingliang@huawei.com>
Date: Wed, 5 Jun 2019 11:52:39 +0800
Subject: [PATCH] mm: fix out of bound when address of pfn is out of last
 region

hulk inclusion
category: performance
bugzilla: 11028
CVE: NA

-------------------------------------------------

For exampe, if we have 3 regions which is [a, b] [c, d] [e, f]
if address of pfn is bigger than the end address of last region,
we will increse early_region_idx to count of region, which is out
of bound of the regions. Fix this by check the early_region_idx if
equals count of region.

Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Reviewed-by: zhong jiang <zhongjiang@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 mm/memblock.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mm/memblock.c b/mm/memblock.c
index 827929552265..8283bf03d0f1 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -1252,13 +1252,17 @@ unsigned long __init_memblock memblock_next_valid_pfn(unsigned long pfn)
 		if (pfn >= start_pfn && pfn < end_pfn)
 			return pfn;
 
-		early_region_idx++;
+		/* try slow path */
+		if (++early_region_idx == type->cnt)
+			goto slow_path;
+
 		next_start_pfn = PFN_DOWN(regions[early_region_idx].base);
 
 		if (pfn >= end_pfn && pfn <= next_start_pfn)
 			return next_start_pfn;
 	}
 
+slow_path:
 	/* slow path, do the binary searching */
 	do {
 		mid = (right + left) / 2;
-- 
GitLab