The local variable buddy_pfn could be passed to buddy_merge_likely()
without initialization if the passed in order is MAX_ORDER - 1. This
looks buggy but buddy_pfn won't be used in this case as there's a
order >= MAX_ORDER - 2 check. Init buddy_pfn to 0 anyway to avoid
possible future misuse.

Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
---
 mm/page_alloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index e1c7f98cff96..63ad25e86010 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -1113,7 +1113,7 @@ static inline void __free_one_page(struct page *page,
 		int migratetype, fpi_t fpi_flags)
 {
 	struct capture_control *capc = task_capc(zone);
-	unsigned long buddy_pfn;
+	unsigned long buddy_pfn = 0;
 	unsigned long combined_pfn;
 	struct page *buddy;
 	bool to_tail;
-- 
2.23.0

On 09.09.22 11:24, Miaohe Lin wrote:
> The local variable buddy_pfn could be passed to buddy_merge_likely()
> without initialization if the passed in order is MAX_ORDER - 1. This
> looks buggy but buddy_pfn won't be used in this case as there's a
> order >= MAX_ORDER - 2 check. Init buddy_pfn to 0 anyway to avoid
> possible future misuse.
> 
> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
> ---
>   mm/page_alloc.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index e1c7f98cff96..63ad25e86010 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1113,7 +1113,7 @@ static inline void __free_one_page(struct page *page,
>   		int migratetype, fpi_t fpi_flags)
>   {
>   	struct capture_control *capc = task_capc(zone);
> -	unsigned long buddy_pfn;
> +	unsigned long buddy_pfn = 0;
>   	unsigned long combined_pfn;
>   	struct page *buddy;
>   	bool to_tail;

Yeah, why not.

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Thanks,

David / dhildenb

On 9/9/22 14:54, Miaohe Lin wrote:
> The local variable buddy_pfn could be passed to buddy_merge_likely()
> without initialization if the passed in order is MAX_ORDER - 1. This
> looks buggy but buddy_pfn won't be used in this case as there's a
> order >= MAX_ORDER - 2 check. Init buddy_pfn to 0 anyway to avoid
> possible future misuse.
> 
> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>

Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>

> ---
>  mm/page_alloc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index e1c7f98cff96..63ad25e86010 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1113,7 +1113,7 @@ static inline void __free_one_page(struct page *page,
>  		int migratetype, fpi_t fpi_flags)
>  {
>  	struct capture_control *capc = task_capc(zone);
> -	unsigned long buddy_pfn;
> +	unsigned long buddy_pfn = 0;
>  	unsigned long combined_pfn;
>  	struct page *buddy;
>  	bool to_tail;

On Fri, Sep 09, 2022 at 05:24:48PM +0800, Miaohe Lin wrote:
> The local variable buddy_pfn could be passed to buddy_merge_likely()
> without initialization if the passed in order is MAX_ORDER - 1. This
> looks buggy but buddy_pfn won't be used in this case as there's a
> order >= MAX_ORDER - 2 check. Init buddy_pfn to 0 anyway to avoid
> possible future misuse.
> 
> Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>

Reviewed-by: Oscar Salvador <osalvador@suse.de>

> ---
>  mm/page_alloc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/page_alloc.c b/mm/page_alloc.c
> index e1c7f98cff96..63ad25e86010 100644
> --- a/mm/page_alloc.c
> +++ b/mm/page_alloc.c
> @@ -1113,7 +1113,7 @@ static inline void __free_one_page(struct page *page,
>  		int migratetype, fpi_t fpi_flags)
>  {
>  	struct capture_control *capc = task_capc(zone);
> -	unsigned long buddy_pfn;
> +	unsigned long buddy_pfn = 0;
>  	unsigned long combined_pfn;
>  	struct page *buddy;
>  	bool to_tail;
> -- 
> 2.23.0
> 

-- 
Oscar Salvador
SUSE Labs