Skip to content

mm gran reject oversized pools#19146

Open
masc2008 wants to merge 1 commit into
apache:masterfrom
masc2008:shichunma/mm-gran-reject-oversized-pools
Open

mm gran reject oversized pools#19146
masc2008 wants to merge 1 commit into
apache:masterfrom
masc2008:shichunma/mm-gran-reject-oversized-pools

Conversation

@masc2008

@masc2008 masc2008 commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Summary

Reject oversized granule heaps in gran_initialize().

struct gran_s and struct graninfo_s store granule counts in uint16_t, so
a large pool with a small granule size can silently truncate ngranules
during initialization and produce an invalid handle.

This patch adds a debug assertion and returns NULL with EINVAL when the
computed granule count does not fit.

Changes

  • add a DEBUGASSERT() to catch oversized granule counts in debug builds
  • return NULL with errno = EINVAL when the computed ngranules is zero or
    exceeds UINT16_MAX

Why this is needed

For example, a 16 MiB pool with 64-byte granules computes:

  • ngranules = 16 MiB / 64 = 262144

That does not fit in the current 16-bit ngranules fields and truncates,
leading to a broken allocator handle.

Failing early is safer than silently constructing an invalid granule heap.

Impact

  • valid granule heaps are unchanged
  • oversized heaps now fail cleanly at initialization instead of failing later in
    less obvious ways

Testing

  • code inspection against current struct gran_s / struct graninfo_s
    definitions
  • verified the guard is inserted before allocator metadata allocation

masc2008
masc2008 commented Jun 16, 2026
View reviewed changes

@masc2008 masc2008 left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let it report error if over max of uint16_t.

@github-actions github-actions Bot added Area: Memory Management Memory Management issues Size: XS The size of the change in this PR is very small labels Jun 16, 2026
@masc2008 masc2008 force-pushed the shichunma/mm-gran-reject-oversized-pools branch 2 times, most recently from 77b73f5 to 6ac360f Compare June 16, 2026 09:18
mm/gran: reject pools with too many granules
a3a6d91 
struct gran_s and struct graninfo_s store granule counts in uint16_t.
Reject pools whose computed granule count exceeds UINT16_MAX,
instead of truncating the count and creating an invalid handle.

Signed-off-by: shichunma <shichunma@bestechnic.com>
@masc2008 masc2008 force-pushed the shichunma/mm-gran-reject-oversized-pools branch from 6ac360f to a3a6d91 Compare June 16, 2026 09:21
xiaoxiang781216
xiaoxiang781216 reviewed Jun 16, 2026
View reviewed changes
Comment thread mm/mm_gran/mm_graninit.c
DEBUGASSERT(ngranules > 0 && ngranules <= UINT16_MAX);
if (ngranules == 0 || ngranules > UINT16_MAX)
{
set_errno(EINVAL);

@xiaoxiang781216 xiaoxiang781216 Jun 16, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove, only POSIX API set errno

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 approved these changes

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Area: Memory Management Memory Management issues Size: XS The size of the change in this PR is very small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@masc2008 @xiaoxiang781216