Skip to content

mm gran reject oversized pools#19146

Open
masc2008 wants to merge 1 commit into
apache:masterfrom
masc2008:shichunma/mm-gran-reject-oversized-pools
Open

mm gran reject oversized pools#19146
masc2008 wants to merge 1 commit into
apache:masterfrom
masc2008:shichunma/mm-gran-reject-oversized-pools

Conversation

@masc2008

@masc2008 masc2008 commented Jun 16, 2026

Copy link
Copy Markdown
Contributor

Summary

Reject oversized granule heaps in gran_initialize().

struct gran_s and struct graninfo_s store granule counts in uint16_t, so
a large pool with a small granule size can silently truncate ngranules
during initialization and produce an invalid handle.

This patch adds a debug assertion and returns NULL with EINVAL when the
computed granule count does not fit.

Changes

  • add a DEBUGASSERT() to catch oversized granule counts in debug builds
  • return NULL with errno = EINVAL when the computed ngranules is zero or
    exceeds UINT16_MAX

Why this is needed

For example, a 16 MiB pool with 64-byte granules computes:

  • ngranules = 16 MiB / 64 = 262144

That does not fit in the current 16-bit ngranules fields and truncates,
leading to a broken allocator handle.

Failing early is safer than silently constructing an invalid granule heap.

Impact

  • valid granule heaps are unchanged
  • oversized heaps now fail cleanly at initialization instead of failing later in
    less obvious ways

Testing

  • code inspection against current struct gran_s / struct graninfo_s
    definitions
  • verified the guard is inserted before allocator metadata allocation

masc2008
masc2008 commented Jun 16, 2026
View reviewed changes

@masc2008 masc2008 left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let it report error if over max of uint16_t.

@github-actions github-actions Bot added Area: Memory Management Memory Management issues Size: XS The size of the change in this PR is very small labels Jun 16, 2026
@masc2008 masc2008 force-pushed the shichunma/mm-gran-reject-oversized-pools branch 2 times, most recently from 77b73f5 to 6ac360f Compare June 16, 2026 09:18
mm/gran: reject pools with too many granules
a3a6d91 
struct gran_s and struct graninfo_s store granule counts in uint16_t.
Reject pools whose computed granule count exceeds UINT16_MAX,
instead of truncating the count and creating an invalid handle.

Signed-off-by: shichunma <shichunma@bestechnic.com>
@masc2008 masc2008 force-pushed the shichunma/mm-gran-reject-oversized-pools branch from 6ac360f to a3a6d91 Compare June 16, 2026 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 approved these changes

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Area: Memory Management Memory Management issues Size: XS The size of the change in this PR is very small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@masc2008 @xiaoxiang781216