From: Timur Tabi <timur@freescale.com>
To: Guillaume Knispel <gknispel@proformatique.com>
Cc: linuxppc-dev@ozlabs.org,
Pantelis Antoniou <pantelis@embeddedalley.com>,
Li Yang <leoli@freescale.com>,
Joakim Tjernlund <joakim.tjernlund@transmode.se>
Subject: Re: [PATCH] Fix corruption error in rh_alloc_fixed()
Date: Tue, 09 Dec 2008 09:03:19 -0600 [thread overview]
Message-ID: <493E88B7.5020702@freescale.com> (raw)
In-Reply-To: <20081209152834.1d6ff291@xilun.lan.proformatique.com>
Guillaume Knispel wrote:
> There is an error in rh_alloc_fixed() of the Remote Heap code:
> If there is at least one free block blk won't be NULL at the end of the
> search loop, so -ENOMEM won't be returned and the else branch of
> "if (bs == s || be == e)" will be taken, corrupting the management
> structures.
>
> Signed-off-by: Guillaume Knispel <gknispel@proformatique.com>
> ---
> Fix an error in rh_alloc_fixed() that made allocations succeed when
> they should fail, and corrupted management structures.
>
> diff --git a/arch/powerpc/lib/rheap.c b/arch/powerpc/lib/rheap.c
> index 29b2941..45907c1 100644
> --- a/arch/powerpc/lib/rheap.c
> +++ b/arch/powerpc/lib/rheap.c
> @@ -556,6 +556,7 @@ unsigned long rh_alloc_fixed(rh_info_t * info, unsigned long start, int size, co
> be = blk->start + blk->size;
> if (s >= bs && e <= be)
> break;
> + blk = NULL;
> }
>
> if (blk == NULL)
This is a good catch, however, wouldn't it be better to do this:
list_for_each(l, &info->free_list) {
blk = list_entry(l, rh_block_t, list);
/* The range must lie entirely inside one free block */
bs = blk->start;
be = blk->start + blk->size;
if (s >= bs && e <= be)
break;
}
- if (blk == NULL)
+ if (blk == &info->free_list)
return (unsigned long) -ENOMEM;
I haven't tested this, but the if-statement at the end of the loop is meant to
check whether the list_for_each() loop got to the end or not.
What do you think?
--
Timur Tabi
Linux kernel developer at Freescale
next prev parent reply other threads:[~2008-12-09 15:04 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 14:28 [PATCH] Fix corruption error in rh_alloc_fixed() Guillaume Knispel
2008-12-09 15:03 ` Timur Tabi [this message]
2008-12-09 15:14 ` Guillaume Knispel
2008-12-09 15:16 ` Timur Tabi
2008-12-14 18:50 ` Guillaume Knispel
2008-12-14 21:21 ` Paul Mackerras
2008-12-15 0:32 ` Guillaume Knispel
2008-12-16 18:23 ` Kumar Gala
2008-12-17 1:13 ` Paul Mackerras
2008-12-17 16:00 ` Kumar Gala
2008-12-17 16:11 ` Kumar Gala
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=493E88B7.5020702@freescale.com \
--to=timur@freescale.com \
--cc=gknispel@proformatique.com \
--cc=joakim.tjernlund@transmode.se \
--cc=leoli@freescale.com \
--cc=linuxppc-dev@ozlabs.org \
--cc=pantelis@embeddedalley.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.