From: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
To: linux-kernel@vger.kernel.org
Cc: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>,
Paul Gortmaker <paul.gortmaker@windriver.com>,
Andrew Morton <akpm@linux-foundation.org>,
Benjamin Gaignard <benjamin.gaignard@stericsson.com>
Subject: [PATCH resend] genalloc: stop crashing the system when destroying a pool
Date: Sun, 21 Oct 2012 09:52:59 -0200 [thread overview]
Message-ID: <1350820392-25815-1-git-send-email-cascardo@linux.vnet.ibm.com> (raw)
A gen_pool_chunk uses a bitmap to find what addresses ranges it has
allocated and bugs when we destroy the pool and a chunk has some bits
set.
There is a problem when it allocates the bitmap. It allocates only the
number of bytes needed for the bits that represent the size it's
allocating. That is, if it needs 16 bits, it will allocate only 2 bytes,
if it needs 31 bits, it will allocate 4 bytes.
However, the bitops functions uses long types. And when the gen_pool_add
allocates a bitmap, it only clears the bytes it has allocated. So, it's
possible that we have a long word with the contents 0xffffffffffffffff,
and only the first (most significant) bytes are cleared by memset.
However, the destroy function is going to test for the least significant
bits, which will not be clear as expected.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com>
---
lib/genalloc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/lib/genalloc.c b/lib/genalloc.c
index ca208a9..5492043 100644
--- a/lib/genalloc.c
+++ b/lib/genalloc.c
@@ -178,7 +178,7 @@ int gen_pool_add_virt(struct gen_pool *pool, unsigned long virt, phys_addr_t phy
struct gen_pool_chunk *chunk;
int nbits = size >> pool->min_alloc_order;
int nbytes = sizeof(struct gen_pool_chunk) +
- (nbits + BITS_PER_BYTE - 1) / BITS_PER_BYTE;
+ BITS_TO_LONGS(nbits) * sizeof(long);
chunk = kmalloc_node(nbytes, GFP_KERNEL | __GFP_ZERO, nid);
if (unlikely(chunk == NULL))
--
1.7.1
next reply other threads:[~2012-10-21 11:53 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-21 11:52 Thadeu Lima de Souza Cascardo [this message]
2012-10-22 21:18 ` [PATCH resend] genalloc: stop crashing the system when destroying a pool Andrew Morton
2012-10-23 16:42 ` Thadeu Lima de Souza Cascardo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1350820392-25815-1-git-send-email-cascardo@linux.vnet.ibm.com \
--to=cascardo@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=benjamin.gaignard@stericsson.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paul.gortmaker@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).