From: Guillaume Knispel <gknispel@proformatique•com>
To: Kumar Gala <galak@kernel•crashing.org>
Cc: Tjernlund <joakim.tjernlund@transmode•se>,
Joakim, Pantelis Antoniou <pantelis@embeddedalley•com>,
linuxppc-dev@ozlabs•org, Li Yang <leoli@freescale•com>,
Timur Tabi <timur@freescale•com>
Subject: Re: [PATCH] Fix corruption error in rh_alloc_fixed()
Date: Sun, 14 Dec 2008 19:50:50 +0100 [thread overview]
Message-ID: <20081214195050.677ba7d1@xilun.lan.proformatique.com> (raw)
In-Reply-To: <493E8BE2.809@freescale.com>
On Tue, 09 Dec 2008 09:16:50 -0600
Timur Tabi <timur@freescale•com> wrote:
> Guillaume Knispel wrote:
>
> > blk = NULL; at the end of the loop is what is done in the more used
> > rh_alloc_align(), so for consistency either we change both or we use
> > the same construction here.
> > I also think that testing for &info->free_list is harder to understand
> > because you must have the linked list implementation in your head
> > (which a kernel developer should anyway so this is not so important)
>
> Fair enough.
>
> Acked-by: Timur Tabi <timur@freescale•com>
>
Kumar, can this go into your tree ?
(copying the patch under so you have it at hand)
There is an error in rh_alloc_fixed() of the Remote Heap code:
If there is at least one free block blk won't be NULL at the end of the
search loop, so -ENOMEM won't be returned and the else branch of
"if (bs == s || be == e)" will be taken, corrupting the management
structures.
Signed-off-by: Guillaume Knispel <gknispel@proformatique•com>
---
Fix an error in rh_alloc_fixed() that made allocations succeed when
they should fail, and corrupted management structures.
diff --git a/arch/powerpc/lib/rheap.c b/arch/powerpc/lib/rheap.c
index 29b2941..45907c1 100644
--- a/arch/powerpc/lib/rheap.c
+++ b/arch/powerpc/lib/rheap.c
@@ -556,6 +556,7 @@ unsigned long rh_alloc_fixed(rh_info_t * info, unsigned long start, int size, co
be = blk->start + blk->size;
if (s >= bs && e <= be)
break;
+ blk = NULL;
}
if (blk == NULL)
--
Guillaume KNISPEL
next prev parent reply other threads:[~2008-12-14 18:50 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-09 14:28 [PATCH] Fix corruption error in rh_alloc_fixed() Guillaume Knispel
2008-12-09 15:03 ` Timur Tabi
2008-12-09 15:14 ` Guillaume Knispel
2008-12-09 15:16 ` Timur Tabi
2008-12-14 18:50 ` Guillaume Knispel [this message]
2008-12-14 21:21 ` Paul Mackerras
2008-12-15 0:32 ` Guillaume Knispel
2008-12-16 18:23 ` Kumar Gala
2008-12-17 1:13 ` Paul Mackerras
2008-12-17 16:00 ` Kumar Gala
2008-12-17 16:11 ` Kumar Gala
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081214195050.677ba7d1@xilun.lan.proformatique.com \
--to=gknispel@proformatique$(echo .)com \
--cc=galak@kernel$(echo .)crashing.org \
--cc=joakim.tjernlund@transmode$(echo .)se \
--cc=leoli@freescale$(echo .)com \
--cc=linuxppc-dev@ozlabs$(echo .)org \
--cc=pantelis@embeddedalley$(echo .)com \
--cc=timur@freescale$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox