[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20121022141854.33f5fcf4.akpm@linux-foundation.org>
Date: Mon, 22 Oct 2012 14:18:54 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Thadeu Lima de Souza Cascardo <cascardo@...ux.vnet.ibm.com>
Cc: linux-kernel@...r.kernel.org,
Paul Gortmaker <paul.gortmaker@...driver.com>,
Benjamin Gaignard <benjamin.gaignard@...ricsson.com>
Subject: Re: [PATCH resend] genalloc: stop crashing the system when
destroying a pool
On Sun, 21 Oct 2012 09:52:59 -0200
Thadeu Lima de Souza Cascardo <cascardo@...ux.vnet.ibm.com> wrote:
> A gen_pool_chunk uses a bitmap to find what addresses ranges it has
> allocated and bugs when we destroy the pool and a chunk has some bits
> set.
>
> There is a problem when it allocates the bitmap. It allocates only the
> number of bytes needed for the bits that represent the size it's
> allocating. That is, if it needs 16 bits, it will allocate only 2 bytes,
> if it needs 31 bits, it will allocate 4 bytes.
>
> However, the bitops functions uses long types. And when the gen_pool_add
> allocates a bitmap, it only clears the bytes it has allocated. So, it's
> possible that we have a long word with the contents 0xffffffffffffffff,
> and only the first (most significant) bytes are cleared by memset.
> However, the destroy function is going to test for the least significant
> bits, which will not be clear as expected.
>
When fixing a bug, please do fully describe that bug. The oops trace
would be nice, but can be avoided if a suitable description is included.
Does the BUG() happen in gen_pool_destroy(), or in gen_pool_free()? In
either case, from your description it sound like the function which is
going BUG() is the site which needs fixing because it is checking for
non-zero bits outside the correct range?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists