From patchwork Sun Dec 14 18:50:50 2008 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Knispel X-Patchwork-Id: 13949 X-Patchwork-Delegate: galak@kernel.crashing.org Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from ozlabs.org (localhost [127.0.0.1]) by ozlabs.org (Postfix) with ESMTP id 204D94750F for ; Mon, 15 Dec 2008 05:51:49 +1100 (EST) X-Original-To: linuxppc-dev@ozlabs.org Delivered-To: linuxppc-dev@ozlabs.org Received: from proformatique.com (web.proformatique.com [91.194.179.68]) by ozlabs.org (Postfix) with ESMTP id 97769DDE9F for ; Mon, 15 Dec 2008 05:50:53 +1100 (EST) Received: (qmail 8269 invoked by uid 1010); 14 Dec 2008 19:29:50 -0000 Received: from 82.66.48.176 by proformatique-web-mutualise (envelope-from , uid 1004) with qmail-scanner-2.01 (clamdscan: 0.90.2/3087. spamassassin: 3.0.3. Clear:RC:1(82.66.48.176):. Processed in 0.01579 secs); 14 Dec 2008 19:29:50 -0000 Received: from unknown (HELO xilun.lan.proformatique.com) ([82.66.48.176]) (envelope-sender ) by proformatique.com (qmail-ldap-1.03) with SMTP for ; 14 Dec 2008 19:29:50 -0000 Date: Sun, 14 Dec 2008 19:50:50 +0100 From: Guillaume Knispel To: Kumar Gala Subject: Re: [PATCH] Fix corruption error in rh_alloc_fixed() Message-ID: <20081214195050.677ba7d1@xilun.lan.proformatique.com> In-Reply-To: <493E8BE2.809@freescale.com> References: <20081209152834.1d6ff291@xilun.lan.proformatique.com> <493E88B7.5020702@freescale.com> <20081209161422.5e289e6c@xilun.lan.proformatique.com> <493E8BE2.809@freescale.com> Organization: Proformatique X-Mailer: Claws Mail 3.5.0 (GTK+ 2.12.11; i486-pc-linux-gnu) Mime-Version: 1.0 Cc: Tjernlund , Joakim@ozlabs.org, Pantelis Antoniou , linuxppc-dev@ozlabs.org, Li Yang , Timur Tabi X-BeenThere: linuxppc-dev@ozlabs.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@ozlabs.org On Tue, 09 Dec 2008 09:16:50 -0600 Timur Tabi wrote: > Guillaume Knispel wrote: > > > blk = NULL; at the end of the loop is what is done in the more used > > rh_alloc_align(), so for consistency either we change both or we use > > the same construction here. > > I also think that testing for &info->free_list is harder to understand > > because you must have the linked list implementation in your head > > (which a kernel developer should anyway so this is not so important) > > Fair enough. > > Acked-by: Timur Tabi > Kumar, can this go into your tree ? (copying the patch under so you have it at hand) There is an error in rh_alloc_fixed() of the Remote Heap code: If there is at least one free block blk won't be NULL at the end of the search loop, so -ENOMEM won't be returned and the else branch of "if (bs == s || be == e)" will be taken, corrupting the management structures. Signed-off-by: Guillaume Knispel --- Fix an error in rh_alloc_fixed() that made allocations succeed when they should fail, and corrupted management structures. diff --git a/arch/powerpc/lib/rheap.c b/arch/powerpc/lib/rheap.c index 29b2941..45907c1 100644 --- a/arch/powerpc/lib/rheap.c +++ b/arch/powerpc/lib/rheap.c @@ -556,6 +556,7 @@ unsigned long rh_alloc_fixed(rh_info_t * info, unsigned long start, int size, co be = blk->start + blk->size; if (s >= bs && e <= be) break; + blk = NULL; } if (blk == NULL)