diff options
| author | T Makphaibulchoke <tmac@hp.com> | 2012-10-04 20:16:55 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-05 14:05:31 -0400 |
| commit | 4965f5667f36a95b41cda6638875bc992bd7d18b (patch) | |
| tree | 554062719fbe5754197e1042024cceab1db4ddae | |
| parent | c99b6841d74a5c7d3698cc2a3ec44241fe64b769 (diff) | |
kernel/resource.c: fix stack overflow in __reserve_region_with_split()
Using a recursive call add a non-conflicting region in
__reserve_region_with_split() could result in a stack overflow in the case
that the recursive calls are too deep. Convert the recursive calls to an
iterative loop to avoid the problem.
Tested on a machine containing 135 regions. The kernel no longer panicked
with stack overflow.
Also tested with code arbitrarily adding regions with no conflict,
embedding two consecutive conflicts and embedding two non-consecutive
conflicts.
Signed-off-by: T Makphaibulchoke <tmac@hp.com>
Reviewed-by: Ram Pai <linuxram@us.ibm.com>
Cc: Paul Gortmaker <paul.gortmaker@gmail.com>
Cc: Wei Yang <weiyang@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | kernel/resource.c | 50 |
1 files changed, 38 insertions, 12 deletions
diff --git a/kernel/resource.c b/kernel/resource.c index 34d45886ee84..73f35d4b30b9 100644 --- a/kernel/resource.c +++ b/kernel/resource.c | |||
| @@ -763,6 +763,7 @@ static void __init __reserve_region_with_split(struct resource *root, | |||
| 763 | struct resource *parent = root; | 763 | struct resource *parent = root; |
| 764 | struct resource *conflict; | 764 | struct resource *conflict; |
| 765 | struct resource *res = kzalloc(sizeof(*res), GFP_ATOMIC); | 765 | struct resource *res = kzalloc(sizeof(*res), GFP_ATOMIC); |
| 766 | struct resource *next_res = NULL; | ||
| 766 | 767 | ||
| 767 | if (!res) | 768 | if (!res) |
| 768 | return; | 769 | return; |
| @@ -772,21 +773,46 @@ static void __init __reserve_region_with_split(struct resource *root, | |||
| 772 | res->end = end; | 773 | res->end = end; |
| 773 | res->flags = IORESOURCE_BUSY; | 774 | res->flags = IORESOURCE_BUSY; |
| 774 | 775 | ||
| 775 | conflict = __request_resource(parent, res); | 776 | while (1) { |
| 776 | if (!conflict) | ||
| 777 | return; | ||
| 778 | 777 | ||
| 779 | /* failed, split and try again */ | 778 | conflict = __request_resource(parent, res); |
| 780 | kfree(res); | 779 | if (!conflict) { |
| 780 | if (!next_res) | ||
| 781 | break; | ||
| 782 | res = next_res; | ||
| 783 | next_res = NULL; | ||
| 784 | continue; | ||
| 785 | } | ||
| 781 | 786 | ||
| 782 | /* conflict covered whole area */ | 787 | /* conflict covered whole area */ |
| 783 | if (conflict->start <= start && conflict->end >= end) | 788 | if (conflict->start <= res->start && |
| 784 | return; | 789 | conflict->end >= res->end) { |
| 790 | kfree(res); | ||
| 791 | WARN_ON(next_res); | ||
| 792 | break; | ||
| 793 | } | ||
| 794 | |||
| 795 | /* failed, split and try again */ | ||
| 796 | if (conflict->start > res->start) { | ||
| 797 | end = res->end; | ||
| 798 | res->end = conflict->start - 1; | ||
| 799 | if (conflict->end < end) { | ||
| 800 | next_res = kzalloc(sizeof(*next_res), | ||
| 801 | GFP_ATOMIC); | ||
| 802 | if (!next_res) { | ||
| 803 | kfree(res); | ||
| 804 | break; | ||
| 805 | } | ||
| 806 | next_res->name = name; | ||
| 807 | next_res->start = conflict->end + 1; | ||
| 808 | next_res->end = end; | ||
| 809 | next_res->flags = IORESOURCE_BUSY; | ||
| 810 | } | ||
| 811 | } else { | ||
| 812 | res->start = conflict->end + 1; | ||
| 813 | } | ||
| 814 | } | ||
| 785 | 815 | ||
| 786 | if (conflict->start > start) | ||
| 787 | __reserve_region_with_split(root, start, conflict->start-1, name); | ||
| 788 | if (conflict->end < end) | ||
| 789 | __reserve_region_with_split(root, conflict->end+1, end, name); | ||
| 790 | } | 816 | } |
| 791 | 817 | ||
| 792 | void __init reserve_region_with_split(struct resource *root, | 818 | void __init reserve_region_with_split(struct resource *root, |