diff options
| author | Octavian Purdila <octavian.purdila@intel.com> | 2012-07-30 17:42:58 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-07-30 20:25:21 -0400 |
| commit | 65fed8f6f23070b56d0ed3841173ddd410130a89 (patch) | |
| tree | d9549d5cc05f74789bd34a400ce3275c9c224c01 | |
| parent | f7e1becb078c2b996420a61f2a411ef19335e2da (diff) | |
resource: make sure requested range is included in the root range
When the requested range is outside of the root range the logic in
__reserve_region_with_split will cause an infinite recursion which will
overflow the stack as seen in the warning bellow.
This particular stack overflow was caused by requesting the
(100000000-107ffffff) range while the root range was (0-ffffffff). In
this case __request_resource would return the whole root range as
conflict range (i.e. 0-ffffffff). Then, the logic in
__reserve_region_with_split would continue the recursion requesting the
new range as (conflict->end+1, end) which incidentally in this case
equals the originally requested range.
This patch aborts looking for an usable range when the request does not
intersect with the root range. When the request partially overlaps with
the root range, it ajust the request to fall in the root range and then
continues with the new request.
When the request is modified or aborted errors and a stack trace are
logged to allow catching the errors in the upper layers.
[ 5.968374] WARNING: at kernel/sched.c:4129 sub_preempt_count+0x63/0x89()
[ 5.975150] Modules linked in:
[ 5.978184] Pid: 1, comm: swapper Not tainted 3.0.22-mid27-00004-gb72c817 #46
[ 5.985324] Call Trace:
[ 5.987759] [<c1039dfc>] ? console_unlock+0x17b/0x18d
[ 5.992891] [<c1039620>] warn_slowpath_common+0x48/0x5d
[ 5.998194] [<c1031758>] ? sub_preempt_count+0x63/0x89
[ 6.003412] [<c1039644>] warn_slowpath_null+0xf/0x13
[ 6.008453] [<c1031758>] sub_preempt_count+0x63/0x89
[ 6.013499] [<c14d60c4>] _raw_spin_unlock+0x27/0x3f
[ 6.018453] [<c10c6349>] add_partial+0x36/0x3b
[ 6.022973] [<c10c7c0a>] deactivate_slab+0x96/0xb4
[ 6.027842] [<c14cf9d9>] __slab_alloc.isra.54.constprop.63+0x204/0x241
[ 6.034456] [<c103f78f>] ? kzalloc.constprop.5+0x29/0x38
[ 6.039842] [<c103f78f>] ? kzalloc.constprop.5+0x29/0x38
[ 6.045232] [<c10c7dc9>] kmem_cache_alloc_trace+0x51/0xb0
[ 6.050710] [<c103f78f>] ? kzalloc.constprop.5+0x29/0x38
[ 6.056100] [<c103f78f>] kzalloc.constprop.5+0x29/0x38
[ 6.061320] [<c17b45e9>] __reserve_region_with_split+0x1c/0xd1
[ 6.067230] [<c17b4693>] __reserve_region_with_split+0xc6/0xd1
...
[ 7.179057] [<c17b4693>] __reserve_region_with_split+0xc6/0xd1
[ 7.184970] [<c17b4779>] reserve_region_with_split+0x30/0x42
[ 7.190709] [<c17a8ebf>] e820_reserve_resources_late+0xd1/0xe9
[ 7.196623] [<c17c9526>] pcibios_resource_survey+0x23/0x2a
[ 7.202184] [<c17cad8a>] pcibios_init+0x23/0x35
[ 7.206789] [<c17ca574>] pci_subsys_init+0x3f/0x44
[ 7.211659] [<c1002088>] do_one_initcall+0x72/0x122
[ 7.216615] [<c17ca535>] ? pci_legacy_init+0x3d/0x3d
[ 7.221659] [<c17a27ff>] kernel_init+0xa6/0x118
[ 7.226265] [<c17a2759>] ? start_kernel+0x334/0x334
[ 7.231223] [<c14d7482>] kernel_thread_helper+0x6/0x10
Signed-off-by: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Ram Pai <linuxram@us.ibm.com>
Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | kernel/resource.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/kernel/resource.c b/kernel/resource.c index dc8b47764443..34d45886ee84 100644 --- a/kernel/resource.c +++ b/kernel/resource.c | |||
| @@ -7,6 +7,8 @@ | |||
| 7 | * Arbitrary resource management. | 7 | * Arbitrary resource management. |
| 8 | */ | 8 | */ |
| 9 | 9 | ||
| 10 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | ||
| 11 | |||
| 10 | #include <linux/export.h> | 12 | #include <linux/export.h> |
| 11 | #include <linux/errno.h> | 13 | #include <linux/errno.h> |
| 12 | #include <linux/ioport.h> | 14 | #include <linux/ioport.h> |
| @@ -791,8 +793,28 @@ void __init reserve_region_with_split(struct resource *root, | |||
| 791 | resource_size_t start, resource_size_t end, | 793 | resource_size_t start, resource_size_t end, |
| 792 | const char *name) | 794 | const char *name) |
| 793 | { | 795 | { |
| 796 | int abort = 0; | ||
| 797 | |||
| 794 | write_lock(&resource_lock); | 798 | write_lock(&resource_lock); |
| 795 | __reserve_region_with_split(root, start, end, name); | 799 | if (root->start > start || root->end < end) { |
| 800 | pr_err("requested range [0x%llx-0x%llx] not in root %pr\n", | ||
| 801 | (unsigned long long)start, (unsigned long long)end, | ||
| 802 | root); | ||
| 803 | if (start > root->end || end < root->start) | ||
| 804 | abort = 1; | ||
| 805 | else { | ||
| 806 | if (end > root->end) | ||
| 807 | end = root->end; | ||
| 808 | if (start < root->start) | ||
| 809 | start = root->start; | ||
| 810 | pr_err("fixing request to [0x%llx-0x%llx]\n", | ||
| 811 | (unsigned long long)start, | ||
| 812 | (unsigned long long)end); | ||
| 813 | } | ||
| 814 | dump_stack(); | ||
| 815 | } | ||
| 816 | if (!abort) | ||
| 817 | __reserve_region_with_split(root, start, end, name); | ||
| 796 | write_unlock(&resource_lock); | 818 | write_unlock(&resource_lock); |
| 797 | } | 819 | } |
| 798 | 820 | ||