summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorBjorn Helgaas <bjorn.helgaas@hp.com>2010-10-26 15:41:28 -0600
committerJesse Barnes <jbarnes@virtuousgeek.org>2010-10-26 15:33:28 -0700
commita1862e31079149a52b6223776228c3aee493d4a7 (patch)
treef70f7e3f33f63dcf77428b745f0dd01ecbee8e24 /kernel
parent6909ba14c25b4db6be2ff89f4fa0fac2d70151a0 (diff)
downloadlinux-a1862e31079149a52b6223776228c3aee493d4a7.tar.gz
linux-a1862e31079149a52b6223776228c3aee493d4a7.tar.bz2
linux-a1862e31079149a52b6223776228c3aee493d4a7.zip
resources: handle overflow when aligning start of available area
If tmp.start is near ~0, ALIGN(tmp.start) may overflow, which would make us think there's more available space than there really is. We would likely return something that conflicts with a previous resource, which would cause a failure when allocate_resource() requests the newly- allocated region. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=646027 Reported-by: Fabrice Bellet <fabrice@bellet.info> Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/resource.c21
1 files changed, 13 insertions, 8 deletions
diff --git a/kernel/resource.c b/kernel/resource.c
index 89d50412508c..e15b922d4ba4 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -392,7 +392,7 @@ static int find_resource(struct resource *root, struct resource *new,
void *alignf_data)
{
struct resource *this = root->child;
- struct resource tmp = *new, alloc;
+ struct resource tmp = *new, avail, alloc;
tmp.start = root->start;
/*
@@ -410,14 +410,19 @@ static int find_resource(struct resource *root, struct resource *new,
tmp.end = root->end;
resource_clip(&tmp, min, max);
- tmp.start = ALIGN(tmp.start, align);
- alloc.start = alignf(alignf_data, &tmp, size, align);
- alloc.end = alloc.start + size - 1;
- if (resource_contains(&tmp, &alloc)) {
- new->start = alloc.start;
- new->end = alloc.end;
- return 0;
+ /* Check for overflow after ALIGN() */
+ avail = *new;
+ avail.start = ALIGN(tmp.start, align);
+ avail.end = tmp.end;
+ if (avail.start >= tmp.start) {
+ alloc.start = alignf(alignf_data, &avail, size, align);
+ alloc.end = alloc.start + size - 1;
+ if (resource_contains(&avail, &alloc)) {
+ new->start = alloc.start;
+ new->end = alloc.end;
+ return 0;
+ }
}
if (!this)
break;