Commit a1862e31 authored by Bjorn Helgaas's avatar Bjorn Helgaas Committed by Jesse Barnes

resources: handle overflow when aligning start of available area

If tmp.start is near ~0, ALIGN(tmp.start) may overflow, which would
make us think there's more available space than there really is.  We
would likely return something that conflicts with a previous resource,
which would cause a failure when allocate_resource() requests the newly-
allocated region.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=646027Reported-by: default avatarFabrice Bellet <fabrice@bellet.info>
Signed-off-by: default avatarBjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: default avatarJesse Barnes <jbarnes@virtuousgeek.org>
parent 6909ba14
...@@ -392,7 +392,7 @@ static int find_resource(struct resource *root, struct resource *new, ...@@ -392,7 +392,7 @@ static int find_resource(struct resource *root, struct resource *new,
void *alignf_data) void *alignf_data)
{ {
struct resource *this = root->child; struct resource *this = root->child;
struct resource tmp = *new, alloc; struct resource tmp = *new, avail, alloc;
tmp.start = root->start; tmp.start = root->start;
/* /*
...@@ -410,14 +410,19 @@ static int find_resource(struct resource *root, struct resource *new, ...@@ -410,14 +410,19 @@ static int find_resource(struct resource *root, struct resource *new,
tmp.end = root->end; tmp.end = root->end;
resource_clip(&tmp, min, max); resource_clip(&tmp, min, max);
tmp.start = ALIGN(tmp.start, align);
alloc.start = alignf(alignf_data, &tmp, size, align); /* Check for overflow after ALIGN() */
alloc.end = alloc.start + size - 1; avail = *new;
if (resource_contains(&tmp, &alloc)) { avail.start = ALIGN(tmp.start, align);
new->start = alloc.start; avail.end = tmp.end;
new->end = alloc.end; if (avail.start >= tmp.start) {
return 0; alloc.start = alignf(alignf_data, &avail, size, align);
alloc.end = alloc.start + size - 1;
if (resource_contains(&avail, &alloc)) {
new->start = alloc.start;
new->end = alloc.end;
return 0;
}
} }
if (!this) if (!this)
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment