resources: handle overflow when aligning start of available area
Bjorn Helgaas [Tue, 26 Oct 2010 21:41:28 +0000 (15:41 -0600)]
If tmp.start is near ~0, ALIGN(tmp.start) may overflow, which would
make us think there's more available space than there really is.  We
would likely return something that conflicts with a previous resource,
which would cause a failure when allocate_resource() requests the newly-
allocated region.

Reference: https://bugzilla.redhat.com/show_bug.cgi?id=646027
Reported-by: Fabrice Bellet <fabrice@bellet.info>
Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>

kernel/resource.c

index 89d5041..e15b922 100644 (file)
@@ -392,7 +392,7 @@ static int find_resource(struct resource *root, struct resource *new,
                         void *alignf_data)
 {
        struct resource *this = root->child;
-       struct resource tmp = *new, alloc;
+       struct resource tmp = *new, avail, alloc;
 
        tmp.start = root->start;
        /*
@@ -410,14 +410,19 @@ static int find_resource(struct resource *root, struct resource *new,
                        tmp.end = root->end;
 
                resource_clip(&tmp, min, max);
-               tmp.start = ALIGN(tmp.start, align);
 
-               alloc.start = alignf(alignf_data, &tmp, size, align);
-               alloc.end = alloc.start + size - 1;
-               if (resource_contains(&tmp, &alloc)) {
-                       new->start = alloc.start;
-                       new->end = alloc.end;
-                       return 0;
+               /* Check for overflow after ALIGN() */
+               avail = *new;
+               avail.start = ALIGN(tmp.start, align);
+               avail.end = tmp.end;
+               if (avail.start >= tmp.start) {
+                       alloc.start = alignf(alignf_data, &avail, size, align);
+                       alloc.end = alloc.start + size - 1;
+                       if (resource_contains(&avail, &alloc)) {
+                               new->start = alloc.start;
+                               new->end = alloc.end;
+                               return 0;
+                       }
                }
                if (!this)
                        break;