Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753534AbYLSNCv (ORCPT ); Fri, 19 Dec 2008 08:02:51 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751529AbYLSNCo (ORCPT ); Fri, 19 Dec 2008 08:02:44 -0500 Received: from cmpxchg.org ([85.214.51.133]:52357 "EHLO cmpxchg.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751507AbYLSNCn (ORCPT ); Fri, 19 Dec 2008 08:02:43 -0500 Date: Fri, 19 Dec 2008 14:02:11 +0100 From: Johannes Weiner To: Guennadi Liakhovetski Cc: linux-kernel@vger.kernel.org, Andrew Morton Subject: Re: [PATCH] bitmap: fix bitmap_find_free_region() Message-ID: <20081219130211.GA1560@cmpxchg.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1507 Lines: 38 On Fri, Dec 19, 2008 at 12:26:41PM +0100, Guennadi Liakhovetski wrote: > Currently bitmap_find_free_region() assumes, that the requested region > size is smaller than the entire bitmap. If this is not the case it fails > to detect it and returns success, while pointing at a position outside of > the region. > > Signed-off-by: Guennadi Liakhovetski > Cc: Andrew Morton > --- > It is hard to believe, that this is a bug, last time this code was touched > in 2006... Or should the caller guarantee, that the requested region is > not larger than the bitmap? Then dma_alloc_from_coherent() is buggy, which > is where I hit this bug. But it seems to me bitmap_find_free_region() > should be fixed. > > diff --git a/lib/bitmap.c b/lib/bitmap.c > index 1338469..079c5e3 100644 > --- a/lib/bitmap.c > +++ b/lib/bitmap.c > @@ -950,6 +950,9 @@ int bitmap_find_free_region(unsigned long *bitmap, int bits, int order) > { > int pos; /* scans bitmap by regions of size order */ > > + if (bits < 1 << order) > + return -ENOMEM; I think this is an error on the callsite, so a WARN_ON() might be good to spot these. I would be interested in the callpath that triggered this bug for you. And return -ENOSPC? Hannes -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/