Hi Tejun, I find that there is a bug in __next_mem_range_rev() defined in mm/memblock.c patch 0001 can fix the issue and pass test successfully, please help to review and phase-in it patch 0002 is used to verify the solution only and is provided for explaining test method, please don't apply it for __next_mem_range_rev(), it not only triggers null deref issue but also doesn't iterate through memory regions contained in type_a in reversed order rightly if its parameter type_b == NULL,moreover, it will cause mass error loops if macro for_each_mem_range_rev is called with parameter type_b == NULL the patch 0001 corrects region index idx_a adjustment and initialize idx_b to 0 to promise getting the last reversed region correctly if parameter type_b == NULL as showed below my test method is simple, namely, dump all types of regions with right kernel interface and fixed __next_mem_range separately ,then check whether fixed__next_mem_range achieves desired purpose, see test patch segments below or entire patch 0002 for more info thanks for Tejun's guidance and helping fix patch 0001 is showed as follows From da2f3cafab9632d59261cf0801f62e909d0bfde1 Mon Sep 17 00:00:00 2001 From: zijun_hu <zijun_hu@xxxxxxx> Date: Mon, 25 Jul 2016 15:06:57 +0800 Subject: [PATCH 1/2] mm/memblock.c: fix index adjustment error in __next_mem_range_rev() fix region index adjustment error when parameter type_b of __next_mem_range_rev() == NULL Signed-off-by: zijun_hu <zijun_hu@xxxxxxx> --- mm/memblock.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/mm/memblock.c b/mm/memblock.c index ac12489..e95f95f 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -991,7 +991,10 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags, if (*idx == (u64)ULLONG_MAX) { idx_a = type_a->cnt - 1; -idx_b = type_b->cnt; +if (type_b != NULL) +idx_b = type_b->cnt; +else +idx_b = 0; } for (; idx_a >= 0; idx_a--) { @@ -1024,7 +1027,7 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags, *out_end = m_end; if (out_nid) *out_nid = m_nid; -idx_a++; +idx_a--; *idx = (u32)idx_a | (u64)idx_b << 32; return; } -- 1.9.1 Test patch 002 code segments is showed as follows diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index d45f862..0db80bb 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -326,6 +326,13 @@ void __init bootmem_init(void) high_memory = __va((max << PAGE_SHIFT) - 1) + 1; memblock_dump_all(); + +if (!memblock_debug) +__memblock_dump_all(); +/* + * extern void memblock_patch_verify(void); + */ +memblock_patch_verify(); } diff --git a/mm/memblock.c b/mm/memblock.c index e95f95f..5c179ae 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -1652,6 +1652,31 @@ void __init_memblock __memblock_dump_all(void) memblock_dump(&memblock.reserved, "reserved"); } +void __init_memblock memblock_patch_verify(void) +{ +u64 i; +phys_addr_t this_start, this_end; + +pr_info("in %s: memory\n", __func__); +for_each_mem_range_rev(i, &memblock.memory, NULL, NUMA_NO_NODE, +MEMBLOCK_NONE, &this_start, &this_end, NULL) +pr_info("[%#016llx]\t[%#016llx-%#016llx]\n", +i, this_start, this_end); + +pr_info("in %s: reserved\n", __func__); +for_each_mem_range_rev(i, &memblock.reserved, NULL, NUMA_NO_NODE, +MEMBLOCK_NONE, &this_start, &this_end, NULL) +pr_info("[%#016llx]\t[%#016llx-%#016llx]\n", +i, this_start, this_end); + +pr_info("in %s: memory X reserved\n", __func__); +for_each_mem_range_rev(i, &memblock.memory, &memblock.reserved, +NUMA_NO_NODE, MEMBLOCK_NONE, +&this_start, &this_end, NULL) +pr_info("[%#016llx]\t[%#016llx-%#016llx]\n", +i, this_start, this_end); +} Zijun Hu F1 Building, 299 Kang Wei Road, Pudong New Area, Shanghai 201315, China htc.com
CONFIDENTIALITY NOTE : The information in this e-mail is confidential and privileged; it is intended for use solely by the individual or entity named as the recipient hereof. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient is strictly prohibited and may violate applicable laws. If you have received this e-mail in error, please delete the original message and notify us by return email or collect call immediately. Thank you. HTC Corporation |
Attachment:
0001-mm-memblock.c-fix-index-adjustment-error-in.patch
Description: 0001-mm-memblock.c-fix-index-adjustment-error-in.patch
Attachment:
0002-mm-temporary-patch-for-fix-memblock-issue-test.patch
Description: 0002-mm-temporary-patch-for-fix-memblock-issue-test.patch