Hi Tejun,
I find that there is a bug in __next_mem_range_rev() defined in mm/memblock.c
patch 0001 can fix the issue and pass test successfully, please help to review
and phase-in it
patch 0002 is used to verify the solution only and is provided for explaining
test method, please don't apply it
for __next_mem_range_rev(), it not only triggers null deref issue but also
doesn't iterate through memory regions contained in type_a in reversed
order rightly if its parameter type_b == NULL,moreover, it will cause mass
error loops if macro for_each_mem_range_rev is called with parameter
type_b == NULL
the patch 0001 corrects region index idx_a adjustment and initialize idx_b
to 0 to promise getting the last reversed region correctly if parameter
type_b == NULL as showed below
my test method is simple, namely, dump all types of regions with right kernel
interface and fixed __next_mem_range separately ,then check whether
fixed__next_mem_range achieves desired purpose, see test patch
segments below or entire patch 0002 for more info
thanks for Tejun's guidance and helping
fix patch 0001 is showed as follows
From da2f3cafab9632d59261cf0801f62e909d0bfde1 Mon Sep 17 00:00:00 2001
From: zijun_hu <zijun_hu@xxxxxxx>
Date: Mon, 25 Jul 2016 15:06:57 +0800
Subject: [PATCH 1/2] mm/memblock.c: fix index adjustment error in
__next_mem_range_rev()
fix region index adjustment error when parameter type_b of
__next_mem_range_rev() == NULL
Signed-off-by: zijun_hu <zijun_hu@xxxxxxx>
---
mm/memblock.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/mm/memblock.c b/mm/memblock.c
index ac12489..e95f95f 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -991,7 +991,10 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags,
if (*idx == (u64)ULLONG_MAX) {
idx_a = type_a->cnt - 1;
-idx_b = type_b->cnt;
+if (type_b != NULL)
+idx_b = type_b->cnt;
+else
+idx_b = 0;
}
for (; idx_a >= 0; idx_a--) {
@@ -1024,7 +1027,7 @@ void __init_memblock __next_mem_range_rev(u64 *idx, int nid, ulong flags,
*out_end = m_end;
if (out_nid)
*out_nid = m_nid;
-idx_a++;
+idx_a--;
*idx = (u32)idx_a | (u64)idx_b << 32;
return;
}
--
1.9.1
Test patch 002 code segments is showed as follows
diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index d45f862..0db80bb 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -326,6 +326,13 @@ void __init bootmem_init(void)
high_memory = __va((max << PAGE_SHIFT) - 1) + 1;
memblock_dump_all();
+
+if (!memblock_debug)
+__memblock_dump_all();
+/*
+ * extern void memblock_patch_verify(void);
+ */
+memblock_patch_verify();
}
diff --git a/mm/memblock.c b/mm/memblock.c
index e95f95f..5c179ae 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -1652,6 +1652,31 @@ void __init_memblock __memblock_dump_all(void)
memblock_dump(&memblock.reserved, "reserved");
}
+void __init_memblock memblock_patch_verify(void)
+{
+u64 i;
+phys_addr_t this_start, this_end;
+
+pr_info("in %s: memory\n", __func__);
+for_each_mem_range_rev(i, &memblock.memory, NULL, NUMA_NO_NODE,
+MEMBLOCK_NONE, &this_start, &this_end, NULL)
+pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+i, this_start, this_end);
+
+pr_info("in %s: reserved\n", __func__);
+for_each_mem_range_rev(i, &memblock.reserved, NULL, NUMA_NO_NODE,
+MEMBLOCK_NONE, &this_start, &this_end, NULL)
+pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+i, this_start, this_end);
+
+pr_info("in %s: memory X reserved\n", __func__);
+for_each_mem_range_rev(i, &memblock.memory, &memblock.reserved,
+NUMA_NO_NODE, MEMBLOCK_NONE,
+&this_start, &this_end, NULL)
+pr_info("[%#016llx]\t[%#016llx-%#016llx]\n",
+i, this_start, this_end);
+}
Zijun Hu
F1 Building, 299 Kang Wei Road, Pudong New Area,
Shanghai 201315, China
htc.com
| CONFIDENTIALITY NOTE : The information in this e-mail is confidential and privileged; it is intended for use solely by the individual or entity named as the recipient hereof. Disclosure, copying, distribution, or use of the contents of this e-mail by persons other than the intended recipient is strictly prohibited and may violate applicable laws. If you have received this e-mail in error, please delete the original message and notify us by return email or collect call immediately. Thank you. HTC Corporation |
Attachment:
0001-mm-memblock.c-fix-index-adjustment-error-in.patch
Description: 0001-mm-memblock.c-fix-index-adjustment-error-in.patch
Attachment:
0002-mm-temporary-patch-for-fix-memblock-issue-test.patch
Description: 0002-mm-temporary-patch-for-fix-memblock-issue-test.patch