On Mon, Jun 17, 2019 at 3:49 PM Roman Penyaev <rpenyaev@xxxxxxx> wrote:
> > augment_tree_propagate_from(va);
> >
> > - if (type == NE_FIT_TYPE)
> > - insert_vmap_area_augment(lva, &va->rb_node,
> > - &free_vmap_area_root, &free_vmap_area_list);
> > - }
> > -
> > return 0;
> > }
>
>
> Hi Arnd,
>
> Seems the proper fix is just setting lva to NULL. The only place
> where lva is allocated and then used is when type == NE_FIT_TYPE,
> so according to my shallow understanding of the code everything
> should be fine.
I don't see how NULL could work here. insert_vmap_area_augment()
passes the va pointer into find_va_links() and link_va(), both of
which dereference the pointer, see
static void
insert_vmap_area_augment(struct vmap_area *va,
struct rb_node *from, struct rb_root *root,
struct list_head *head)
{
struct rb_node **link;
struct rb_node *parent;
if (from)
link = find_va_links(va, NULL, from, &parent);
else
link = find_va_links(va, root, NULL, &parent);
link_va(va, root, parent, link, head);
augment_tree_propagate_from(va);
}
static __always_inline struct rb_node **
find_va_links(struct vmap_area *va,
struct rb_root *root, struct rb_node *from,
struct rb_node **parent)
{
...
if (va->va_start < tmp_va->va_end &&
va->va_end <= tmp_va->va_start)
...
}
static __always_inline void
link_va(struct vmap_area *va, struct rb_root *root,
struct rb_node *parent, struct rb_node **link, struct list_head *head)
{
...
rb_link_node(&va->rb_node, parent, link);
...
}
Arnd
