[PATCH] avoid endless loops in lib/swiotlb.c

From: Jan Beulich
Date: Thu Mar 13 2008 - 05:13:06 EST

Next message: Martin Schwidefsky: "Re: [patch 3/6] Guest page hinting: mlocked pages."
Previous message: Martin Schwidefsky: "Re: [patch 4/6] Guest page hinting: writable page table entries."
Next in thread: FUJITA Tomonori: "Re: [PATCH] avoid endless loops in lib/swiotlb.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Commit 681cc5cd3efbeafca6386114070e0bfb5012e249 introduced two
possibilities for entering an endless loop in lib/swiotlb.c:

- if max_slots is zero (possible if mask is ~0UL)
- if the number of slots requested fits into a swiotlb segment, but is
too large for the part of a segment which remains after considering
offset_slots

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>
Cc: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>

---
lib/swiotlb.c | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)

--- linux-2.6.25-rc5/lib/swiotlb.c 2008-03-13 09:53:50.000000000 +0100
+++ 2.6.25-rc5-swiotlb-endless-loop/lib/swiotlb.c 2008-03-12 15:17:49.000000000 +0100
@@ -310,7 +310,9 @@ map_single(struct device *hwdev, char *b
start_dma_addr = virt_to_bus(io_tlb_start) & mask;

offset_slots = ALIGN(start_dma_addr, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT;
- max_slots = ALIGN(mask + 1, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT;
+ max_slots = mask + 1
+ ? ALIGN(mask + 1, 1 << IO_TLB_SHIFT) >> IO_TLB_SHIFT
+ : 1UL << (BITS_PER_LONG - IO_TLB_SHIFT);

/*
* For mappings greater than a page, we limit the stride (and
@@ -333,16 +335,18 @@ map_single(struct device *hwdev, char *b
index = ALIGN(io_tlb_index, stride);
if (index >= io_tlb_nslabs)
index = 0;
-
- while (is_span_boundary(index, nslots, offset_slots,
- max_slots)) {
- index += stride;
- if (index >= io_tlb_nslabs)
- index = 0;
- }
wrap = index;

do {
+ while (is_span_boundary(index, nslots, offset_slots,
+ max_slots)) {
+ index += stride;
+ if (index >= io_tlb_nslabs)
+ index = 0;
+ if (index == wrap)
+ goto not_found;
+ }
+
/*
* If we find a slot that indicates we have 'nslots'
* number of contiguous buffers, we allocate the
@@ -367,14 +371,12 @@ map_single(struct device *hwdev, char *b

goto found;
}
- do {
- index += stride;
- if (index >= io_tlb_nslabs)
- index = 0;
- } while (is_span_boundary(index, nslots, offset_slots,
- max_slots));
+ index += stride;
+ if (index >= io_tlb_nslabs)
+ index = 0;
} while (index != wrap);

+ not_found:
spin_unlock_irqrestore(&io_tlb_lock, flags);
return NULL;
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Schwidefsky: "Re: [patch 3/6] Guest page hinting: mlocked pages."
Previous message: Martin Schwidefsky: "Re: [patch 4/6] Guest page hinting: writable page table entries."
Next in thread: FUJITA Tomonori: "Re: [PATCH] avoid endless loops in lib/swiotlb.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]