Re: [PATCH resend] genalloc: stop crashing the system whendestroying a pool

From: Andrew Morton
Date: Mon Oct 22 2012 - 17:18:45 EST

On Sun, 21 Oct 2012 09:52:59 -0200
Thadeu Lima de Souza Cascardo <cascardo@xxxxxxxxxxxxxxxxxx> wrote:

> A gen_pool_chunk uses a bitmap to find what addresses ranges it has
> allocated and bugs when we destroy the pool and a chunk has some bits
> set.
> There is a problem when it allocates the bitmap. It allocates only the
> number of bytes needed for the bits that represent the size it's
> allocating. That is, if it needs 16 bits, it will allocate only 2 bytes,
> if it needs 31 bits, it will allocate 4 bytes.
> However, the bitops functions uses long types. And when the gen_pool_add
> allocates a bitmap, it only clears the bytes it has allocated. So, it's
> possible that we have a long word with the contents 0xffffffffffffffff,
> and only the first (most significant) bytes are cleared by memset.
> However, the destroy function is going to test for the least significant
> bits, which will not be clear as expected.

When fixing a bug, please do fully describe that bug. The oops trace
would be nice, but can be avoided if a suitable description is included.

Does the BUG() happen in gen_pool_destroy(), or in gen_pool_free()? In
either case, from your description it sound like the function which is
going BUG() is the site which needs fixing because it is checking for
non-zero bits outside the correct range?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at