resources: handle overflow when aligning start of available area

If tmp.start is near ~0, ALIGN(tmp.start) may overflow, which would make us think there's more available space than there really is. We would likely return something that conflicts with a previous resource, which would cause a failure when allocate_resource() requests the newly- allocated region. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=646027 Reported-by: Fabrice Bellet <fabrice@bellet.info> Signed-off-by: Bjorn Helgaas <bjorn.helgaas@hp.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
2010-10-26 15:41:28 -06:00 · 2010-10-26 15:41:28 -06:00 · a1862e3107
commit a1862e3107
parent 6909ba14c2
1 changed files with 13 additions and 8 deletions
--- a/kernel/resource.c
+++ b/kernel/resource.c
@ -392,7 +392,7 @@ static int find_resource(struct resource *root, struct resource *new,
 			 void *alignf_data)
 {
 	struct resource *this = root->child;
-	struct resource tmp = *new, alloc;
+	struct resource tmp = *new, avail, alloc;
 	tmp.start = root->start;
 	/*
@ -410,14 +410,19 @@ static int find_resource(struct resource *root, struct resource *new,
 			tmp.end = root->end;
 		resource_clip(&tmp, min, max);
 		tmp.start = ALIGN(tmp.start, align);
-		alloc.start = alignf(alignf_data, &tmp, size, align);
+		/* Check for overflow after ALIGN() */
-		alloc.end = alloc.start + size - 1;
+		avail = *new;
-		if (resource_contains(&tmp, &alloc)) {
+		avail.start = ALIGN(tmp.start, align);
-			new->start = alloc.start;
+		avail.end = tmp.end;
-			new->end = alloc.end;
+		if (avail.start >= tmp.start) {
-			return 0;
+			alloc.start = alignf(alignf_data, &avail, size, align);
 			alloc.end = alloc.start + size - 1;
 			if (resource_contains(&avail, &alloc)) {
 				new->start = alloc.start;
 				new->end = alloc.end;
 				return 0;
 			}
 		}
 		if (!this)
 			break;