Hello,
(I repost this because looks like the previous was filtered because I
was not subscribed to the list)
We are looking at dma_alloc_coherent(), which uses ppc_vm_region_alloc()
on the coherent region "consistent_head".
It seems to us there is a bug in the function ppc_vm_region_alloc().
The check "if (addr > end)" should be "if (addr >= end)"
If for example it is called once when the size is the entire coherent
region, the second time it will allocate a region outside the valid
memory.
It will happen because the list will contain one element (besides the
head) which is equal to the head, and neither condition will cause a
"goto nospc". Then the list iteration will end and the new region will
be allocated right after the valid region.
list_for_each_entry(c, &head->vm_list, vm_list) {
if ((addr + size) < addr)
goto nospc;
if ((addr + size) <= c->vm_start)
goto found;
addr = c->vm_end;
if (addr > end) <=== here
goto nospc;
}
--Yossi
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
