lmb_remove_region - bad decrementing...
Siva Prasad
sprasad at bivio.net
Tue Mar 20 07:00:36 EST 2007
Hi,
This is based on 2.6.19 kernel.
In the file mm/lmb.c, we have function lmb_remove_region. In this
function we are decrementing the region count even if the condition
fails and we don't necessarily remove the region.
For example ...
static void __init lmb_remove_region(struct lmb_region *rgn, unsigned
long r)
{
unsigned long i;
for (i = r; i < rgn->cnt - 1; i++) {
rgn->region[i].base = rgn->region[i + 1].base;
rgn->region[i].size = rgn->region[i + 1].size;
}
rgn->cnt--;
}
Shound't the region count be decremented only if r > rgn->cnt -1. When
we initially setup lmb, cnt will be 1, and as part of other functions,
this gets called with out even increasing this number. So, region does
not get removed, but cnt does get decremented by 1.
At least a quick fix like this "if (rgn->cnt > 1) rgn->cnt--;" should
serve for now.
Same thing happens at routine lmb_enfore_memory_limit. Actually
lmb_remove_region gets called from here and the problem starts. So, "i"
should not be decremented here, if the initial condition fails.
What do you guys think?
Thanks
Siva
More information about the Linuxppc-dev
mailing list