From: Bjorn Helgaas <helgaas@kernel.org> To: Lianbo Jiang <lijiang@redhat.com> Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org, tglx@linutronix.de, mingo@redhat.com, hpa@zytor.com, x86@kernel.org, akpm@linux-foundation.org, dan.j.williams@intel.com, thomas.lendacky@amd.com, bhelgaas@google.com, baiyaowei@cmss.chinamobile.com, tiwai@suse.de, bp@suse.de, brijesh.singh@amd.com, dyoung@redhat.com, bhe@redhat.com Subject: Re: [PATCH 1/3 v3] resource: fix an error which walks through iomem resources Date: Mon, 24 Sep 2018 12:52:42 -0500 [thread overview] Message-ID: <20180924175241.GO224714@bhelgaas-glaptop.roam.corp.google.com> (raw) In-Reply-To: <20180921073211.20097-2-lijiang@redhat.com> On Fri, Sep 21, 2018 at 03:32:09PM +0800, Lianbo Jiang wrote: > When we walk through iomem resources by calling walk_iomem_res_desc(), > the values of the function parameter may be modified in the while loop > of __walk_iomem_res_desc(), which will cause us to not get the desired > result in some cases. If I understand correctly, the issue is caused by the interaction between __walk_iomem_res_desc() and find_next_iomem_res() in this path: __walk_iomem_res_desc find_next_iomem_res res->flags = p->flags; # <-- problem This path is used by the following interfaces, and I think your patch would fix the issue for them: walk_iomem_res_desc() walk_system_ram_res() walk_mem_res() However, find_next_iomem_res() is also used directly by walk_system_ram_range(). I think that path has the same problem, and your patch does not fix that path. I have a few more comments related to the existing code that I'll post soon. > At present, it only restores the original value of res->end, but it > doesn't restore the original value of res->flags in the while loop of > __walk_iomem _res_desc(). Whenever the find_next_iomem_res() finds a > resource and returns the result, the original values of this resource > will be modified, which might lead to an error in the next loop. For > example: > > The original value of resource flags is: > res->flags=0x80000200(initial value) > > p->flags _ 0x81000200 _ _ 0x80000200 _ > / \ / \ > |________|_______A________|____|_....._|______B_________|..........___| > 0 0xffffffff > (memory address ranges) > > Note: if ((p->flags & res->flags) != res->flags) continue; > > When the resource A is found, the original value of this resource flags > will be changed to 0x81000200(res->flags=0x81000200), and continue to > look for the next resource, when the loop reaches resource B, it can not > get the resource B any more(you can refer to the for loop of find_next > _iomem_res()), because the value of conditional expression will become > true and will also jump the resource B. > > In fact, we should get the resource A and B when we walk through the > whole tree, but it only gets the resource A, the resource B is missed. > > Signed-off-by: Lianbo Jiang <lijiang@redhat.com> > --- > kernel/resource.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/kernel/resource.c b/kernel/resource.c > index 30e1bc68503b..f5d9fc70a04c 100644 > --- a/kernel/resource.c > +++ b/kernel/resource.c > @@ -375,6 +375,7 @@ static int __walk_iomem_res_desc(struct resource *res, unsigned long desc, > int (*func)(struct resource *, void *)) > { > u64 orig_end = res->end; > + u64 orig_flags = res->flags; > int ret = -1; > > while ((res->start < res->end) && > @@ -385,6 +386,7 @@ static int __walk_iomem_res_desc(struct resource *res, unsigned long desc, > > res->start = res->end + 1; > res->end = orig_end; > + res->flags = orig_flags; > } > > return ret;
WARNING: multiple messages have this Message-ID (diff)
From: Bjorn Helgaas <helgaas@kernel.org> To: Lianbo Jiang <lijiang@redhat.com> Cc: thomas.lendacky@amd.com, brijesh.singh@amd.com, bhe@redhat.com, tiwai@suse.de, x86@kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, mingo@redhat.com, baiyaowei@cmss.chinamobile.com, hpa@zytor.com, bhelgaas@google.com, tglx@linutronix.de, bp@suse.de, dyoung@redhat.com, akpm@linux-foundation.org, dan.j.williams@intel.com Subject: Re: [PATCH 1/3 v3] resource: fix an error which walks through iomem resources Date: Mon, 24 Sep 2018 12:52:42 -0500 [thread overview] Message-ID: <20180924175241.GO224714@bhelgaas-glaptop.roam.corp.google.com> (raw) In-Reply-To: <20180921073211.20097-2-lijiang@redhat.com> On Fri, Sep 21, 2018 at 03:32:09PM +0800, Lianbo Jiang wrote: > When we walk through iomem resources by calling walk_iomem_res_desc(), > the values of the function parameter may be modified in the while loop > of __walk_iomem_res_desc(), which will cause us to not get the desired > result in some cases. If I understand correctly, the issue is caused by the interaction between __walk_iomem_res_desc() and find_next_iomem_res() in this path: __walk_iomem_res_desc find_next_iomem_res res->flags = p->flags; # <-- problem This path is used by the following interfaces, and I think your patch would fix the issue for them: walk_iomem_res_desc() walk_system_ram_res() walk_mem_res() However, find_next_iomem_res() is also used directly by walk_system_ram_range(). I think that path has the same problem, and your patch does not fix that path. I have a few more comments related to the existing code that I'll post soon. > At present, it only restores the original value of res->end, but it > doesn't restore the original value of res->flags in the while loop of > __walk_iomem _res_desc(). Whenever the find_next_iomem_res() finds a > resource and returns the result, the original values of this resource > will be modified, which might lead to an error in the next loop. For > example: > > The original value of resource flags is: > res->flags=0x80000200(initial value) > > p->flags _ 0x81000200 _ _ 0x80000200 _ > / \ / \ > |________|_______A________|____|_....._|______B_________|..........___| > 0 0xffffffff > (memory address ranges) > > Note: if ((p->flags & res->flags) != res->flags) continue; > > When the resource A is found, the original value of this resource flags > will be changed to 0x81000200(res->flags=0x81000200), and continue to > look for the next resource, when the loop reaches resource B, it can not > get the resource B any more(you can refer to the for loop of find_next > _iomem_res()), because the value of conditional expression will become > true and will also jump the resource B. > > In fact, we should get the resource A and B when we walk through the > whole tree, but it only gets the resource A, the resource B is missed. > > Signed-off-by: Lianbo Jiang <lijiang@redhat.com> > --- > kernel/resource.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/kernel/resource.c b/kernel/resource.c > index 30e1bc68503b..f5d9fc70a04c 100644 > --- a/kernel/resource.c > +++ b/kernel/resource.c > @@ -375,6 +375,7 @@ static int __walk_iomem_res_desc(struct resource *res, unsigned long desc, > int (*func)(struct resource *, void *)) > { > u64 orig_end = res->end; > + u64 orig_flags = res->flags; > int ret = -1; > > while ((res->start < res->end) && > @@ -385,6 +386,7 @@ static int __walk_iomem_res_desc(struct resource *res, unsigned long desc, > > res->start = res->end + 1; > res->end = orig_end; > + res->flags = orig_flags; > } > > return ret; _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2018-09-24 17:52 UTC|newest] Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-09-21 7:32 [PATCH 0/3 v3] add reserved e820 ranges to the kdump kernel e820 table Lianbo Jiang 2018-09-21 7:32 ` Lianbo Jiang 2018-09-21 7:32 ` [PATCH 1/3 v3] resource: fix an error which walks through iomem resources Lianbo Jiang 2018-09-21 7:32 ` Lianbo Jiang 2018-09-24 17:52 ` Bjorn Helgaas [this message] 2018-09-24 17:52 ` Bjorn Helgaas 2018-09-25 7:08 ` lijiang 2018-09-25 7:08 ` lijiang 2018-09-24 22:14 ` [PATCH 0/3] find_next_iomem_res() fixes Bjorn Helgaas 2018-09-24 22:14 ` Bjorn Helgaas 2018-09-24 22:14 ` [PATCH 1/3] x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error Bjorn Helgaas 2018-09-24 22:14 ` Bjorn Helgaas 2018-09-24 22:14 ` [PATCH 2/3] resource: Include resource end in walk_*() interfaces Bjorn Helgaas 2018-09-24 22:14 ` Bjorn Helgaas 2018-09-24 22:15 ` [PATCH 3/3] resource: Fix find_next_iomem_res() iteration issue Bjorn Helgaas 2018-09-24 22:15 ` Bjorn Helgaas 2018-09-25 8:58 ` Baoquan He 2018-09-25 8:58 ` Baoquan He 2018-09-25 11:20 ` Baoquan He 2018-09-25 11:20 ` Baoquan He 2018-09-27 5:27 ` lijiang 2018-09-27 5:27 ` lijiang 2018-09-27 14:03 ` Bjorn Helgaas 2018-09-27 14:03 ` Bjorn Helgaas 2018-09-28 5:09 ` lijiang 2018-09-28 5:09 ` lijiang 2018-09-28 13:10 ` Borislav Petkov 2018-09-28 13:10 ` Borislav Petkov 2018-09-26 9:22 ` [PATCH 0/3] find_next_iomem_res() fixes lijiang 2018-09-26 9:22 ` lijiang 2018-09-26 13:36 ` lijiang 2018-09-26 13:36 ` lijiang 2018-09-21 7:32 ` [PATCH 2/3 v3] x86/kexec_file: add e820 entry in case e820 type string matches to io resource name Lianbo Jiang 2018-09-21 7:32 ` Lianbo Jiang 2018-09-21 7:32 ` [PATCH 3/3 v3] x86/kexec_file: add reserved e820 ranges to kdump kernel e820 table Lianbo Jiang 2018-09-21 7:32 ` Lianbo Jiang 2018-10-16 2:56 ` [PATCH 0/3 v3] add reserved e820 ranges to the " Dave Young 2018-10-16 2:56 ` Dave Young 2018-10-16 3:45 ` lijiang 2018-10-16 3:45 ` lijiang
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180924175241.GO224714@bhelgaas-glaptop.roam.corp.google.com \ --to=helgaas@kernel.org \ --cc=akpm@linux-foundation.org \ --cc=baiyaowei@cmss.chinamobile.com \ --cc=bhe@redhat.com \ --cc=bhelgaas@google.com \ --cc=bp@suse.de \ --cc=brijesh.singh@amd.com \ --cc=dan.j.williams@intel.com \ --cc=dyoung@redhat.com \ --cc=hpa@zytor.com \ --cc=kexec@lists.infradead.org \ --cc=lijiang@redhat.com \ --cc=linux-kernel@vger.kernel.org \ --cc=mingo@redhat.com \ --cc=tglx@linutronix.de \ --cc=thomas.lendacky@amd.com \ --cc=tiwai@suse.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.