Re: 2.6.27-rc5-mm1: 3 WARN_ON dumps during boot (acpi + vmap_pte_range)
From: Nick Piggin
Date: Mon Sep 08 2008 - 23:05:23 EST
On Tuesday 09 September 2008 03:52, Krzysztof Helt wrote:
> alloc_vmap_area within(e07f0000-fffb7000) size=801000
> returns=(e0880000-e1081000)
> alloc_vmap_area within(e07f0000-fffb7000) size=2000
> returns=(e07f0000-e07f2000)
> alloc_vmap_area within(e07f0000-fffb7000) size=2000
> returns=(e0822000-e0824000)
> vunmap_page_range (e07f0000-e07f2000 size=2000)
> free_vmap_area (e07f0000-e07f2000 size=2000)
> alloc_vmap_area within(e07f0000-fffb7000) size=5000
> returns=(e07f0000-e07f5000)
> ------------[ cut here ]------------
> WARNING: at mm/vmalloc.c:40 check_pte_range+0x83/0x90()
Thanks for that, it clearly shows the virtual address allocator
is allowing an overlapping allocation after a vm_unmap_aliases()
call. Unfortunately, my "random" test case happened not to
trigger that... I should have paid more attention to edge cases
rather than just random testing.
Anyway, I hope this fix should solve the problem for you? (it
fixes it here)
Index: linux-2.6/mm/vmalloc.c
===================================================================
--- linux-2.6.orig/mm/vmalloc.c
+++ linux-2.6/mm/vmalloc.c
@@ -321,7 +321,7 @@ retry:
struct vmap_area *tmp;
tmp = rb_entry(n, struct vmap_area, rb_node);
if (tmp->va_end >= addr) {
- if (!first && tmp->va_start <= addr)
+ if (!first && tmp->va_start < addr + size)
first = tmp;
n = n->rb_left;
} else {