From c918dcce92f76bb9903e4d049f4780bad384c207 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 14 Aug 2008 01:41:39 -0700 Subject: sparc64: Fix overshoot in nid_range(). If 'start' does not begin on a page boundary, we can overshoot past 'end'. Signed-off-by: David S. Miller --- arch/sparc64/mm/init.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/sparc64/mm/init.c b/arch/sparc64/mm/init.c index 217de3e..64d8e76 100644 --- a/arch/sparc64/mm/init.c +++ b/arch/sparc64/mm/init.c @@ -796,6 +796,9 @@ static unsigned long nid_range(unsigned long start, unsigned long end, start += PAGE_SIZE; } + if (start > end) + start = end; + return start; } #else -- cgit v1.1 From f2b6079464fc73cf12f08248180a618f05033a70 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 14 Aug 2008 01:45:41 -0700 Subject: sparc64: Fix cmdline_memory_size handling bugs. First, lmb_enforce_memory_limit() interprets it's argument (mostly, heh) as a size limit not an address limit. So pass the raw cmdline_memory_size value into it. And we don't need to check it against zero, lmb_enforce_memory_limit() does that for us. Next, free_initmem() needs special handling when the kernel command line trims the available memory. The problem case is if the trimmed out memory is where the kernel image itself resides. When that memory is trimmed out, we don't add those physical ram areas to the sparsemem active ranges, amongst other things. Which means that this free_initmem() code will free up invalid page structs, resulting in either crashes or hangs. Just quick fix this by not freeing initmem at all if "mem=" was given on the boot command line. Signed-off-by: David S. Miller --- arch/sparc64/mm/init.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/arch/sparc64/mm/init.c b/arch/sparc64/mm/init.c index 64d8e76..b4aeb0f 100644 --- a/arch/sparc64/mm/init.c +++ b/arch/sparc64/mm/init.c @@ -1726,8 +1726,7 @@ void __init paging_init(void) find_ramdisk(phys_base); - if (cmdline_memory_size) - lmb_enforce_memory_limit(phys_base + cmdline_memory_size); + lmb_enforce_memory_limit(cmdline_memory_size); lmb_analyze(); lmb_dump_all(); @@ -1964,6 +1963,15 @@ void __init mem_init(void) void free_initmem(void) { unsigned long addr, initend; + int do_free = 1; + + /* If the physical memory maps were trimmed by kernel command + * line options, don't even try freeing this initmem stuff up. + * The kernel image could have been in the trimmed out region + * and if so the freeing below will free invalid page structs. + */ + if (cmdline_memory_size) + do_free = 0; /* * The init section is aligned to 8k in vmlinux.lds. Page align for >8k pagesizes. @@ -1978,13 +1986,16 @@ void free_initmem(void) ((unsigned long) __va(kern_base)) - ((unsigned long) KERNBASE)); memset((void *)addr, POISON_FREE_INITMEM, PAGE_SIZE); - p = virt_to_page(page); - ClearPageReserved(p); - init_page_count(p); - __free_page(p); - num_physpages++; - totalram_pages++; + if (do_free) { + p = virt_to_page(page); + + ClearPageReserved(p); + init_page_count(p); + __free_page(p); + num_physpages++; + totalram_pages++; + } } } -- cgit v1.1 From ebb1951d3624c2f961abe676645c13e5a1145569 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Fri, 15 Aug 2008 19:57:57 -0700 Subject: lmb: Fix reserved region handling in lmb_enforce_memory_limit(). The idea of the implementation of this fix is from Michael Ellerman. This function has two loops, but they each interpret the memory_limit value differently. The first loop interprets it as a "size limit" whereas the second loop interprets it as an "address limit". Before the second loop runs, reset memory_limit to lmb_end_of_DRAM() so that it all works out. Signed-off-by: David S. Miller Acked-by: Michael Ellerman --- lib/lmb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/lmb.c b/lib/lmb.c index 5d7b928..97e54703 100644 --- a/lib/lmb.c +++ b/lib/lmb.c @@ -462,6 +462,8 @@ void __init lmb_enforce_memory_limit(u64 memory_limit) if (lmb.memory.region[0].size < lmb.rmo_size) lmb.rmo_size = lmb.memory.region[0].size; + memory_limit = lmb_end_of_DRAM(); + /* And truncate any reserves above the limit also. */ for (i = 0; i < lmb.reserved.cnt; i++) { p = &lmb.reserved.region[i]; -- cgit v1.1