Now add_range_with_merge will generate blank slot as subtract_range.
we could reach the array limit because of blank slots.

We can let add_range to have second try to use blank slot.

Also use WARN_ONCE to print trace.

Reported-by: Joshua Covington <joshuacov@googlemail.com>
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Cc: <stable@vger.kernel.org> v3.9
---
 kernel/range.c |   34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/kernel/range.c b/kernel/range.c
index 98883ed..8ca718a 100644
--- a/kernel/range.c
+++ b/kernel/range.c
@@ -3,23 +3,34 @@
  */
 #include <linux/kernel.h>
 #include <linux/init.h>
+#include <linux/bug.h>
 #include <linux/sort.h>
-
 #include <linux/range.h>
 
 int add_range(struct range *range, int az, int nr_range, u64 start, u64 end)
 {
-	if (start >= end)
-		return nr_range;
+	int i;
 
-	/* Out of slots: */
-	if (nr_range >= az)
+	if (start >= end)
 		return nr_range;
 
-	range[nr_range].start = start;
-	range[nr_range].end = end;
+	/* Out of slots ? */
+	if (nr_range < az) {
+		i = nr_range;
+		nr_range++;
+	} else {
+		/* find blank slot */
+		for (i = 0; i < az; i++)
+			if (!range[i].end)
+				break;
+		if (i == az) {
+			WARN_ONCE(1, "run out of slot in ranges\n");
+			return az;
+		}
+	}
 
-	nr_range++;
+	range[i].start = start;
+	range[i].end = end;
 
 	return nr_range;
 }
@@ -99,7 +110,7 @@ void subtract_range(struct range *range, int az, u64 start, u64 end)
 				range[i].end = range[j].end;
 				range[i].start = end;
 			} else {
-				printk(KERN_ERR "run of slot in ranges\n");
+				WARN_ONCE(1,"run of slot in ranges\n");
 			}
 			range[j].end = start;
 			continue;
-- 
1.8.1.4