Commit 8309cf66 authored by Eric Dumazet's avatar Eric Dumazet Committed by Linus Torvalds

[PATCH] x86_64: Bug correction in populate_memnodemap()

As reported by Keith Mannthey, there are problems in populate_memnodemap()

The bug was that the compute_hash_shift() was returning 31, with incorrect
initialization of memnodemap[]

To correct the bug, we must use (1UL << shift) instead of (1 << shift) to
avoid an integer overflow, and we must check that shift < 64 to avoid an
infinite loop.
Signed-off-by: default avatarEric Dumazet <dada1@cosmosbay.com>
Signed-off-by: default avatarAndi Kleen <ak@suse.de>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent fd495471
...@@ -53,6 +53,8 @@ static int __init populate_memnodemap( ...@@ -53,6 +53,8 @@ static int __init populate_memnodemap(
int res = -1; int res = -1;
unsigned long addr, end; unsigned long addr, end;
if (shift >= 64)
return -1;
memset(memnodemap, 0xff, sizeof(memnodemap)); memset(memnodemap, 0xff, sizeof(memnodemap));
for (i = 0; i < numnodes; i++) { for (i = 0; i < numnodes; i++) {
addr = nodes[i].start; addr = nodes[i].start;
...@@ -65,7 +67,7 @@ static int __init populate_memnodemap( ...@@ -65,7 +67,7 @@ static int __init populate_memnodemap(
if (memnodemap[addr >> shift] != 0xff) if (memnodemap[addr >> shift] != 0xff)
return -1; return -1;
memnodemap[addr >> shift] = i; memnodemap[addr >> shift] = i;
addr += (1 << shift); addr += (1UL << shift);
} while (addr < end); } while (addr < end);
res = 1; res = 1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment