Currently in __memblock_remove, the check to trim the top of
a block off only checks if the requested base is less than the
memblock end. If the end of the requested region is equal to
the start of a memblock, this will incorrectly try to remove
the block, possibly causing an integer underflow:
---------------------------------------
| | |
| | |
base end = rgn->base rend
An additional check is needed to see if the end of the requested
region is greater than the memblock region:
----------------------
| |
| |
rgn->base base rend end
| |
| |
--------------------
Signed-off-by: Laura Abbott <lauraa@xxxxxxxxxxxxxx>
---
mm/memblock.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/mm/memblock.c b/mm/memblock.c
index 5338237..e174ee0 100644
--- a/mm/memblock.c
+++ b/mm/memblock.c
@@ -459,7 +459,7 @@ static long __init_memblock __memblock_remove(struct memblock_type *type,
}
/* And check if we need to trim the top of a block */
- if (base < rend)
+ if (base < rend && end > rend)
rgn->size -= rend - base;
}
--
1.7.8.3
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>