The patch titled
bitmap: fix size test in bitmap_find_free_region()
has been removed from the -mm tree. Its filename was
bitmap-fix-size-test-in-bitmap_find_free_region.patch
This patch was dropped because an alternative patch was merged
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: bitmap: fix size test in bitmap_find_free_region()
From: Guennadi Liakhovetski <lg@xxxxxxx>
This loop and test in bitmap_find_free_region()
for (pos = 0; pos < bits; pos += (1 << order))
if (__reg_op(bitmap, pos, order, REG_OP_ISFREE))
break;
if (pos == bits)
return -ENOMEM;
can only return an error (-ENOMEM) if bits is a multiple of (1 << order),
which is true only if bits is (also) a power of 2. This is not
necessarily the case with dma_alloc_from_coherent(). A failure to
recognise too large a request leads to dma_alloc_from_coherent() accessing
beyond available memory, and writing beyond the bitmap.
Signed-off-by: Guennadi Liakhovetski <lg@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
lib/bitmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN lib/bitmap.c~bitmap-fix-size-test-in-bitmap_find_free_region lib/bitmap.c
--- a/lib/bitmap.c~bitmap-fix-size-test-in-bitmap_find_free_region
+++ a/lib/bitmap.c
@@ -953,7 +953,7 @@ int bitmap_find_free_region(unsigned lon
for (pos = 0; pos < bits; pos += (1 << order))
if (__reg_op(bitmap, pos, order, REG_OP_ISFREE))
break;
- if (pos == bits)
+ if (pos + (1 << order) > bits)
return -ENOMEM;
__reg_op(bitmap, pos, order, REG_OP_ALLOC);
return pos;
_
Patches currently in -mm which might be from lg@xxxxxxx are
origin.patch
bitmap-fix-size-test-in-bitmap_find_free_region.patch
linux-next.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
