1
linux/lib
Paul Mackerras d9024df02f [LMB] Restructure allocation loops to avoid unsigned underflow
There is a potential bug in __lmb_alloc_base where we subtract `size'
from the base address of a reserved region without checking whether
the subtraction could wrap around and produce a very large unsigned
value.  In fact it probably isn't possible to hit the bug in practice
since it would only occur in the situation where we can't satisfy the
allocation request and there is a reserved region starting at 0.

This fixes the potential bug by breaking out of the loop when we get
to the point where the base of the reserved region is less than the
size requested.  This also restructures the loop to be a bit easier to
follow.

The same logic got copied into lmb_alloc_nid_unreserved, so this makes
a similar change there.  Here the bug is more likely to be hit because
the outer loop  (in lmb_alloc_nid) goes through the memory regions in
increasing order rather than decreasing order as __lmb_alloc_base
does, and we are therefore more likely to hit the case where we are
testing against a reserved region with a base address of 0.

Signed-off-by: Paul Mackerras <paulus@samba.org>
2008-04-15 21:22:17 +10:00
..
lzo lzo: fix typo in decompressor 2008-04-10 15:34:05 -07:00
reed_solomon
zlib_deflate lib/: Spelling fixes 2008-02-03 17:48:52 +02:00
zlib_inflate
.gitignore
argv_split.c
audit.c
bitmap.c
bitrev.c
bug.c
bust_spinlocks.c
check_signature.c
cmdline.c
cpumask.c
crc7.c
crc16.c
crc32.c lib/: Spelling fixes 2008-02-03 17:48:52 +02:00
crc32defs.h
crc-ccitt.c
crc-itu-t.c
ctype.c
debug_locks.c
dec_and_lock.c
devres.c devres: implement pcim_iomap_regions_request_all() 2008-03-17 08:26:44 -04:00
div64.c
dump_stack.c
extable.c lib/extable.c: remove an expensive integer divide in search_extable() 2008-02-06 10:41:08 -08:00
fault-inject.c libfs: allow error return from simple attributes 2008-02-08 09:22:34 -08:00
find_next_bit.c ext4: Add ext4_find_next_bit() 2008-01-28 23:58:27 -05:00
gen_crc32table.c
genalloc.c
halfmd4.c
hexdump.c
hweight.c
idr.c
inflate.c
int_sqrt.c
iomap_copy.c
iomap.c x86-32: Pass the full resource data to ioremap() 2008-03-24 11:22:39 -07:00
iommu-helper.c iommu: export iommu_is_span_boundary helper function 2008-03-04 16:35:17 -08:00
ioremap.c
irq_regs.c
kasprintf.c
Kconfig [LIB]: Make PowerPC LMB code generic so sparc64 can use it too. 2008-02-13 16:56:49 -08:00
Kconfig.debug make LKDTM depend on BLOCK 2008-02-23 17:12:13 -08:00
kernel_lock.c sched: remove the !PREEMPT_BKL code 2008-01-25 21:08:33 +01:00
klist.c
kobject_uevent.c fix uevent action-string regression 2008-03-30 14:55:49 -07:00
kobject.c kobject: properly initialize ksets 2008-03-04 14:47:05 -08:00
kref.c kref: add kref_set() 2008-01-24 20:40:05 -08:00
libcrc32c.c
list_debug.c
lmb.c [LMB] Restructure allocation loops to avoid unsigned underflow 2008-04-15 21:22:17 +10:00
locking-selftest-hardirq.h
locking-selftest-mutex.h
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h
locking-selftest-rsem.h
locking-selftest-softirq.h
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h
locking-selftest-wsem.h
locking-selftest.c
Makefile [LIB]: Make PowerPC LMB code generic so sparc64 can use it too. 2008-02-13 16:56:49 -08:00
parser.c
pcounter.c [LIB] pcounter : unline too big functions 2008-01-28 15:00:35 -08:00
percpu_counter.c
plist.c
prio_heap.c
prio_tree.c
proportions.c lib: proportion: fix underflow in prop_norm_percpu() 2007-12-23 12:54:37 -08:00
radix-tree.c radix-tree: avoid atomic allocations for preloaded insertions 2008-02-05 09:44:17 -08:00
random32.c [NET]: srandom32 fixes for networking v2 2008-04-03 14:07:02 -07:00
rbtree.c
reciprocal_div.c
rwsem-spinlock.c lib: remove fastcall from lib/* 2008-02-08 09:22:31 -08:00
rwsem.c x86: fix UML and -regparm=3 2008-01-30 13:33:00 +01:00
scatterlist.c SG: work with the SCSI fixed maximum allocations. 2008-01-28 10:54:49 +01:00
semaphore-sleepers.c lib: remove fastcall from lib/* 2008-02-08 09:22:31 -08:00
sha1.c
smp_processor_id.c debug_smp_processor_id() fixlets 2008-02-06 10:41:09 -08:00
sort.c
spinlock_debug.c
string.c
swiotlb.c avoid endless loops in lib/swiotlb.c 2008-03-13 13:15:52 -07:00
textsearch.c
ts_bm.c
ts_fsm.c
ts_kmp.c
vsprintf.c lib/vsprintf.c: fix bug omitting minus sign of numbers (module_param) 2008-02-23 17:12:14 -08:00