From aa8e4fc68d8024cd3132035d13c3cefa7baeac8f Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Thu, 12 Mar 2009 19:32:51 -0700 Subject: bitmap: fix end condition in bitmap_find_free_region Guennadi Liakhovetski noticed that the end condition for the loop in bitmap_find_free_region() is wrong, and the "return if error" was also using the wrong conditional that would only trigger if the bitmap was an exact multiple of the allocation size, which is not necessarily the case with dma_alloc_from_coherent(). Such a failure would end up in bitmap_find_free_region() accessing beyond the end of the bitmap. Reported-by: Guennadi Liakhovetski Cc: Andrew Morton Signed-off-by: Linus Torvalds diff --git a/lib/bitmap.c b/lib/bitmap.c index 1338469..35a1f7f 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c @@ -948,15 +948,15 @@ done: */ int bitmap_find_free_region(unsigned long *bitmap, int bits, int order) { - int pos; /* scans bitmap by regions of size order */ + int pos, end; /* scans bitmap by regions of size order */ - for (pos = 0; pos < bits; pos += (1 << order)) - if (__reg_op(bitmap, pos, order, REG_OP_ISFREE)) - break; - if (pos == bits) - return -ENOMEM; - __reg_op(bitmap, pos, order, REG_OP_ALLOC); - return pos; + for (pos = 0 ; (end = pos + (1 << order)) <= bits; pos = end) { + if (!__reg_op(bitmap, pos, order, REG_OP_ISFREE)) + continue; + __reg_op(bitmap, pos, order, REG_OP_ALLOC); + return pos; + } + return -ENOMEM; } EXPORT_SYMBOL(bitmap_find_free_region); -- cgit v0.10.2 From 041b62374c7fedc11a8a1eeda2868612d3d1436c Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Thu, 12 Mar 2009 19:39:28 -0700 Subject: Linus 2.6.29-rc8 diff --git a/Makefile b/Makefile index 5a5b82e..2e2f4a4 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 29 -EXTRAVERSION = -rc7 +EXTRAVERSION = -rc8 NAME = Erotic Pickled Herring # *DOCUMENTATION* -- cgit v0.10.2