From mboxrd@z Thu Jan 1 00:00:00 1970 From: Laura Abbott Subject: [PATCH] mm/memblock.c: Correctly check whether to trim a block Date: Wed, 28 Mar 2012 19:25:58 -0700 Message-ID: <1332987958-10766-1-git-send-email-lauraa@codeaurora.org> Return-path: Received: from wolverine01.qualcomm.com ([199.106.114.254]:40838 "EHLO wolverine01.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753875Ab2C2C0T (ORCPT ); Wed, 28 Mar 2012 22:26:19 -0400 Sender: linux-arm-msm-owner@vger.kernel.org List-Id: linux-arm-msm@vger.kernel.org To: linux-mm@kvack.org, benh@kernel.crashing.org, yinghai@kernel.org Cc: linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, Laura Abbott Currently in __memblock_remove, the check to trim the top of a block off only checks if the requested base is less than the memblock end. If the end of the requested region is equal to the start of a memblock, this will incorrectly try to remove the block, possibly causing an integer underflow: --------------------------------------- | | | | | | base end = rgn->base rend An additional check is needed to see if the end of the requested region is greater than the memblock region: ---------------------- | | | | rgn->base base rend end | | | | -------------------- Signed-off-by: Laura Abbott --- mm/memblock.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/mm/memblock.c b/mm/memblock.c index 5338237..e174ee0 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -459,7 +459,7 @@ static long __init_memblock __memblock_remove(struct memblock_type *type, } /* And check if we need to trim the top of a block */ - if (base < rend) + if (base < rend && end > rend) rgn->size -= rend - base; } -- 1.7.8.3