On Thu, 20 Dec 2012, Andrew Morton wrote:
quoted
Specifying negative size of buffer makes no sense and thus this commit
changes the type of the count argument to unsigned.
--- a/arch/arm/mm/dma-mapping.c
+++ b/arch/arm/mm/dma-mapping.c
@@ -1038,9 +1038,9 @@ static struct page **__iommu_alloc_buffer(struct device *dev, size_t size,
gfp_t gfp, struct dma_attrs *attrs)
{
struct page **pages;
- int count = size >> PAGE_SHIFT;
- int array_size = count * sizeof(struct page *);
- int i = 0;
+ unsigned int count = size >> PAGE_SHIFT;
+ unsigned int array_size = count * sizeof(struct page *);
+ unsigned int i = 0;
C programmers expect a variable called `i' to have type `int'. It
would be clearer to find a new name for this. `idx', perhaps.
I didn't ack this because there's no bounds checking on
dma_alloc_from_contiguous() and bitmap_set() has a dangerous side-effect
when called with an overflowed nr since it takes a signed argument.
Marek, is there some sane upper bound we can put on count?
Additionally, I think at least this is needed for callers of bitmap_set()
for some sanity (unless someone wants to audit the almost 100 callers and
change it to unsigned as well). There's probably additional nastiness in
this library as well, I didn't check.
---
diff --git a/lib/bitmap.c b/lib/bitmap.c
--- a/lib/bitmap.c
+++ b/lib/bitmap.c
@@ -287,7 +287,7 @@ void bitmap_set(unsigned long *map, int start, int nr)
mask_to_set = ~0UL;
p++;
}
- if (nr) {
+ if (nr > 0) {
mask_to_set &= BITMAP_LAST_WORD_MASK(size);
*p |= mask_to_set;
}
--To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>