[PATCH v2] kexec: Fix off-by-one errors in locate_hole()

Simon Horman horms at verge.net.au
Wed Oct 2 21:15:53 EDT 2013


On Wed, Oct 02, 2013 at 10:42:27AM +0200, Geert Uytterhoeven wrote:
> When calling locate_hole() with "hole_size" equal to the size of an
> available memory block, it fails to use that memory block.
> 
> "end" and "hole_max" point to the last byte within the range, hence
>   - "size = end - start" is one less than "hole_size",
>   - "hole_base + hole_size" is one more than "hole_max".
> 
> Subtract one from "hole_size" when doing the comparison (adding 1 to "size"
> could overflow in case of one big range covering the whole address space).
> But explicitly check if "hole_size" is zero first, to handle this case
> without causing underflows.
> 
> Signed-off-by: Geert Uytterhoeven <geert at linux-m68k.org>

Thanks, applied.



More information about the kexec mailing list