powerpc: Fix corruption error in rh_alloc_fixed()
authorGuillaume Knispel <gknispel@proformatique.com>
Tue, 9 Dec 2008 14:28:34 +0000 (15:28 +0100)
committerKumar Gala <galak@kernel.crashing.org>
Wed, 17 Dec 2008 16:06:14 +0000 (10:06 -0600)
There is an error in rh_alloc_fixed() of the Remote Heap code:
If there is at least one free block blk won't be NULL at the end of the
search loop, so -ENOMEM won't be returned and the else branch of
"if (bs == s || be == e)" will be taken, corrupting the management
structures.

Signed-off-by: Guillaume Knispel <gknispel@proformatique.com>
Acked-by: Timur Tabi <timur@freescale.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
arch/powerpc/lib/rheap.c

index 29b2941cada0b67ac5be0248c2a1321179bf19a6..45907c1dae66da343344b5e1cfe9c682afc409ff 100644 (file)
@@ -556,6 +556,7 @@ unsigned long rh_alloc_fixed(rh_info_t * info, unsigned long start, int size, co
                be = blk->start + blk->size;
                if (s >= bs && e <= be)
                        break;
+               blk = NULL;
        }
 
        if (blk == NULL)