From: Paul Mackerras <[EMAIL PROTECTED]> Date: Tue, 1 Apr 2008 15:15:46 +1100
> [EMAIL PROTECTED] writes: > > > From: David Miller <[EMAIL PROTECTED]> > > > > A variant of lmb_alloc() that tries to allocate memory on a specified NUMA > > node 'nid' but falls back to normal lmb_alloc() if that fails. > > ... > > > +static u64 __init lmb_alloc_nid_unreserved(u64 start, u64 end, > > + u64 size, u64 align) > > +{ > > + u64 base; > > + long j; > > + > > + base = lmb_align_down((end - size), align); > > + while (start <= base && > > + ((j = lmb_overlaps_region(&lmb.reserved, base, size)) >= 0)) > > + base = lmb_align_down(lmb.reserved.region[j].base - size, > > + align); > > How do we know that lmb.reserved.region[j].base is >= size at this > point? If it isn't, then base could end up as some extremely large > unsigned value, which would be a Bad Thing. The same exact issue exists in the existing code, from which this is derived, in __lmb_alloc_base(). This situation can occur any time a region is smaller than the 'size' argument, in both functions. _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@ozlabs.org https://ozlabs.org/mailman/listinfo/linuxppc-dev