From 46596338a10a54550ff03a6f60c28145a080296b Mon Sep 17 00:00:00 2001 From: Chris Humbert Date: Mon, 28 Nov 2005 13:43:54 -0800 Subject: [PATCH] fix broken lib/genalloc.c genalloc improperly stores the sizes of freed chunks, allocates overlapping memory regions, and oopses after its in-band data is overwritten. Signed-off-by: Chris Humbert Cc: Jes Sorensen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- lib/genalloc.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/lib/genalloc.c b/lib/genalloc.c index d6d30d2e716..9ce0a6a3b85 100644 --- a/lib/genalloc.c +++ b/lib/genalloc.c @@ -95,12 +95,10 @@ unsigned long gen_pool_alloc(struct gen_pool *poolp, int size) if (size > max_chunk_size) return 0; - i = 0; - size = max(size, 1 << ALLOC_MIN_SHIFT); - s = roundup_pow_of_two(size); - - j = i; + i = fls(size - 1); + s = 1 << i; + j = i -= ALLOC_MIN_SHIFT; spin_lock_irqsave(&poolp->lock, flags); while (!h[j].next) { @@ -153,10 +151,10 @@ void gen_pool_free(struct gen_pool *poolp, unsigned long ptr, int size) if (size > max_chunk_size) return; - i = 0; - size = max(size, 1 << ALLOC_MIN_SHIFT); - s = roundup_pow_of_two(size); + i = fls(size - 1); + s = 1 << i; + i -= ALLOC_MIN_SHIFT; a = ptr; -- cgit v1.2.3-18-g5258