[PATCH] fix broken lib/genalloc.c

genalloc improperly stores the sizes of freed chunks, allocates overlapping memory regions, and oopses after its in-band data is overwritten. Signed-off-by: Chris Humbert <[email protected]> Cc: Jes Sorensen <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
kyagi · Nov 28, 2005 · 4659633 · 4659633
1 parent 7729ac5
commit 4659633
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/lib/genalloc.c b/lib/genalloc.c
@@ -95,12 +95,10 @@ unsigned long gen_pool_alloc(struct gen_pool *poolp, int size)
 	if (size > max_chunk_size)
 		return 0;
 
-	i = 0;
-
 	size = max(size, 1 << ALLOC_MIN_SHIFT);
-	s = roundup_pow_of_two(size);
-
-	j = i;
+	i = fls(size - 1);
+	s = 1 << i;
+	j = i -= ALLOC_MIN_SHIFT;
 
 	spin_lock_irqsave(&poolp->lock, flags);
 	while (!h[j].next) {
@@ -153,10 +151,10 @@ void gen_pool_free(struct gen_pool *poolp, unsigned long ptr, int size)
 	if (size > max_chunk_size)
 		return;
 
-	i = 0;
-
 	size = max(size, 1 << ALLOC_MIN_SHIFT);
-	s = roundup_pow_of_two(size);
+	i = fls(size - 1);
+	s = 1 << i;
+	i -= ALLOC_MIN_SHIFT;
 
 	a = ptr;