Lin Feng c0232ae861 mm: memblock: fix wrong memmove size in memblock_merge_regions() ... The memmove span covers from (next+1) to the end of the array, and the index of next is (i+1), so the index of (next+1) is (i+2). So the size of remaining array elements is (type->cnt - (i + 2)). Since the remaining elements of the memblock array are move forward by one element and there is only one additional element caused by this bug. So there won't be any write overflow here but read overflow. It may read one more element out of the array address if the array happens to be full. Commonly it doesn't matter at all but if the array happens to be located at the end a memblock, it may cause a invalid read operation for the physical address doesn't exist. There are 2 *happens to be* here, so I think the probability is quite low, I don't know if any guy is haunted by this bug before. Mostly I think it's user-invisible. Signed-off-by: Lin Feng <linfeng@cn.fujitsu.com> Acked-by: Tejun Heo <tj@kernel.org> Reviewed-by: Wanpeng Li <liwanp@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>		2013-01-11 14:54:54 -08:00
..
backing-dev.c	Revert "bdi: add a user-tunable cpu_list for the bdi flusher threads"	2012-12-17 11:29:09 -08:00
balloon_compaction.c	mm: introduce a common interface for balloon pages mobility	2012-12-11 17:22:26 -08:00
bootmem.c	mm/bootmem.c: remove unused wrapper function reserve_bootmem_generic()	2012-12-12 17:38:35 -08:00
bounce.c	bounce: allow use of bounce pool via config option	2012-07-18 16:40:35 -04:00
cleancache.c	->encode_fh() API change	2012-05-29 23:28:33 -04:00
compaction.c	compaction: fix build error in CMA && !COMPACTION	2012-12-20 17:40:18 -08:00
debug-pagealloc.c	mm, x86: Remove debug_pagealloc_enabled	2011-12-06 09:24:07 +01:00
dmapool.c	dmapool: make DMAPOOL_DEBUG detect corruption of free marker	2012-12-11 17:22:24 -08:00
fadvise.c	switch simple cases of fget_light to fdget	2012-09-26 22:20:08 -04:00
failslab.c	switch debugfs to umode_t	2012-01-03 22:54:56 -05:00
filemap_xip.c	mm: move all mmu notifier invocations to be done outside the PT lock	2012-10-09 16:22:58 +09:00
filemap.c	readahead: fault retry breaks mmap file read random detection	2012-10-09 16:22:47 +09:00
fremap.c	remap_file_pages: correctly handle the case of a NULL vm_ops pointer	2012-10-19 13:37:57 -07:00
frontswap.c	frontswap: support exclusive gets if tmem backend is capable	2012-09-21 10:38:12 -04:00
highmem.c	Some nice cleanups, and even a patch my wife did as a "live" demo for	2012-12-20 08:37:05 -08:00
huge_memory.c	mm: clean up transparent hugepage sysfs error messages	2012-12-20 17:40:20 -08:00
hugetlb_cgroup.c	mm/hugetlb: create hugetlb cgroup file in hugetlb_init	2012-12-18 15:02:15 -08:00
hugetlb.c	mm/hugetlb: create hugetlb cgroup file in hugetlb_init	2012-12-18 15:02:15 -08:00
hwpoison-inject.c	memcg: rename config variables	2012-07-31 18:42:43 -07:00
init-mm.c	atomic: use <linux/atomic.h>	2011-07-26 16:49:47 -07:00
internal.h	Automatic NUMA Balancing V11	2012-12-16 15:18:08 -08:00
interval_tree.c	mm: add CONFIG_DEBUG_VM_RB build option	2012-10-09 16:22:42 +09:00
Kconfig	memory-hotplug: document and enable CONFIG_MOVABLE_NODE	2012-12-18 15:02:12 -08:00
Kconfig.debug	mm: more intensive memory corruption debugging	2012-01-10 16:30:42 -08:00
kmemcheck.c
kmemleak-test.c
kmemleak.c	mm/kmemleak.c: remove obsolete simple_strtoul	2012-12-18 15:02:15 -08:00
ksm.c	ksm: make rmap walks more scalable	2012-12-20 07:06:56 -08:00
maccess.c	mm: Map most files to use export.h instead of module.h	2011-10-31 09:20:12 -04:00
madvise.c	mm: prepare VM_DONTDUMP for using in drivers	2012-10-09 16:22:18 +09:00
Makefile	mm: introduce a common interface for balloon pages mobility	2012-12-11 17:22:26 -08:00
memblock.c	mm: memblock: fix wrong memmove size in memblock_merge_regions()	2013-01-11 14:54:54 -08:00
memcontrol.c	memcg: don't register hotcpu notifier from ->css_alloc()	2012-12-20 17:40:20 -08:00
memory_hotplug.c	mm/memory_hotplug.c: improve comments	2012-12-18 15:02:15 -08:00
memory-failure.c	Automatic NUMA Balancing V11	2012-12-16 15:18:08 -08:00
memory.c	mm: reinstante dropped pmd_trans_splitting() check	2013-01-09 08:36:54 -08:00
mempolicy.c	mm: mempolicy: Convert shared_policy mutex to spinlock	2013-01-02 17:32:13 -08:00
mempool.c	mempool: add @gfp_mask to mempool_create_node()	2012-06-25 11:53:47 +02:00
migrate.c	mm: migrate: check page_count of THP before migrating	2013-01-11 14:54:54 -08:00
mincore.c	mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode	2012-03-21 17:54:54 -07:00
mlock.c	mm, thp: fix mlock statistics	2012-10-09 16:23:03 +09:00
mm_init.c	mm: Map most files to use export.h instead of module.h	2011-10-31 09:20:12 -04:00
mmap.c	Automatic NUMA Balancing V11	2012-12-16 15:18:08 -08:00
mmu_context.c	mm, counters: remove task argument to sync_mm_rss() and __sync_task_rss_stat()	2012-03-21 17:54:59 -07:00
mmu_notifier.c	mm/mmu_notifier: allocate mmu_notifier in advance	2012-10-25 14:37:53 -07:00
mmzone.c	memcg: fix hotplugged memory zone oops	2012-11-16 14:33:04 -08:00
mprotect.c	mm/mprotect.c: coding-style cleanups	2012-12-18 15:02:15 -08:00
mremap.c	Automatic NUMA Balancing V11	2012-12-16 15:18:08 -08:00
msync.c
nobootmem.c	mm: introduce new field "managed_pages" to struct zone	2012-12-12 17:38:34 -08:00
nommu.c	mm: export a function to get vm committed memory	2012-11-15 15:41:22 -08:00
oom_kill.c	mm, oom: remove redundant sleep in pagefault oom handler	2012-12-12 17:38:34 -08:00
page_alloc.c	mm: fix zone_watermark_ok_safe() accounting of isolated pages	2013-01-04 16:11:46 -08:00
page_cgroup.c	memcontrol: use N_MEMORY instead N_HIGH_MEMORY	2012-12-12 17:38:32 -08:00
page_io.c	mm: add support for direct_IO to highmem pages	2012-07-31 18:42:47 -07:00
page_isolation.c	mm: fix zone_watermark_ok_safe() accounting of isolated pages	2013-01-04 16:11:46 -08:00
page-writeback.c	mm: fix calculation of dirtyable memory	2012-12-20 17:40:18 -08:00
pagewalk.c	thp: change split_huge_page_pmd() interface	2012-12-12 17:38:31 -08:00
percpu-km.c
percpu-vm.c	mm: fix kernel-doc warnings	2012-06-20 14:39:36 -07:00
percpu.c	mm, percpu: Make sure percpu_alloc early parameter has an argument	2012-12-02 06:23:04 -08:00
pgtable-generic.c	mm: Only flush the TLB when clearing an accessible pte	2012-12-11 14:28:34 +00:00
process_vm_access.c	aio/vfs: cleanup of rw_copy_check_uvector() and compat_rw_copy_check_uvector()	2012-05-31 17:49:32 -07:00
quicklist.c	mm: delete various needless include <linux/module.h>	2011-10-31 09:20:11 -04:00
readahead.c	switch simple cases of fget_light to fdget	2012-09-26 22:20:08 -04:00
rmap.c	Automatic NUMA Balancing V11	2012-12-16 15:18:08 -08:00
shmem.c	mempolicy: remove arg from mpol_parse_str, mpol_to_str	2013-01-02 09:27:10 -08:00
slab_common.c	slab: propagate tunable values	2012-12-18 15:02:14 -08:00
slab.c	memcg: add comments clarifying aspects of cache attribute propagation	2012-12-18 15:02:15 -08:00
slab.h	slab: propagate tunable values	2012-12-18 15:02:14 -08:00
slob.c	sl[au]b: always get the cache from its page in kmem_cache_free()	2012-12-18 15:02:14 -08:00
slub.c	slub: drop mutex before deleting sysfs entry	2012-12-18 15:02:15 -08:00
sparse-vmemmap.c	mm: delete various needless include <linux/module.h>	2011-10-31 09:20:11 -04:00
sparse.c	memory-hotplug, mm/sparse.c: clear the memory to store struct page	2012-12-11 17:22:23 -08:00
swap_state.c	mm: add support for a filesystem to activate swap files and use direct_IO for writing swap pages	2012-07-31 18:42:47 -07:00
swap.c	mm: remove vma arg from page_evictable	2012-10-09 16:22:55 +09:00
swapfile.c	mm, oom: fix race when specifying a thread as the oom origin	2012-12-11 17:22:27 -08:00
truncate.c	mm: drop vmtruncate	2012-12-20 18:46:29 -05:00
util.c	Merge branch 'master' into for-next	2012-10-28 19:29:19 +01:00
vmalloc.c	mm: use IS_ENABLED(CONFIG_NUMA) instead of NUMA_BUILD	2012-12-11 17:22:22 -08:00
vmscan.c	MM: vmscan: remove __devinit attribute.	2013-01-03 15:57:13 -08:00
vmstat.c	Automatic NUMA Balancing V11	2012-12-16 15:18:08 -08:00