projects / openwrt / staging / blogic.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4130a4b)
[SPARC64]: Fix memory corruption in pci_4u_free_consistent().
authorDavid S. Miller <davem@sunset.davemloft.net>
Thu, 26 Oct 2006 05:33:07 +0000 (22:33 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Thu, 26 Oct 2006 05:39:16 +0000 (22:39 -0700)
The second argument to free_npages() was being incorrectly
calculated, which would thus access far past the end of the
arena->map[] bitmap.

Signed-off-by: David S. Miller <davem@davemloft.net>
arch/sparc64/kernel/pci_iommu.c patch | blob | history

diff --git a/arch/sparc64/kernel/pci_iommu.c b/arch/sparc64/kernel/pci_iommu.c
index 82e5455134c67719c9cafbdf7dc107a187c56302..2e7f1427088ad439d3a375f5627ec28a2445de8e 100644 (file)
--- a/arch/sparc64/kernel/pci_iommu.c
+++ b/arch/sparc64/kernel/pci_iommu.c
@@ -281,7 +281,7 @@ static void pci_4u_free_consistent(struct pci_dev *pdev, size_t size, void *cpu,
 
        spin_lock_irqsave(&iommu->lock, flags);
 
-       free_npages(iommu, dvma, npages);
+       free_npages(iommu, dvma - iommu->page_table_map_base, npages);
 
        spin_unlock_irqrestore(&iommu->lock, flags);
 
John Crispins staging tree