This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [PATCH] Off-by-one in cpu_gdt_init

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] Off-by-one in cpu_gdt_init
From: George Washington Dunlap III <dunlapg@xxxxxxxxx>
Date: Mon, 6 Jun 2005 11:35:06 -0400 (EDT)
Delivery-date: Mon, 06 Jun 2005 15:34:19 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I forget what triggered this bug (it was a long time ago), but cpu_gdt_init() is trying to allocate an array, one per frame, based on gdt_descr->size. However, the math currently rounds down instead of up! (I'm pretty sure that when I triggered it, (gdt_descr->size>>PAGE_SHIFT) was 0.)


| dunlapg@xxxxxxxxx | http://www-personal.umich.edu/~dunlapg +-------------------+----------------------------------------
|  Who could move a mountain, who could love their enemy?
|  Who could rejoice in pain, and turn the other cheek?
|       - Rich Mullins, "Surely God is With Us"
| Outlaw Junk Email! Support HR 1748 (www.cauce.org)

Attachment: cpu_gdt_init-bug.patch
Description: Text document

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>