From: Jan Beulich Date: Wed, 5 Oct 2022 08:55:27 +0000 (+0200) Subject: x86/NUMA: correct off-by-1 in node map population X-Git-Tag: archive/raspbian/4.17.0-1+rpi1^2~33^2~160 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=66a5633aa038f4abb4455463755974febac69034;p=xen.git x86/NUMA: correct off-by-1 in node map population As it turns out populate_memnodemap() so far "relied" on extract_lsb_from_nodes() setting memnodemapsize one too high in edge cases. Correct the issue there as well, by changing "epdx" to be an inclusive PDX and adjusting the respective relational operators. While there also limit the scope of both related variables. Fixes: b1f4b45d02ca ("x86/NUMA: correct off-by-1 in node map size calculation") Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné Release-acked-by: Henry Wang --- diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index 2c3c1c15fe..322157fab7 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -65,15 +65,15 @@ int srat_disabled(void) static int __init populate_memnodemap(const struct node *nodes, int numnodes, int shift, nodeid_t *nodeids) { - unsigned long spdx, epdx; int i, res = -1; memset(memnodemap, NUMA_NO_NODE, memnodemapsize * sizeof(*memnodemap)); for ( i = 0; i < numnodes; i++ ) { - spdx = paddr_to_pdx(nodes[i].start); - epdx = paddr_to_pdx(nodes[i].end - 1) + 1; - if ( spdx >= epdx ) + unsigned long spdx = paddr_to_pdx(nodes[i].start); + unsigned long epdx = paddr_to_pdx(nodes[i].end - 1); + + if ( spdx > epdx ) continue; if ( (epdx >> shift) >= memnodemapsize ) return 0; @@ -88,7 +88,7 @@ static int __init populate_memnodemap(const struct node *nodes, memnodemap[spdx >> shift] = nodeids[i]; spdx += (1UL << shift); - } while ( spdx < epdx ); + } while ( spdx <= epdx ); res = 1; }