bitkeeper revision 1.1686 (42a473f3lFCz32vzD_NzxLZBkAfJ0A)

cpu_gdt_init() could allocate a frame array one element too small. Now
it is fixed size and guaranteed big enough. Spotted by George Dunlap.
Signed-off-by: Keir Fraser <keir@xensource.com>

diff --git a/linux-2.6.11-xen-sparse/arch/xen/i386/kernel/cpu/common.c b/linux-2.6.11-xen-sparse/arch/xen/i386/kernel/cpu/common.c
index c608ef099a2edc58a6532c49d8c99dbbeef98c6c..197225266d471ec763657dd4a9e1a13d1411afc2 100644 (file)
--- a/linux-2.6.11-xen-sparse/arch/xen/i386/kernel/cpu/common.c
+++ b/linux-2.6.11-xen-sparse/arch/xen/i386/kernel/cpu/common.c
@@ -554,7 +554,7 @@ void __init early_cpu_init(void)
 
 void __init cpu_gdt_init(struct Xgt_desc_struct *gdt_descr)
 {
-       unsigned long frames[gdt_descr->size >> PAGE_SHIFT];
+       unsigned long frames[16];
        unsigned long va;
        int f;
 

diff --git a/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/setup64.c b/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/setup64.c
index 9b9a974337008e73f9664044567b0fe9a33e699a..03452e1bf3d15eeb6bf2aa9ad3db8c2ad127a9d0 100644 (file)
--- a/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/setup64.c
+++ b/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/setup64.c
@@ -208,7 +208,7 @@ void __init check_efer(void)
 
 void __init cpu_gdt_init(struct desc_ptr *gdt_descr)
 {
-       unsigned long frames[gdt_descr->size >> PAGE_SHIFT];
+       unsigned long frames[16];
        unsigned long va;
        int f;