From 66a5633aa038f4abb4455463755974febac69034 Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 5 Oct 2022 10:55:27 +0200 Subject: [PATCH] x86/NUMA: correct off-by-1 in node map population MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit As it turns out populate_memnodemap() so far "relied" on extract_lsb_from_nodes() setting memnodemapsize one too high in edge cases. Correct the issue there as well, by changing "epdx" to be an inclusive PDX and adjusting the respective relational operators. While there also limit the scope of both related variables. Fixes: b1f4b45d02ca ("x86/NUMA: correct off-by-1 in node map size calculation") Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Acked-by: Roger Pau Monné Release-acked-by: Henry Wang --- xen/arch/x86/numa.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index 2c3c1c15fe..322157fab7 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -65,15 +65,15 @@ int srat_disabled(void) static int __init populate_memnodemap(const struct node *nodes, int numnodes, int shift, nodeid_t *nodeids) { - unsigned long spdx, epdx; int i, res = -1; memset(memnodemap, NUMA_NO_NODE, memnodemapsize * sizeof(*memnodemap)); for ( i = 0; i < numnodes; i++ ) { - spdx = paddr_to_pdx(nodes[i].start); - epdx = paddr_to_pdx(nodes[i].end - 1) + 1; - if ( spdx >= epdx ) + unsigned long spdx = paddr_to_pdx(nodes[i].start); + unsigned long epdx = paddr_to_pdx(nodes[i].end - 1); + + if ( spdx > epdx ) continue; if ( (epdx >> shift) >= memnodemapsize ) return 0; @@ -88,7 +88,7 @@ static int __init populate_memnodemap(const struct node *nodes, memnodemap[spdx >> shift] = nodeids[i]; spdx += (1UL << shift); - } while ( spdx < epdx ); + } while ( spdx <= epdx ); res = 1; } -- 2.30.2