[Skiboot] [PATCH] core/bitmap: fix bitmap iteration limit corruption

Nicholas Piggin npiggin at gmail.com
Sat Nov 25 07:07:59 AEDT 2017


The bitmap iterators did not reduce the number of bits to scan
when searching for the next bit, which would result in them
overruning their bitmap.

These are only used in one place, in xive reset, and the effect
is that the xive reset code will keep zeroing memory until it
reaches a block of memory of MAX_EQ_COUNT >> 3 bits in length,
all zeroes.

Signed-off-by: Nicholas Piggin <npiggin at gmail.com>
---
 include/bitmap.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/bitmap.h b/include/bitmap.h
index 12913ea00..f3510f725 100644
--- a/include/bitmap.h
+++ b/include/bitmap.h
@@ -59,11 +59,11 @@ extern int bitmap_find_one_bit(bitmap_t map, unsigned int start,
 #define bitmap_for_each_zero(map, size, bit)                   \
 	for (bit = bitmap_find_zero_bit(map, 0, size);         \
 	     bit >= 0;					       \
-	     bit = bitmap_find_zero_bit(map, bit + 1, size))
+	     bit = bitmap_find_zero_bit(map, (bit) + 1, (size) - (bit) - 1))
 
 #define bitmap_for_each_one(map, size, bit)                    \
 	for (bit = bitmap_find_one_bit(map, 0, size);          \
 	     bit >= 0;					       \
-	     bit = bitmap_find_one_bit(map, bit + 1, size))
+	     bit = bitmap_find_one_bit(map, (bit) + 1, (size) - (bit) - 1))
 
 #endif /* __BITMAP_H */
-- 
2.15.0



More information about the Skiboot mailing list