x86-64 numa: accessing memnodemap[] beyond its end

[Petr Vandrovec]

Hello,
   what prevents function below (arch/x86_64/mm/numa.c) from accessing
memnodemap[] beyond its end?  NODEMAPSIZE is 0xFF, so for first attempted
bit shift 24 it attempts to access field 0x100000000 >> 24 = 0x100.
Fortunately it survives as memnodemap[256] fortunately contains zero and
not 0xFF or 0x01, but still it seems to me that some test for index
overflow is missing here. 
						Thanks,
							Petr Vandrovec


u8  memnodemap[NODEMAPSIZE];

int __init compute_hash_shift(struct node *nodes)
{
        int i;
        int shift = 24;
        u64 addr;

        /* When in doubt use brute force. */
        while (shift < 48) {
                memset(memnodemap,0xff,sizeof(*memnodemap) * NODEMAPSIZE);
                for (i = 0; i < numnodes; i++) {
                        if (nodes[i].start == nodes[i].end)
                                continue;
                        for (addr = nodes[i].start;
                             addr < nodes[i].end;
                             addr += (1UL << shift)) {
                                if (memnodemap[addr >> shift] != 0xff &&
                                    memnodemap[addr >> shift] != i) {
                                        printk(KERN_INFO
                                            "node %d shift %d addr %Lx conflict %d\n",
                                               i, shift, addr, memnodemap[addr>>shift]);
                                        goto next;
                                }
                                memnodemap[addr >> shift] = i;
                        }
                }
                return shift;
        next:
                shift++;
        }
        memset(memnodemap,0,sizeof(*memnodemap) * NODEMAPSIZE);
        return -1;
}

Bootdata ok (command line is BOOT_IMAGE=2.6.10-1-424-64 ro root=801 ramdisk=0 video=matroxfb:vesa:0x11E,left:16,right:8,hslen:48,xres:1920,upper:2,vslen:4,lowe)
Linux version 2.6.10-rc1-c2424 (root@vana) (gcc version 3.3.3 (Debian 20040401)) #2 SMP Mon Nov 1 15:43:42 CET 2004
BIOS-provided physical RAM map:
 BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
 BIOS-e820: 0000000000100000 - 0000000040000000 (usable)
 BIOS-e820: 0000000100000000 - 0000000140000000 (usable)
Scanning NUMA topology in Northbridge 24
Number of nodes 2 (10010)
Node 0 MemBase 0000000000000000 Limit 000000003fffffff
Node 1 MemBase 0000000100000000 Limit 000000013fffffff
node 1 shift 24 addr 100000000 conflict 0
Using node hash shift of 25
Bootmem setup node 0 0000000000000000-000000003fffffff
Bootmem setup node 1 0000000100000000-000000013fffffff

P.S.:  No, this setup does not come from standard BIOS.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/