[PATCH] Fix array overflow in CFQ
From: Andi Kleen
Date: Tue Oct 19 2010 - 05:11:45 EST
From: Andi Kleen <ak@xxxxxxxxxxxxxxx>
gcc 4.5 complains when compiling a recent rc with
linux/block/cfq-iosched.c: In function âcfq_dispatch_requestsâ:
linux/block/cfq-iosched.c:2156:3: warning: array subscript is above array bounds
and it is right:
slice = group_slice * count /
max_t(unsigned, cfqg->busy_queues_avg[cfqd->serving_prio],
cfq_group_busy_queues_wl(cfqd->serving_prio, cfqd, cfqg));
busy_queues_avg can be indexed by this enum
enum wl_prio_t {
BE_WORKLOAD = 0,
RT_WORKLOAD = 1,
IDLE_WORKLOAD = 2,
};
in cfqd->serving_prio, but is only declared as
unsigned int busy_queues_avg[2];
which is clearly off by one. Fix this here.
Signed-off-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
---
block/cfq-iosched.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c
index 9eba291..76741da 100644
--- a/block/cfq-iosched.c
+++ b/block/cfq-iosched.c
@@ -185,7 +185,7 @@ struct cfq_group {
int nr_cfqq;
/* Per group busy queus average. Useful for workload slice calc. */
- unsigned int busy_queues_avg[2];
+ unsigned int busy_queues_avg[3];
/*
* rr lists of queues with requests, onle rr for each priority class.
* Counts are embedded in the cfq_rb_root
--
1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/