| From e59464c735db19619cde2aa331609adb02005f5b Mon Sep 17 00:00:00 2001 |
| From: Changli Gao <xiaosuo@gmail.com> |
| Date: Fri, 23 Apr 2010 13:17:45 -0400 |
| Subject: flex_array: fix the panic when calling flex_array_alloc() without __GFP_ZERO |
| |
| From: Changli Gao <xiaosuo@gmail.com> |
| |
| commit e59464c735db19619cde2aa331609adb02005f5b upstream. |
| |
| memset() is called with the wrong address and the kernel panics. |
| |
| Signed-off-by: Changli Gao <xiaosuo@gmail.com> |
| Cc: Patrick McHardy <kaber@trash.net> |
| Acked-by: David Rientjes <rientjes@google.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| lib/flex_array.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/lib/flex_array.c |
| +++ b/lib/flex_array.c |
| @@ -99,7 +99,7 @@ struct flex_array *flex_array_alloc(int |
| ret->element_size = element_size; |
| ret->total_nr_elements = total; |
| if (elements_fit_in_base(ret) && !(flags & __GFP_ZERO)) |
| - memset(ret->parts[0], FLEX_ARRAY_FREE, |
| + memset(&ret->parts[0], FLEX_ARRAY_FREE, |
| FLEX_ARRAY_BASE_BYTES_LEFT); |
| return ret; |
| } |