linux/drivers
Michael Abd-El-Malek bbc60c18ed xen: fix grant table bug
fix memory corruption and crash due to mis-sized grant table.

A PV OS has two grant table data structures: the grant table itself
and a free list.  The free list is composed of an array of pages,
which grow dynamically as the guest OS requires more grants.  While
the grant table contains 8-byte entries, the free list contains 4-byte
entries.  So we have half as many pages in the free list than in the
grant table.

There was a bug in the free list allocation code. The free list was
indexed as if it was the same size as the grant table.  But it's only
half as large.  So memory got corrupted, and I was seeing crashes in
the slab allocator later on.

Taken from:

  http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/4018c0da3360

Signed-off-by: Michael Abd-El-Malek <mabdelmalek@cmu.edu>
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-04-04 18:36:46 +02:00
..
acorn/char Fix default compose table initialization 2008-03-03 14:53:16 -08:00
acpi ACPI PM: Restore the 2.6.24 suspend ordering 2008-04-01 11:21:08 -07:00
amba
ata [POWERPC] sata_fsl: reduce compatibility to fsl,pq-sata 2008-03-31 10:27:35 -05:00
atm [ATM] drivers/atm/iphase.c: compilation warning fix 2008-04-02 00:03:00 -07:00
auxdisplay
base driver core: fix small mem leak in driver_add_kobj() 2008-03-28 14:45:23 -07:00
block nbd: prevent sock_xmit from attempting to use a NULL socket 2008-04-02 15:28:19 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-12 13:08:09 -07:00
cdrom make cdrom.c:check_for_audio_disc() static 2008-03-04 11:28:41 +01:00
char Char: rio, fix sparse warnings 2008-04-02 15:28:19 -07:00
clocksource
connector connector: convert to single-threaded workqueue 2008-03-23 21:51:12 -07:00
cpufreq [CPUFREQ] fix section mismatch warnings 2008-03-05 14:45:31 -05:00
cpuidle cpuidle: fix 100% C0 statistics regression 2008-03-26 00:58:19 -04:00
crypto drivers/crypto/hifn_795x.c trivial endianness annotations 2008-03-30 14:20:24 -07:00
dca
dio
dma [POWERPC] fsldma: Use compatiable binding as spec 2008-03-31 11:45:41 -05:00
edac
eisa
firewire firewire: fw-ohci: plug dma memory leak in AR handler 2008-03-27 21:01:14 +01:00
firmware dmi: prevent linked list corruption 2008-02-23 17:12:15 -08:00
gpio gpio/pca953x bugfix: mark as can_sleep 2008-03-10 18:01:19 -07:00
hid HID: update key codes for Apple aluminium 2008-03-18 11:20:33 +01:00
hwmon hwmon: (w83781d) Fix I/O resource conflict with PNP 2008-03-27 08:40:41 -04:00
i2c i2c: Fix docbook problem 2008-03-23 20:28:20 +01:00
ide ide: use ->ata_input_data in ide_driveid_update() 2008-04-02 21:22:05 +02:00
ieee1394 ieee1394: sbp2: fix for SYM13FW500 bridge (Datafab disk) 2008-03-14 00:56:59 +01:00
infiniband trivial endianness annotations: infiniband core 2008-03-30 14:20:24 -07:00
input Input: appletouch - add product IDs for the 4th generation MacBooks 2008-04-02 10:14:29 -04:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2008-03-12 13:08:09 -07:00
leds leds: Remove incorrect use of preempt_count() from leds-gpio 2008-03-31 23:31:13 +01:00
lguest misc __user misannotations (pointless casts to long) 2008-03-30 14:20:23 -07:00
macintosh [POWERPC] Fix build of modular drivers/macintosh/apm_emu.c 2008-03-13 10:09:27 +11:00
mca
md dm io: write error bits form long not int 2008-03-28 14:45:23 -07:00
media V4L/DVB (7486): radio-cadet: wrap PNP probe code in #ifdef CONFIG_PNP 2008-04-01 19:35:47 -03:00
memstick memstick: suppress uninitialized-var warning 2008-03-28 14:45:23 -07:00
message [SCSI] mpt fusion: Power Management fixes for MPT SAS PCI-E controllers 2008-03-18 15:13:40 -05:00
mfd mfd/asic3: ioread/iowrite take pointer, not unsigned long 2008-03-30 14:20:24 -07:00
misc NULL noise: drivers/misc 2008-03-30 14:18:41 -07:00
mmc mmc: use sysfs groups to handle conditional attributes 2008-03-22 17:02:20 -07:00
mtd mtd: maps/physmap: fix oops in suspend/resume/shutdown ops 2008-03-28 14:45:22 -07:00
net Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-04-03 15:41:10 -07:00
nubus
of
oprofile d_path: Make get_dcookie() use a struct path argument 2008-02-14 21:17:08 -08:00
parisc [PARISC] make ptr_to_pide() static 2008-03-15 19:17:12 -07:00
parport parport: section fixup 2008-02-13 16:21:19 -08:00
pci pci: revert SMBus unhide on HP Compaq nx6110 2008-03-28 14:45:22 -07:00
pcmcia PCI: drivers/pcmcia/i82092.c: fix up after pci_bus_region changes 2008-02-21 15:34:35 -08:00
pnp pnpacpi: reduce printk severity for "pnpacpi: exceeded the max number of ..." 2008-03-26 14:22:20 -04:00
power
ps3 [POWERPC] PS3: Update sys-manager button events 2008-02-14 22:11:01 +11:00
rapidio docbook: fix rapidio source files 2008-03-03 10:47:13 -08:00
rtc rtc-at91sam9 fixes 2008-03-19 18:53:37 -07:00
s390 [S390] zcrypt: fix ap_device_list handling 2008-03-05 12:37:19 +01:00
sbus
scsi [SCSI] mvsas: check subsystem id 2008-03-28 12:32:22 -05:00
serial atmel_serial: fix uart/console concurrent access 2008-04-02 15:28:19 -07:00
sh maple: fix device detection 2008-02-26 14:12:09 +09:00
sn ioc3.c: replace remaining __FUNCTION__ occurrences 2008-03-17 08:11:48 -04:00
spi spi_bitbang: short transfer status fix 2008-03-13 13:11:43 -07:00
ssb ssb: Add pcibios_enable_device() return value check 2008-03-04 18:36:35 -05:00
tc
telephony
thermal thermal: delete "default y" 2008-03-18 01:22:10 -04:00
uio UIO: add pgprot_noncached() to UIO mmap code 2008-03-24 22:33:49 -07:00
usb USB: ohci: fix 2 timers to fire at jiffies + 1s 2008-04-02 15:06:09 -07:00
video blackfin video driver: fix bug when opening/reading/mmaping BF54x and BF52x framebuffer simultaneously 2008-03-28 14:45:22 -07:00
virtio virtio_pci iomem annotations 2008-03-30 14:20:23 -07:00
w1 ds1wm: report bus reset error 2008-03-04 16:35:12 -08:00
watchdog [WATCHDOG] Fix it8712f_wdt.c wrong byte order accessing WDT_TIMEOUT 2008-04-01 11:31:05 -07:00
xen xen: fix grant table bug 2008-04-04 18:36:46 +02:00
zorro
Kconfig
Makefile