bitkeeper revision 1.1686 (42a473f3lFCz32vzD_NzxLZBkAfJ0A)

cpu_gdt_init() could allocate a frame array one element too small. Now
it is fixed size and guaranteed big enough. Spotted by George Dunlap.
Signed-off-by: Keir Fraser <keir@xensource.com>

2 files changed, 2 insertions, 2 deletions

diff --git a/linux-2.6.11-xen-sparse/arch/xen/i386/kernel/cpu/common.c b/linux-2.6.11-xen-sparse/arch/xen/i386/kernel/cpu/common.c
index c608ef099a..197225266d 100644
--- a/linux-2.6.11-xen-sparse/arch/xen/i386/kernel/cpu/common.c
+++ b/linux-2.6.11-xen-sparse/arch/xen/i386/kernel/cpu/common.c
@@ -554,7 +554,7 @@ void __init early_cpu_init(void)
 
 void __init cpu_gdt_init(struct Xgt_desc_struct *gdt_descr)
 {
-	unsigned long frames[gdt_descr->size >> PAGE_SHIFT];
+	unsigned long frames[16];
 	unsigned long va;
 	int f;
 
diff --git a/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/setup64.c b/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/setup64.c
index 9b9a974337..03452e1bf3 100644
--- a/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/setup64.c
+++ b/linux-2.6.11-xen-sparse/arch/xen/x86_64/kernel/setup64.c
@@ -208,7 +208,7 @@ void __init check_efer(void)
 
 void __init cpu_gdt_init(struct desc_ptr *gdt_descr)
 {
-	unsigned long frames[gdt_descr->size >> PAGE_SHIFT];
+	unsigned long frames[16];
 	unsigned long va;
 	int f;