d559c6a5c7
For the following loop -
for (i = 1; i < rcu_num_lvls; i++)
rsp->level[i] = rsp->level[i - 1] + rsp->levelcnt[i - 1];
The upper boundary of the following loop is "rcu_num_lvls", however,
this value is not necessarily equal to RCU_NUM_LVLS, nor do we
(compiler) have affirmation that it is less than RCU_NUM_LVLS. When
rcu_num_lvls is larger than RCU_NUM_LVLS, an array-out-of-bounds
access occurs.
To give the compiler affirmation that rcu_num_lvsls <= RCU_NUM_LVLS
holds, and thus to fix the warning, and BUG_ON is added.
Signed-off-by: Han Shen <shenhan@google.com>
TEST=passed compilation
BUG=None
Change-Id: I3e924d2e052e079214ad14c16ab7e17984e6db52
Reviewed-on: https://chromium-review.googlesource.com/168081
Reviewed-by: Luis Lozano <llozano@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Han Shen <shenhan@google.com>
Commit-Queue: Han Shen <shenhan@google.com>
[benzh: 3.14 rebase. kernel/rcutree.c moved to kernel/rcu/tree.c]
Signed-off-by: Ben Zhang <benzh@chromium.org>