Fix potential use of out of range page in kmem

From:		Christoph Lameter <clameter@sgi.com>
To:		akpm@osdl.org
Subject:		[ZVC 1/4] Fix potential use of out of range page in kmem_getpages.
Date:		Tue, 27 Jun 2006 10:45:51 -0700 (PDT)
Cc:		Nick Piggin <nickpiggin@yahoo.com.au>, Pekka Enberg <penberg@cs.helsinki.fi>, Christoph Lameter <clameter@sgi.com>, linux-kernel@vger.kernel.org
Archive-link:		Article, Thread

ZVC: Fix potential use of out of range page in kmem_getpages.

We use page_zone(page) following several page increments in kmem_getpages().
Which page in a zone we use really does not matter. However, we may reach an
invalid page and then oops.

So move the counter decrement before we increment page.

Signed-off-by: Christoph Lameter <clameter@sgi.com>

Index: linux-2.6.17-mm3/mm/slab.c
===================================================================
--- linux-2.6.17-mm3.orig/mm/slab.c	2006-06-27 09:40:25.620599382 -0700
+++ linux-2.6.17-mm3/mm/slab.c	2006-06-27 09:40:32.330144958 -0700
@@ -1539,12 +1539,12 @@ static void kmem_freepages(struct kmem_c
 	struct page *page = virt_to_page(addr);
 	const unsigned long nr_freed = i;
 
+	sub_zone_page_state(page_zone(page), NR_SLAB, nr_freed);
 	while (i--) {
 		BUG_ON(!PageSlab(page));
 		__ClearPageSlab(page);
 		page++;
 	}
-	sub_zone_page_state(page_zone(page), NR_SLAB, nr_freed);
 	if (current->reclaim_state)
 		current->reclaim_state->reclaimed_slab += nr_freed;
 	free_pages((unsigned long)addr, cachep->gfporder);