From: Philippe Elie <phil.el@wanadoo.fr>

In a ring buffer controlled by a read and write positions we can't use
buffer_size but only buffer_size - 1 entry, the last free entry act as a
guard to avoid write pos overrun.  This bug was hidden because the writer,
oprofile_add_sample(), request one more entry than really needed.



---

 drivers/oprofile/cpu_buffer.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff -puN drivers/oprofile/cpu_buffer.c~oprofile-ringbuffer-wrap-fix drivers/oprofile/cpu_buffer.c
--- 25/drivers/oprofile/cpu_buffer.c~oprofile-ringbuffer-wrap-fix	2004-01-25 20:07:57.000000000 -0800
+++ 25-akpm/drivers/oprofile/cpu_buffer.c	2004-01-25 20:07:57.000000000 -0800
@@ -86,9 +86,9 @@ static unsigned long nr_available_slots(
 	unsigned long tail = b->tail_pos;
 
 	if (tail > head)
-		return tail - head;
+		return (tail - head) - 1;
 
-	return tail + (b->buffer_size - head);
+	return tail + (b->buffer_size - head) - 1;
 }
 
 

_