forked from Minki/linux
SUNRPC: Fix memory corruption issue on 32-bit highmem systems
Some architectures, such as ARM-32 do not return the same base address when you call kmap_atomic() twice on the same page. This causes problems for the memmove() call in the XDR helper routine "_shift_data_right_pages()", since it defeats the detection of overlapping memory ranges, and has been seen to corrupt memory. The fix is to distinguish between the case where we're doing an inter-page copy or not. In the former case of we know that the memory ranges cannot possibly overlap, so we can additionally micro-optimise by replacing memmove() with memcpy(). Reported-by: Mark Young <MYoung@nvidia.com> Reported-by: Matt Craighead <mcraighead@nvidia.com> Cc: Bruce Fields <bfields@fieldses.org> Cc: stable@vger.kernel.org Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Tested-by: Matt Craighead <mcraighead@nvidia.com>
This commit is contained in:
parent
fa8218def1
commit
347e2233b7
@ -207,10 +207,13 @@ _shift_data_right_pages(struct page **pages, size_t pgto_base,
|
||||
pgfrom_base -= copy;
|
||||
|
||||
vto = kmap_atomic(*pgto);
|
||||
vfrom = kmap_atomic(*pgfrom);
|
||||
memmove(vto + pgto_base, vfrom + pgfrom_base, copy);
|
||||
if (*pgto != *pgfrom) {
|
||||
vfrom = kmap_atomic(*pgfrom);
|
||||
memcpy(vto + pgto_base, vfrom + pgfrom_base, copy);
|
||||
kunmap_atomic(vfrom);
|
||||
} else
|
||||
memmove(vto + pgto_base, vto + pgfrom_base, copy);
|
||||
flush_dcache_page(*pgto);
|
||||
kunmap_atomic(vfrom);
|
||||
kunmap_atomic(vto);
|
||||
|
||||
} while ((len -= copy) != 0);
|
||||
|
Loading…
Reference in New Issue
Block a user