Commit 347e2233 authored by Trond Myklebust's avatar Trond Myklebust

SUNRPC: Fix memory corruption issue on 32-bit highmem systems

Some architectures, such as ARM-32 do not return the same base address
when you call kmap_atomic() twice on the same page.
This causes problems for the memmove() call in the XDR helper routine
"_shift_data_right_pages()", since it defeats the detection of
overlapping memory ranges, and has been seen to corrupt memory.

The fix is to distinguish between the case where we're doing an
inter-page copy or not. In the former case of we know that the memory
ranges cannot possibly overlap, so we can additionally micro-optimise
by replacing memmove() with memcpy().
Reported-by: default avatarMark Young <MYoung@nvidia.com>
Reported-by: default avatarMatt Craighead <mcraighead@nvidia.com>
Cc: Bruce Fields <bfields@fieldses.org>
Cc: stable@vger.kernel.org
Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: default avatarMatt Craighead <mcraighead@nvidia.com>
parent fa8218de
...@@ -207,10 +207,13 @@ _shift_data_right_pages(struct page **pages, size_t pgto_base, ...@@ -207,10 +207,13 @@ _shift_data_right_pages(struct page **pages, size_t pgto_base,
pgfrom_base -= copy; pgfrom_base -= copy;
vto = kmap_atomic(*pgto); vto = kmap_atomic(*pgto);
if (*pgto != *pgfrom) {
vfrom = kmap_atomic(*pgfrom); vfrom = kmap_atomic(*pgfrom);
memmove(vto + pgto_base, vfrom + pgfrom_base, copy); memcpy(vto + pgto_base, vfrom + pgfrom_base, copy);
flush_dcache_page(*pgto);
kunmap_atomic(vfrom); kunmap_atomic(vfrom);
} else
memmove(vto + pgto_base, vto + pgfrom_base, copy);
flush_dcache_page(*pgto);
kunmap_atomic(vto); kunmap_atomic(vto);
} while ((len -= copy) != 0); } while ((len -= copy) != 0);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment