Commit b7fef2dd authored by Heiko Carstens's avatar Heiko Carstens Committed by Martin Schwidefsky

s390/uaccess: fix clear_user_pt()

The page table walker variant of clear_user() is supposed to copy the
contents of the empty zero page to user space.
However since 238ec4ef "[S390] zero page cache synonyms" empty_zero_page
is not anymore the page itself but contains the pointer to the empty zero
pages. Therefore the page table walker variant of clear_user() copied
the address of the first empty zero page and afterwards more or less
random data to user space instead of clearing the given user space range.
Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
parent 94f9852d
...@@ -197,7 +197,7 @@ size_t copy_to_user_pt(size_t n, void __user *to, const void *from) ...@@ -197,7 +197,7 @@ size_t copy_to_user_pt(size_t n, void __user *to, const void *from)
static size_t clear_user_pt(size_t n, void __user *to) static size_t clear_user_pt(size_t n, void __user *to)
{ {
void *zpage = &empty_zero_page; void *zpage = (void *) empty_zero_page;
long done, size, ret; long done, size, ret;
done = 0; done = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment