Commit b868868a authored by Ralf Baechle's avatar Ralf Baechle

[MIPS] Fix aliasing bug in copy_user_highpage.

Copy_user_highpage was written assuming it was only being called for
breaking COW pages in which case the source page isn't cached as in
marked cachable under it kernel virtual address.  If it is called anyway
the aliasing avoidance strategy implemented by kmap_coherent will fail.
Avoid the use of kmap_coherent for pages marked dirty and to avoid
another instance of this sort of bug, place a BUG_ON in kmap_coherent.
Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
parent 01e9943c
...@@ -8,6 +8,7 @@ ...@@ -8,6 +8,7 @@
* Kevin D. Kissell, kevink@mips.com and Carsten Langgaard, carstenl@mips.com * Kevin D. Kissell, kevink@mips.com and Carsten Langgaard, carstenl@mips.com
* Copyright (C) 2000 MIPS Technologies, Inc. All rights reserved. * Copyright (C) 2000 MIPS Technologies, Inc. All rights reserved.
*/ */
#include <linux/bug.h>
#include <linux/init.h> #include <linux/init.h>
#include <linux/module.h> #include <linux/module.h>
#include <linux/signal.h> #include <linux/signal.h>
...@@ -132,6 +133,8 @@ void *kmap_coherent(struct page *page, unsigned long addr) ...@@ -132,6 +133,8 @@ void *kmap_coherent(struct page *page, unsigned long addr)
pte_t pte; pte_t pte;
int tlbidx; int tlbidx;
BUG_ON(Page_dcache_dirty(page));
inc_preempt_count(); inc_preempt_count();
idx = (addr >> PAGE_SHIFT) & (FIX_N_COLOURS - 1); idx = (addr >> PAGE_SHIFT) & (FIX_N_COLOURS - 1);
#ifdef CONFIG_MIPS_MT_SMTC #ifdef CONFIG_MIPS_MT_SMTC
...@@ -208,7 +211,7 @@ void copy_user_highpage(struct page *to, struct page *from, ...@@ -208,7 +211,7 @@ void copy_user_highpage(struct page *to, struct page *from,
void *vfrom, *vto; void *vfrom, *vto;
vto = kmap_atomic(to, KM_USER1); vto = kmap_atomic(to, KM_USER1);
if (cpu_has_dc_aliases) { if (cpu_has_dc_aliases && !Page_dcache_dirty(from)) {
vfrom = kmap_coherent(from, vaddr); vfrom = kmap_coherent(from, vaddr);
copy_page(vto, vfrom); copy_page(vto, vfrom);
kunmap_coherent(); kunmap_coherent();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment