On Fri, 19 Oct 2012 14:03:32 +0100
Will Deacon <will.dea...@arm.com> wrote:
> When using a virtio transport, the 9p net device may pass the physical
> address of a kernel buffer to userspace via a scatterlist inside a
> virtqueue. If the kernel buffer is mapped outside of the linear mapping
> (e.g. highmem), then virt_to_page will return a bogus value and we will
> populate the scatterlist with junk.
>
> This patch uses kmap_to_page when populating the page array for a kernel
> buffer.
>
> ...
>
> --- a/net/9p/trans_virtio.c
> +++ b/net/9p/trans_virtio.c
> @@ -39,6 +39,7 @@
> #include <linux/inet.h>
> #include <linux/idr.h>
> #include <linux/file.h>
> +#include <linux/highmem.h>
> #include <linux/slab.h>
> #include <net/9p/9p.h>
> #include <linux/parser.h>
> @@ -325,7 +326,7 @@ static int p9_get_mapped_pages(struct virtio_chan *chan,
> int count = nr_pages;
> while (nr_pages) {
> s = rest_of_page(data);
> - pages[index++] = virt_to_page(data);
> + pages[index++] = kmap_to_page(data);
> data += s;
> nr_pages--;
I am suspecting that this code has been busted for a while on x86
highmem, but nobody noticed. True or false? If "true" then I expect
that a -stable backport is appropriate?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
