[248/251] SUNRPC: Fix memory corruption issue on 32-bit highmem systems

Tue, 10 Sep 2013 22:22:04 -0700 

3.6.11.9-rc1 stable review patch.
If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <trond.mykleb...@netapp.com>

[ Upstream commit 347e2233b7667e336d9f671f1a52dfa3f0416e2c ]

Some architectures, such as ARM-32 do not return the same base address
when you call kmap_atomic() twice on the same page.
This causes problems for the memmove() call in the XDR helper routine
"_shift_data_right_pages()", since it defeats the detection of
overlapping memory ranges, and has been seen to corrupt memory.

The fix is to distinguish between the case where we're doing an
inter-page copy or not. In the former case of we know that the memory
ranges cannot possibly overlap, so we can additionally micro-optimise
by replacing memmove() with memcpy().

Reported-by: Mark Young <myo...@nvidia.com>
Reported-by: Matt Craighead <mcraigh...@nvidia.com>
Cc: Bruce Fields <bfie...@fieldses.org>
Cc: sta...@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.mykleb...@netapp.com>
Tested-by: Matt Craighead <mcraigh...@nvidia.com>
Signed-off-by: Steven Rostedt <rost...@goodmis.org>
---
 net/sunrpc/xdr.c |    9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 0afba1b..7e99acd 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -207,10 +207,13 @@ _shift_data_right_pages(struct page **pages, size_t 
pgto_base,
                pgfrom_base -= copy;
 
                vto = kmap_atomic(*pgto);
-               vfrom = kmap_atomic(*pgfrom);
-               memmove(vto + pgto_base, vfrom + pgfrom_base, copy);
+               if (*pgto != *pgfrom) {
+                       vfrom = kmap_atomic(*pgfrom);
+                       memcpy(vto + pgto_base, vfrom + pgfrom_base, copy);
+                       kunmap_atomic(vfrom);
+               } else
+                       memmove(vto + pgto_base, vto + pgfrom_base, copy);
                flush_dcache_page(*pgto);
-               kunmap_atomic(vfrom);
                kunmap_atomic(vto);
 
        } while ((len -= copy) != 0);
-- 
1.7.10.4


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to