SUNRPC: Fix memory corruption issue on 32-bit highmem systems

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Some architectures, such as ARM-32 do not return the same base address
when you call kmap_atomic() twice on the same page.
This causes problems for the memmove() call in the XDR helper routine
"_shift_data_right_pages()", since it defeats the detection of
overlapping memory ranges, and has been seen to corrupt memory.

The fix is to distinguish between the case where we're doing an
inter-page copy or not. In the former case of we know that the memory
ranges cannot possibly overlap, so we can additionally micro-optimise
by replacing memmove() with memcpy().

Reported-by: Mark Young <MYoung@nvidia.com>
Reported-by: Matt Craighead <mcraighead@nvidia.com>
Cc: Bruce Fields <bfields@fieldses.org>
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: Matt Craighead <mcraighead@nvidia.com>

Trond Myklebust 12 years ago 347e2233 fa8218de

+6 -3

1 changed file

expand all

net

sunrpc

xdr.c

+6 -3

net/sunrpc/xdr.c

··· 207 207 pgfrom_base -= copy; 208 208 209 209 vto = kmap_atomic(*pgto); 210 - vfrom = kmap_atomic(*pgfrom); 211 - memmove(vto + pgto_base, vfrom + pgfrom_base, copy); 210 + if (*pgto != *pgfrom) { 211 + vfrom = kmap_atomic(*pgfrom); 212 + memcpy(vto + pgto_base, vfrom + pgfrom_base, copy); 213 + kunmap_atomic(vfrom); 214 + } else 215 + memmove(vto + pgto_base, vto + pgfrom_base, copy); 212 216 flush_dcache_page(*pgto); 213 - kunmap_atomic(vfrom); 214 217 kunmap_atomic(vto); 215 218 216 219 } while ((len -= copy) != 0);