From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Mark Young <MYoung@nvidia.com>,
Matt Craighead <mcraighead@nvidia.com>,
Bruce Fields <bfields@fieldses.org>,
Trond Myklebust <Trond.Myklebust@netapp.com>
Subject: [ 09/14] SUNRPC: Fix memory corruption issue on 32-bit highmem systems
Date: Thu, 5 Sep 2013 13:28:20 -0700 [thread overview]
Message-ID: <20130905202615.503113715@linuxfoundation.org> (raw)
In-Reply-To: <20130905202614.354156084@linuxfoundation.org>
3.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust <Trond.Myklebust@netapp.com>
commit 347e2233b7667e336d9f671f1a52dfa3f0416e2c upstream.
Some architectures, such as ARM-32 do not return the same base address
when you call kmap_atomic() twice on the same page.
This causes problems for the memmove() call in the XDR helper routine
"_shift_data_right_pages()", since it defeats the detection of
overlapping memory ranges, and has been seen to corrupt memory.
The fix is to distinguish between the case where we're doing an
inter-page copy or not. In the former case of we know that the memory
ranges cannot possibly overlap, so we can additionally micro-optimise
by replacing memmove() with memcpy().
Reported-by: Mark Young <MYoung@nvidia.com>
Reported-by: Matt Craighead <mcraighead@nvidia.com>
Cc: Bruce Fields <bfields@fieldses.org>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Tested-by: Matt Craighead <mcraighead@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/xdr.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -233,10 +233,13 @@ _shift_data_right_pages(struct page **pa
pgfrom_base -= copy;
vto = kmap_atomic(*pgto);
- vfrom = kmap_atomic(*pgfrom);
- memmove(vto + pgto_base, vfrom + pgfrom_base, copy);
+ if (*pgto != *pgfrom) {
+ vfrom = kmap_atomic(*pgfrom);
+ memcpy(vto + pgto_base, vfrom + pgfrom_base, copy);
+ kunmap_atomic(vfrom);
+ } else
+ memmove(vto + pgto_base, vto + pgfrom_base, copy);
flush_dcache_page(*pgto);
- kunmap_atomic(vfrom);
kunmap_atomic(vto);
} while ((len -= copy) != 0);
next prev parent reply other threads:[~2013-09-05 20:28 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-05 20:28 [ 00/14] 3.4.61-stable review Greg Kroah-Hartman
2013-09-05 20:28 ` [ 01/14] jfs: fix readdir cookie incompatibility with NFSv4 Greg Kroah-Hartman
2013-09-05 20:28 ` [ 02/14] ALSA: opti9xx: Fix conflicting driver object name Greg Kroah-Hartman
2013-09-05 20:28 ` [ 03/14] powerpc: Work around gcc miscompilation of __pa() on 64-bit Greg Kroah-Hartman
2013-09-05 20:28 ` [ 04/14] powerpc/hvsi: Increase handshake timeout from 200ms to 400ms Greg Kroah-Hartman
2013-09-05 20:28 ` [ 05/14] regmap: silence GCC warning Greg Kroah-Hartman
2013-09-05 20:28 ` [ 06/14] drivers/base/memory.c: fix show_mem_removable() to handle missing sections Greg Kroah-Hartman
2013-09-05 20:28 ` [ 07/14] drm/vmwgfx: Split GMR2_REMAP commands if they are to large Greg Kroah-Hartman
2013-09-05 20:28 ` [ 08/14] drm/i915: ivb: fix edp voltage swing reg val Greg Kroah-Hartman
2013-09-05 20:28 ` Greg Kroah-Hartman [this message]
2013-09-05 20:28 ` [ 10/14] ath9k_htc: Restore skb headroom when returning skb to mac80211 Greg Kroah-Hartman
2013-09-05 20:28 ` [ 11/14] iwl4965: fix rfkill set state regression Greg Kroah-Hartman
2013-09-05 20:28 ` [ 12/14] ACPI / EC: Add ASUSTEK L4R to quirk list in order to validate ECDT Greg Kroah-Hartman
2013-09-05 20:28 ` [ 13/14] target: Fix trailing ASCII space usage in INQUIRY vendor+model Greg Kroah-Hartman
2013-09-05 20:28 ` [ 14/14] SCSI: sg: Fix user memory corruption when SG_IO is interrupted by a signal Greg Kroah-Hartman
2013-09-05 22:56 ` [ 00/14] 3.4.61-stable review Guenter Roeck
2013-09-06 16:39 ` Greg Kroah-Hartman
2013-09-06 17:58 ` Guenter Roeck
2013-09-06 17:47 ` Shuah Khan
2013-09-06 18:46 ` Greg Kroah-Hartman
2013-09-06 22:23 ` Shuah Khan
2013-09-06 23:11 ` Greg Kroah-Hartman
2013-09-06 23:24 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130905202615.503113715@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=MYoung@nvidia.com \
--cc=Trond.Myklebust@netapp.com \
--cc=bfields@fieldses.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcraighead@nvidia.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).