[ 09/14] SUNRPC: Fix memory corruption issue on 32-bit highmem systems

From: Greg Kroah-Hartman
Date: Thu Sep 05 2013 - 16:33:16 EST

Next message: Greg Kroah-Hartman: "[ 01/14] jfs: fix readdir cookie incompatibility with NFSv4"
Previous message: Greg Kroah-Hartman: "[ 10/14] ath9k_htc: Restore skb headroom when returning skb to mac80211"
In reply to: Greg Kroah-Hartman: "[ 10/14] ath9k_htc: Restore skb headroom when returning skb to mac80211"
Next in thread: Greg Kroah-Hartman: "[ 01/14] jfs: fix readdir cookie incompatibility with NFSv4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>

commit 347e2233b7667e336d9f671f1a52dfa3f0416e2c upstream.

Some architectures, such as ARM-32 do not return the same base address
when you call kmap_atomic() twice on the same page.
This causes problems for the memmove() call in the XDR helper routine
"_shift_data_right_pages()", since it defeats the detection of
overlapping memory ranges, and has been seen to corrupt memory.

The fix is to distinguish between the case where we're doing an
inter-page copy or not. In the former case of we know that the memory
ranges cannot possibly overlap, so we can additionally micro-optimise
by replacing memmove() with memcpy().

Reported-by: Mark Young <MYoung@xxxxxxxxxx>
Reported-by: Matt Craighead <mcraighead@xxxxxxxxxx>
Cc: Bruce Fields <bfields@xxxxxxxxxxxx>
Signed-off-by: Trond Myklebust <Trond.Myklebust@xxxxxxxxxx>
Tested-by: Matt Craighead <mcraighead@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
net/sunrpc/xdr.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -233,10 +233,13 @@ _shift_data_right_pages(struct page **pa
pgfrom_base -= copy;

vto = kmap_atomic(*pgto);
- vfrom = kmap_atomic(*pgfrom);
- memmove(vto + pgto_base, vfrom + pgfrom_base, copy);
+ if (*pgto != *pgfrom) {
+ vfrom = kmap_atomic(*pgfrom);
+ memcpy(vto + pgto_base, vfrom + pgfrom_base, copy);
+ kunmap_atomic(vfrom);
+ } else
+ memmove(vto + pgto_base, vto + pgfrom_base, copy);
flush_dcache_page(*pgto);
- kunmap_atomic(vfrom);
kunmap_atomic(vto);

} while ((len -= copy) != 0);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg Kroah-Hartman: "[ 01/14] jfs: fix readdir cookie incompatibility with NFSv4"
Previous message: Greg Kroah-Hartman: "[ 10/14] ath9k_htc: Restore skb headroom when returning skb to mac80211"
In reply to: Greg Kroah-Hartman: "[ 10/14] ath9k_htc: Restore skb headroom when returning skb to mac80211"
Next in thread: Greg Kroah-Hartman: "[ 01/14] jfs: fix readdir cookie incompatibility with NFSv4"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]