Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit daeba89d authored by Trond Myklebust's avatar Trond Myklebust
Browse files

SUNRPC: don't call flush_dcache_page() with an invalid pointer 



Fix a problem in _copy_to_pages(), whereby it may call flush_dcache_page()
with an invalid pointer due to the fact that 'pgto' gets incremented
beyond the end of the page array. Fix is to exit the loop without this
unnecessary increment of pgto.

Signed-off-by: default avatarTrond Myklebust <Trond.Myklebust@netapp.com>
parent 7180c4c9

net/sunrpc/xdr.c

+6 −3
Original line number Diff line number Diff line
@@ -244,7 +244,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len) 
	pgto = pages + (pgbase >> PAGE_CACHE_SHIFT);

	pgbase &= ~PAGE_CACHE_MASK;



	do {

	for (;;) {

		copy = PAGE_CACHE_SIZE - pgbase;

		if (copy > len)

			copy = len;
@@ -253,6 +253,10 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len) 
		memcpy(vto + pgbase, p, copy);

		kunmap_atomic(vto, KM_USER0);



		len -= copy;

		if (len == 0)

			break;



		pgbase += copy;

		if (pgbase == PAGE_CACHE_SIZE) {

			flush_dcache_page(*pgto);
@@ -260,8 +264,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len) 
			pgto++;

		}

		p += copy;



	} while ((len -= copy) != 0);

	}

	flush_dcache_page(*pgto);

}