Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit daeba89d43af0fa469d38a4ccdc32fff8ca17c2e

Authored by Trond Myklebust
1 parent 7180c4c9e0
Exists in master and in 39 other branches 8mp-imx_5.4.70_2.3.0, 8qm-imx_5.4.70_2.3.0, emb_imx_lf-5.15.y, emb_lf-6.1.y, imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, imx_4.1.15_1.0.0_ga, pitx_8mp_lf-5.10.y, rt-smarc-imx_4.1.15_1.0.0_ga, rt_linux_5.15.71, smarc-8m-android-11.0.0_2.0.0, smarc-imx6_4.14.98_2.0.0_ga, smarc-imx6_4.9.88_2.0.0_ga, smarc-imx7_4.14.98_2.0.0_ga, smarc-imx7_4.9.11_1.0.0_ga, smarc-imx7_4.9.88_2.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-imx_4.1.15_1.0.0_ga, smarc-imx_4.9.11_1.0.0_ga, smarc-imx_4.9.51_imx8m_ga, smarc-imx_4.9.88_2.0.0_ga, smarc-m6.0.1_2.1.0-ga, smarc-n7.1.2_2.0.0-ga, smarc-rel_imx_4.1.15_1.2.0_ga, smarc_8m_00d0_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.14.78_1.0.0_ga, smarc_8m_imx_4.14.98_2.0.0_ga, smarc_8m_imx_4.19.35_1.1.0, smarc_8mm_imx_4.14.78_1.0.0_ga, smarc_8mm_imx_4.14.98_2.0.0_ga, smarc_8mm_imx_4.19.35_1.1.0, smarc_8mm_imx_5.4.24_2.1.0, smarc_8mp_lf-5.10.y, smarc_8mq_imx_5.4.24_2.1.0, smarc_8mq_lf-5.10.y, smarc_imx_lf-5.15.y

SUNRPC: don't call flush_dcache_page() with an invalid pointer 

Fix a problem in _copy_to_pages(), whereby it may call flush_dcache_page()
with an invalid pointer due to the fact that 'pgto' gets incremented
beyond the end of the page array. Fix is to exit the loop without this
unnecessary increment of pgto.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>

Showing 1 changed file with 6 additions and 3 deletions Side-by-side Diff

... ... @@ -244,7 +244,7 @@
244 244 pgto = pages + (pgbase >> PAGE_CACHE_SHIFT);
245 245 pgbase &= ~PAGE_CACHE_MASK;
246 246  
247   - do {
  247 + for (;;) {
248 248 copy = PAGE_CACHE_SIZE - pgbase;
249 249 if (copy > len)
250 250 copy = len;
... ... @@ -253,6 +253,10 @@
253 253 memcpy(vto + pgbase, p, copy);
254 254 kunmap_atomic(vto, KM_USER0);
255 255  
  256 + len -= copy;
  257 + if (len == 0)
  258 + break;
  259 +
256 260 pgbase += copy;
257 261 if (pgbase == PAGE_CACHE_SIZE) {
258 262 flush_dcache_page(*pgto);
... ... @@ -260,8 +264,7 @@
260 264 pgto++;
261 265 }
262 266 p += copy;
263   -
264   - } while ((len -= copy) != 0);
  267 + }
265 268 flush_dcache_page(*pgto);
266 269 }
267 270