[PATCH 05/28] sunrpc: don't call flush_dcache_page() with NULL page pointer
Kevin Coffman
kwc at citi.umich.edu
Mon Mar 31 18:08:59 EDT 2008
On Mon, Mar 31, 2008 at 5:05 PM, Trond Myklebust
<trond.myklebust at fys.uio.no> wrote:
>
> How about something like the following instead?
>
> Cheers
> Trond
> ------------------------------------------------
> From: Trond Myklebust <Trond.Myklebust at netapp.com>
> Date: Mon, 31 Mar 2008 17:02:02 -0400
> SUNRPC: don't call flush_dcache_page() with an invalid pointer
>
> Fix a problem in _copy_to_pages(), whereby it may call flush_dcache_page()
> with an invalid pointer due to the fact that 'pgto' gets incremented
> beyond the end of the page array. Fix is to exit the loop without this
> unnecessary increment of pgto.
>
> Signed-off-by: Trond Myklebust <Trond.Myklebust at netapp.com>
> ---
>
> net/sunrpc/xdr.c | 9 ++++++---
>
> 1 files changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
> index 995c3fd..79a55d5 100644
>
> --- a/net/sunrpc/xdr.c
> +++ b/net/sunrpc/xdr.c
> @@ -244,7 +244,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
> pgto = pages + (pgbase >> PAGE_CACHE_SHIFT);
> pgbase &= ~PAGE_CACHE_MASK;
>
> - do {
> + for (;;) {
> copy = PAGE_CACHE_SIZE - pgbase;
> if (copy > len)
> copy = len;
> @@ -253,6 +253,10 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
> memcpy(vto + pgbase, p, copy);
> kunmap_atomic(vto, KM_USER0);
>
> + len -= copy;
> + if (len == 0)
> + break;
> +
> pgbase += copy;
> if (pgbase == PAGE_CACHE_SIZE) {
> flush_dcache_page(*pgto);
> @@ -260,8 +264,7 @@ _copy_to_pages(struct page **pages, size_t pgbase, const char *p, size_t len)
> pgto++;
>
>
> }
> p += copy;
> -
> - } while ((len -= copy) != 0);
> + }
> flush_dcache_page(*pgto);
> }
Thanks! I'll test...
More information about the NFSv4
mailing list