mm: Make copy_from_user() in migrate.c statically predictable
x86-32 has had a static test for copy_on_user() overflow for a while.
This test currently fails in mm/migrate.c resulting in an
allyesconfig/allmodconfig build failure on x86-32:
In function ‘copy_from_user’,
inlined from ‘do_pages_stat’ at
/home/hpa/kernel/git/mm/migrate.c:1012:
/home/hpa/kernel/git/arch/x86/include/asm/uaccess_32.h:212: error:
call to ‘copy_from_user_overflow’ declared
Make the logic more explicit and therefore easier for gcc to
understand.
v2: rewrite the loop entirely using a more normal structure for a
chunked-data loop (Linus Torvalds)
Reported-by: Len Brown <lenb@kernel.org>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Reviewed-and-Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Arjan van de Ven <arjan@linux.kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
H. Peter Anvin
Linus Torvalds
Родитель
aea187c46f
Коммит
87b8d1adef
36
mm/migrate.c
36
mm/migrate.c
|
|
@ -1002,33 +1002,27 @@ static int do_pages_stat(struct mm_struct *mm, unsigned long nr_pages,
|
||||||
#define DO_PAGES_STAT_CHUNK_NR 16
|
#define DO_PAGES_STAT_CHUNK_NR 16
|
||||||
const void __user *chunk_pages[DO_PAGES_STAT_CHUNK_NR];
|
const void __user *chunk_pages[DO_PAGES_STAT_CHUNK_NR];
|
||||||
int chunk_status[DO_PAGES_STAT_CHUNK_NR];
|
int chunk_status[DO_PAGES_STAT_CHUNK_NR];
|
||||||
unsigned long i, chunk_nr = DO_PAGES_STAT_CHUNK_NR;
|
|
||||||
int err;
|
|
||||||
|
|
||||||
for (i = 0; i < nr_pages; i += chunk_nr) {
|
while (nr_pages) {
|
||||||
if (chunk_nr > nr_pages - i)
|
unsigned long chunk_nr;
|
||||||
chunk_nr = nr_pages - i;
|
|
||||||
|
|
||||||
err = copy_from_user(chunk_pages, &pages[i],
|
chunk_nr = nr_pages;
|
||||||
chunk_nr * sizeof(*chunk_pages));
|
if (chunk_nr > DO_PAGES_STAT_CHUNK_NR)
|
||||||
if (err) {
|
chunk_nr = DO_PAGES_STAT_CHUNK_NR;
|
||||||
err = -EFAULT;
|
|
||||||
goto out;
|
if (copy_from_user(chunk_pages, pages, chunk_nr * sizeof(*chunk_pages)))
|
||||||
}
|
break;
|
||||||
|
|
||||||
do_pages_stat_array(mm, chunk_nr, chunk_pages, chunk_status);
|
do_pages_stat_array(mm, chunk_nr, chunk_pages, chunk_status);
|
||||||
|
|
||||||
err = copy_to_user(&status[i], chunk_status,
|
if (copy_to_user(status, chunk_status, chunk_nr * sizeof(*status)))
|
||||||
chunk_nr * sizeof(*chunk_status));
|
break;
|
||||||
if (err) {
|
|
||||||
err = -EFAULT;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
err = 0;
|
|
||||||
|
|
||||||
out:
|
pages += chunk_nr;
|
||||||
return err;
|
status += chunk_nr;
|
||||||
|
nr_pages -= chunk_nr;
|
||||||
|
}
|
||||||
|
return nr_pages ? -EFAULT : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче