diff options
| author | Baoquan He <[email protected]> | 2025-04-10 03:57:14 +0000 |
|---|---|---|
| committer | Andrew Morton <[email protected]> | 2025-04-18 03:10:07 +0000 |
| commit | 8c03ebd7cdc06bd0d2fecb4d1a609ef1dbb7d0aa (patch) | |
| tree | b4228d2ab93f5cbb0cd307d6660ae920204ac8af /rust/helpers/platform.c | |
| parent | MAINTAINERS: add memory advice section (diff) | |
| download | kernel-8c03ebd7cdc06bd0d2fecb4d1a609ef1dbb7d0aa.tar.gz kernel-8c03ebd7cdc06bd0d2fecb4d1a609ef1dbb7d0aa.zip | |
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
Not like fault_in_readable() or fault_in_writeable(), in
fault_in_safe_writeable() local variable 'start' is increased page by page
to loop till the whole address range is handled. However, it mistakenly
calculates the size of the handled range with 'uaddr - start'.
Fix it here.
Andreas said:
: In gfs2, fault_in_iov_iter_writeable() is used in
: gfs2_file_direct_read() and gfs2_file_read_iter(), so this potentially
: affects buffered as well as direct reads. This bug could cause those
: gfs2 functions to spin in a loop.
Link: https://lkml.kernel.org/r/[email protected]
Link: https://lkml.kernel.org/r/[email protected]
Signed-off-by: Baoquan He <[email protected]>
Fixes: fe673d3f5bf1 ("mm: gup: make fault_in_safe_writeable() use fixup_user_fault()")
Reviewed-by: Oscar Salvador <[email protected]>
Acked-by: David Hildenbrand <[email protected]>
Cc: Andreas Gruenbacher <[email protected]>
Cc: Yanjun.Zhu <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Diffstat (limited to 'rust/helpers/platform.c')
0 files changed, 0 insertions, 0 deletions