diff options
author | Ralf Baechle <ralf@linux-mips.org> | 2007-10-15 11:30:24 -0400 |
---|---|---|
committer | Ralf Baechle <ralf@linux-mips.org> | 2007-10-16 13:23:49 -0400 |
commit | 985c30ef4d7c2a4f0e979a507a7e2f7f09b096c3 (patch) | |
tree | 8f5a447adaa49b6efb7485e8b69b2743eca3ee4b | |
parent | 736fad17b89e5e718908abb76ae9bce210a9d5d4 (diff) |
[MIPS] Fix aliasing bug in copy_user_highpage, take 2.
Turns out b868868ae0f7272228c95cc760338ffe35bb739d wasn't quite right.
When called for a page that isn't marked dirty it would artificially
create an alias instead of doing the obvious thing and access the page
via KSEG0.
The same issue also exists in copy_to_user_page and copy_from_user_page
which was causing the machine to die under rare circumstances for example
when running ps if the BUG_ON() assertion added by the earlier fix was
getting triggered.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-rw-r--r-- | arch/mips/mm/init.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/arch/mips/mm/init.c b/arch/mips/mm/init.c index 5240432e6d1d..110ee7656b41 100644 --- a/arch/mips/mm/init.c +++ b/arch/mips/mm/init.c | |||
@@ -211,7 +211,7 @@ void copy_user_highpage(struct page *to, struct page *from, | |||
211 | void *vfrom, *vto; | 211 | void *vfrom, *vto; |
212 | 212 | ||
213 | vto = kmap_atomic(to, KM_USER1); | 213 | vto = kmap_atomic(to, KM_USER1); |
214 | if (cpu_has_dc_aliases && !Page_dcache_dirty(from)) { | 214 | if (cpu_has_dc_aliases && page_mapped(from)) { |
215 | vfrom = kmap_coherent(from, vaddr); | 215 | vfrom = kmap_coherent(from, vaddr); |
216 | copy_page(vto, vfrom); | 216 | copy_page(vto, vfrom); |
217 | kunmap_coherent(); | 217 | kunmap_coherent(); |
@@ -234,12 +234,15 @@ void copy_to_user_page(struct vm_area_struct *vma, | |||
234 | struct page *page, unsigned long vaddr, void *dst, const void *src, | 234 | struct page *page, unsigned long vaddr, void *dst, const void *src, |
235 | unsigned long len) | 235 | unsigned long len) |
236 | { | 236 | { |
237 | if (cpu_has_dc_aliases) { | 237 | if (cpu_has_dc_aliases && page_mapped(page)) { |
238 | void *vto = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK); | 238 | void *vto = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK); |
239 | memcpy(vto, src, len); | 239 | memcpy(vto, src, len); |
240 | kunmap_coherent(); | 240 | kunmap_coherent(); |
241 | } else | 241 | } else { |
242 | memcpy(dst, src, len); | 242 | memcpy(dst, src, len); |
243 | if (cpu_has_dc_aliases) | ||
244 | SetPageDcacheDirty(page); | ||
245 | } | ||
243 | if ((vma->vm_flags & VM_EXEC) && !cpu_has_ic_fills_f_dc) | 246 | if ((vma->vm_flags & VM_EXEC) && !cpu_has_ic_fills_f_dc) |
244 | flush_cache_page(vma, vaddr, page_to_pfn(page)); | 247 | flush_cache_page(vma, vaddr, page_to_pfn(page)); |
245 | } | 248 | } |
@@ -250,13 +253,15 @@ void copy_from_user_page(struct vm_area_struct *vma, | |||
250 | struct page *page, unsigned long vaddr, void *dst, const void *src, | 253 | struct page *page, unsigned long vaddr, void *dst, const void *src, |
251 | unsigned long len) | 254 | unsigned long len) |
252 | { | 255 | { |
253 | if (cpu_has_dc_aliases) { | 256 | if (cpu_has_dc_aliases && page_mapped(page)) { |
254 | void *vfrom = | 257 | void *vfrom = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK); |
255 | kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK); | ||
256 | memcpy(dst, vfrom, len); | 258 | memcpy(dst, vfrom, len); |
257 | kunmap_coherent(); | 259 | kunmap_coherent(); |
258 | } else | 260 | } else { |
259 | memcpy(dst, src, len); | 261 | memcpy(dst, src, len); |
262 | if (cpu_has_dc_aliases) | ||
263 | SetPageDcacheDirty(page); | ||
264 | } | ||
260 | } | 265 | } |
261 | 266 | ||
262 | EXPORT_SYMBOL(copy_from_user_page); | 267 | EXPORT_SYMBOL(copy_from_user_page); |