From: Ralf Baechle Date: Mon, 15 Oct 2007 15:30:24 +0000 (+0100) Subject: [MIPS] Fix aliasing bug in copy_user_highpage, take 2. X-Git-Tag: v2.6.24-rc1~831^2~2 X-Git-Url: http://pilppa.com/gitweb/?a=commitdiff_plain;h=985c30ef4d7c2a4f0e979a507a7e2f7f09b096c3;p=linux-2.6-omap-h63xx.git [MIPS] Fix aliasing bug in copy_user_highpage, take 2. Turns out b868868ae0f7272228c95cc760338ffe35bb739d wasn't quite right. When called for a page that isn't marked dirty it would artificially create an alias instead of doing the obvious thing and access the page via KSEG0. The same issue also exists in copy_to_user_page and copy_from_user_page which was causing the machine to die under rare circumstances for example when running ps if the BUG_ON() assertion added by the earlier fix was getting triggered. Signed-off-by: Ralf Baechle --- diff --git a/arch/mips/mm/init.c b/arch/mips/mm/init.c index 5240432e6d1..110ee7656b4 100644 --- a/arch/mips/mm/init.c +++ b/arch/mips/mm/init.c @@ -211,7 +211,7 @@ void copy_user_highpage(struct page *to, struct page *from, void *vfrom, *vto; vto = kmap_atomic(to, KM_USER1); - if (cpu_has_dc_aliases && !Page_dcache_dirty(from)) { + if (cpu_has_dc_aliases && page_mapped(from)) { vfrom = kmap_coherent(from, vaddr); copy_page(vto, vfrom); kunmap_coherent(); @@ -234,12 +234,15 @@ void copy_to_user_page(struct vm_area_struct *vma, struct page *page, unsigned long vaddr, void *dst, const void *src, unsigned long len) { - if (cpu_has_dc_aliases) { + if (cpu_has_dc_aliases && page_mapped(page)) { void *vto = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK); memcpy(vto, src, len); kunmap_coherent(); - } else + } else { memcpy(dst, src, len); + if (cpu_has_dc_aliases) + SetPageDcacheDirty(page); + } if ((vma->vm_flags & VM_EXEC) && !cpu_has_ic_fills_f_dc) flush_cache_page(vma, vaddr, page_to_pfn(page)); } @@ -250,13 +253,15 @@ void copy_from_user_page(struct vm_area_struct *vma, struct page *page, unsigned long vaddr, void *dst, const void *src, unsigned long len) { - if (cpu_has_dc_aliases) { - void *vfrom = - kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK); + if (cpu_has_dc_aliases && page_mapped(page)) { + void *vfrom = kmap_coherent(page, vaddr) + (vaddr & ~PAGE_MASK); memcpy(dst, vfrom, len); kunmap_coherent(); - } else + } else { memcpy(dst, src, len); + if (cpu_has_dc_aliases) + SetPageDcacheDirty(page); + } } EXPORT_SYMBOL(copy_from_user_page);