diff options
| author | Baoquan He <bhe@redhat.com> | 2025-04-10 06:57:14 +0300 |
|---|---|---|
| committer | Andrew Morton <akpm@linux-foundation.org> | 2025-04-18 06:10:07 +0300 |
| commit | 8c03ebd7cdc06bd0d2fecb4d1a609ef1dbb7d0aa (patch) | |
| tree | b4228d2ab93f5cbb0cd307d6660ae920204ac8af /rust/helpers/blk.c | |
| parent | 86fba6127e197c7d646e8ee771df6026e14211dc (diff) | |
| download | linux-8c03ebd7cdc06bd0d2fecb4d1a609ef1dbb7d0aa.tar.xz | |
mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
Not like fault_in_readable() or fault_in_writeable(), in
fault_in_safe_writeable() local variable 'start' is increased page by page
to loop till the whole address range is handled. However, it mistakenly
calculates the size of the handled range with 'uaddr - start'.
Fix it here.
Andreas said:
: In gfs2, fault_in_iov_iter_writeable() is used in
: gfs2_file_direct_read() and gfs2_file_read_iter(), so this potentially
: affects buffered as well as direct reads. This bug could cause those
: gfs2 functions to spin in a loop.
Link: https://lkml.kernel.org/r/20250410035717.473207-1-bhe@redhat.com
Link: https://lkml.kernel.org/r/20250410035717.473207-2-bhe@redhat.com
Signed-off-by: Baoquan He <bhe@redhat.com>
Fixes: fe673d3f5bf1 ("mm: gup: make fault_in_safe_writeable() use fixup_user_fault()")
Reviewed-by: Oscar Salvador <osalvador@suse.de>
Acked-by: David Hildenbrand <david@redhat.com>
Cc: Andreas Gruenbacher <agruenba@redhat.com>
Cc: Yanjun.Zhu <yanjun.zhu@linux.dev>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Diffstat (limited to 'rust/helpers/blk.c')
0 files changed, 0 insertions, 0 deletions