Li RongQing <[email protected]> writes: > If offset is not zero and length is bigger than PAGE_SIZE, > this will cause to out of boundary access to a page memory
Agreed, though I don't think this can be triggered in practice. > Fixes: 98cc093cba1e "(block, THP: make block_device_operations.rw_page > support THP)" > Co-developed-by: Liang ZhiCheng <[email protected]> > Signed-off-by: Liang ZhiCheng <[email protected]> > Signed-off-by: Li RongQing <[email protected]> Reviewed-by: Jeff Moyer <[email protected]> > --- > drivers/nvdimm/pmem.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/nvdimm/pmem.c b/drivers/nvdimm/pmem.c > index bc2f700feef8..0279eb1da3ef 100644 > --- a/drivers/nvdimm/pmem.c > +++ b/drivers/nvdimm/pmem.c > @@ -113,13 +113,13 @@ static void write_pmem(void *pmem_addr, struct page > *page, > > while (len) { > mem = kmap_atomic(page); > - chunk = min_t(unsigned int, len, PAGE_SIZE); > + chunk = min_t(unsigned int, len, PAGE_SIZE - off); > memcpy_flushcache(pmem_addr, mem + off, chunk); > kunmap_atomic(mem); > len -= chunk; > off = 0; > page++; > - pmem_addr += PAGE_SIZE; > + pmem_addr += chunk; > } > } > > @@ -132,7 +132,7 @@ static blk_status_t read_pmem(struct page *page, unsigned > int off, > > while (len) { > mem = kmap_atomic(page); > - chunk = min_t(unsigned int, len, PAGE_SIZE); > + chunk = min_t(unsigned int, len, PAGE_SIZE - off); > rem = memcpy_mcsafe(mem + off, pmem_addr, chunk); > kunmap_atomic(mem); > if (rem) > @@ -140,7 +140,7 @@ static blk_status_t read_pmem(struct page *page, unsigned > int off, > len -= chunk; > off = 0; > page++; > - pmem_addr += PAGE_SIZE; > + pmem_addr += chunk; > } > return BLK_STS_OK; > } _______________________________________________ Linux-nvdimm mailing list [email protected] https://lists.01.org/mailman/listinfo/linux-nvdimm
