SUNRPC: don't call flush_dcache_page() with an invalid pointer
Fix a problem in _copy_to_pages(), whereby it may call flush_dcache_page()
with an invalid pointer due to the fact that 'pgto' gets incremented
beyond the end of the page array. Fix is to exit the loop without this
unnecessary increment of pgto.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
diff --git a/net/sunrpc/xdr.c b/net/sunrpc/xdr.c
index 995c3fd..79a55d5 100644
--- a/net/sunrpc/xdr.c
+++ b/net/sunrpc/xdr.c
@@ -244,7 +244,7 @@
pgto = pages + (pgbase >> PAGE_CACHE_SHIFT);
pgbase &= ~PAGE_CACHE_MASK;
- do {
+ for (;;) {
copy = PAGE_CACHE_SIZE - pgbase;
if (copy > len)
copy = len;
@@ -253,6 +253,10 @@
memcpy(vto + pgbase, p, copy);
kunmap_atomic(vto, KM_USER0);
+ len -= copy;
+ if (len == 0)
+ break;
+
pgbase += copy;
if (pgbase == PAGE_CACHE_SIZE) {
flush_dcache_page(*pgto);
@@ -260,8 +264,7 @@
pgto++;
}
p += copy;
-
- } while ((len -= copy) != 0);
+ }
flush_dcache_page(*pgto);
}