mm: Make copy_from_user() in migrate.c statically predictable

x86-32 has had a static test for copy_on_user() overflow for a while. This test currently fails in mm/migrate.c resulting in an allyesconfig/allmodconfig build failure on x86-32: In function ‘copy_from_user’, inlined from ‘do_pages_stat’ at /home/hpa/kernel/git/mm/migrate.c:1012: /home/hpa/kernel/git/arch/x86/include/asm/uaccess_32.h:212: error: call to ‘copy_from_user_overflow’ declared Make the logic more explicit and therefore easier for gcc to understand. v2: rewrite the loop entirely using a more normal structure for a chunked-data loop (Linus Torvalds) Reported-by: Len Brown <lenb@kernel.org> Signed-off-by: H. Peter Anvin <hpa@zytor.com> Reviewed-and-Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Arjan van de Ven <arjan@linux.kernel.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: Rik van Riel <riel@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

mm: Make copy_from_user() in migrate.c statically predictable
x86-32 has had a static test for copy_on_user() overflow for a while. This test currently fails in mm/migrate.c resulting in an allyesconfig/allmodconfig build failure on x86-32: In function ‘copy_from_user’, inlined from ‘do_pages_stat’ at /home/hpa/kernel/git/mm/migrate.c:1012: /home/hpa/kernel/git/arch/x86/include/asm/uaccess_32.h:212: error: call to ‘copy_from_user_overflow’ declared Make the logic more explicit and therefore easier for gcc to understand. v2: rewrite the loop entirely using a more normal structure for a chunked-data loop (Linus Torvalds) Reported-by: Len Brown <lenb@kernel.org> Signed-off-by: H. Peter Anvin <hpa@zytor.com> Reviewed-and-Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Arjan van de Ven <arjan@linux.kernel.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk> Cc: Rik van Riel <riel@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
87b8d1ad · H. Peter Anvin · Linus Torvalds · aea187c4 · 87b8d1ad
Commit 87b8d1ad authored Feb 18, 2010 by H. Peter Anvin Committed by Linus Torvalds Feb 21, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 21 deletions

mm/migrate.c mm/migrate.c +15 -21

No files found.
--- a/mm/migrate.c
+++ b/mm/migrate.c
@@ -1002,33 +1002,27 @@ static int do_pages_stat(struct mm_struct *mm, unsigned long nr_pages,
 #define DO_PAGES_STAT_CHUNK_NR 16
 	const void __user *chunk_pages[DO_PAGES_STAT_CHUNK_NR];
 	int chunk_status[DO_PAGES_STAT_CHUNK_NR];
-	unsigned long i, chunk_nr = DO_PAGES_STAT_CHUNK_NR;
-	int err;
-	for (i = 0; i < nr_pages; i += chunk_nr) {
+	while (nr_pages) {
-		if (chunk_nr > nr_pages - i)
+		unsigned long chunk_nr;
-			chunk_nr = nr_pages - i;
-		err = copy_from_user(chunk_pages, &pages[i],
+		chunk_nr = nr_pages;
-				     chunk_nr * sizeof(*chunk_pages));
+		if (chunk_nr > DO_PAGES_STAT_CHUNK_NR)
-		if (err) {
+			chunk_nr = DO_PAGES_STAT_CHUNK_NR;
-			err = -EFAULT;
-			goto out;
+		if (copy_from_user(chunk_pages, pages, chunk_nr * sizeof(*chunk_pages)))
-		}
+			break;
 		do_pages_stat_array(mm, chunk_nr, chunk_pages, chunk_status);
-		err = copy_to_user(&status[i], chunk_status,
+		if (copy_to_user(status, chunk_status, chunk_nr * sizeof(*status)))
-				   chunk_nr * sizeof(*chunk_status));
+			break;
-		if (err) {
-			err = -EFAULT;
-			goto out;
-		}
-	}
-	err = 0;
-out:
+		pages += chunk_nr;
-	return err;
+		status += chunk_nr;
+		nr_pages -= chunk_nr;
+	}
+	return nr_pages ? -EFAULT : 0;
 }
 /*