[PATCH] x86: __memcpy_flushcache: fix wrong alignment if size > 2^32

From: Mikulas Patocka
Date: Fri Apr 17 2020 - 08:21:36 EST

Next message: Peter Zijlstra: "Re: Re: Re: [RFC] autonuma: Support to scan page table asynchronously"
Previous message: Takashi Iwai: "[GIT PULL] sound fixes for 5.7-rc2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The statement "min_t(unsigned, size, ALIGN(dest, 8) - dest);" casts both
arguments to unsigned int and selects the smaller one. However, if the
size is larger than 2^32, the truncation returns incorrect result.

For example:
size == 0x100000001, dest == 0x200000002
min_t(unsigned, size, ALIGN(dest, 8) - dest) == min_t(0x1, 0xe) == 0x1;
...
dest += 0x1;
so we copy just one byte and dest remains unaligned.

This patch fixes the bug by replacing unsigned with size_t.

Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>

---
arch/x86/lib/usercopy_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Index: linux-2.6/arch/x86/lib/usercopy_64.c
===================================================================
--- linux-2.6.orig/arch/x86/lib/usercopy_64.c 2020-04-17 14:06:32.039999000 +0200
+++ linux-2.6/arch/x86/lib/usercopy_64.c 2020-04-17 14:06:32.039999000 +0200
@@ -141,7 +141,7 @@ void __memcpy_flushcache(void *_dst, con

/* cache copy and flush to align dest */
if (!IS_ALIGNED(dest, 8)) {
- unsigned len = min_t(unsigned, size, ALIGN(dest, 8) - dest);
+ size_t len = min_t(size_t, size, ALIGN(dest, 8) - dest);

memcpy((void *) dest, (void *) source, len);
clean_cache_range((void *) dest, len);

Next message: Peter Zijlstra: "Re: Re: Re: [RFC] autonuma: Support to scan page table asynchronously"
Previous message: Takashi Iwai: "[GIT PULL] sound fixes for 5.7-rc2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]