diff options
author | Alexander Gordeev | 2022-01-29 09:24:50 +0100 |
---|---|---|
committer | Vasily Gorbik | 2022-02-09 22:56:04 +0100 |
commit | 303fd988ed644c7daa260410f3ac99266573557d (patch) | |
tree | e93519a8541e4300b55f52a3c320beac2f7214a6 /arch/s390/mm | |
parent | dc306186a130c6d9feb0aabc1c71b8ed1674a3bf (diff) |
s390/maccess: fix semantics of memcpy_real() and its callers
There is a confusion with regard to the source address of
memcpy_real() and calling functions. While the declared
type for a source assumes a virtual address, in fact it
always called with physical address of the source.
This confusion led to bugs in copy_oldmem_kernel() and
copy_oldmem_user() functions, where __pa() macro applied
mistakenly to physical addresses. It does not lead to a
real issue, since virtual and physical addresses are
currently the same.
Fix both the bugs and memcpy_real() prototype by making
type of source address consistent to the function name
and the way it actually used.
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Diffstat (limited to 'arch/s390/mm')
-rw-r--r-- | arch/s390/mm/maccess.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/s390/mm/maccess.c b/arch/s390/mm/maccess.c index d4d311cb2bb5..4cc5020f4e18 100644 --- a/arch/s390/mm/maccess.c +++ b/arch/s390/mm/maccess.c @@ -121,7 +121,7 @@ static unsigned long __no_sanitize_address _memcpy_real(unsigned long dest, /* * Copy memory in real mode (kernel to kernel) */ -int memcpy_real(void *dest, void *src, size_t count) +int memcpy_real(void *dest, unsigned long src, size_t count) { unsigned long _dest = (unsigned long)dest; unsigned long _src = (unsigned long)src; @@ -173,7 +173,7 @@ void memcpy_absolute(void *dest, void *src, size_t count) /* * Copy memory from kernel (real) to user (virtual) */ -int copy_to_user_real(void __user *dest, void *src, unsigned long count) +int copy_to_user_real(void __user *dest, unsigned long src, unsigned long count) { int offs = 0, size, rc; char *buf; |