Check if user address is accessible in atomic version __get_user_pages_fast() before walking the page table. And, check if end > start in get_user_pages_fast(), otherwise fallback to slow path. Signed-off-by: Yang Shi <yang.shi@xxxxxxxxxx> --- arch/sparc/mm/gup.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c index 2e5c4fc..08b8da5 100644 --- a/arch/sparc/mm/gup.c +++ b/arch/sparc/mm/gup.c @@ -173,6 +173,9 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, addr = start; len = (unsigned long) nr_pages << PAGE_SHIFT; end = start + len; + if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ, + (void __user *)start, len))) + return 0; local_irq_save(flags); pgdp = pgd_offset(mm, addr); @@ -203,6 +206,8 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write, addr = start; len = (unsigned long) nr_pages << PAGE_SHIFT; end = start + len; + if (end < start) + goto slow_irqon; /* * XXX: batch / limit 'nr', to avoid large irq off latency -- 2.0.2 -- To unsubscribe from this list: send the line "unsubscribe sparclinux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html