When handling page faults, cxl_handle_page_fault() checks whether the page
should be accessible by userspace and have its _PAGE_USER access bit set.
_PAGE_USER should be set if the context's kernel flag isn't set, or if the
page falls outside of kernel memory.
However, the check currently uses the wrong operator, causing it to always
evalute to true. As such, we always set the _PAGE_USER bit, even when it
should be restricted to the kernel.
Fix the check so that the _PAGE_USER bit is set only as intended.
Fixes: f204e0b8cedd ("cxl: Driver code for powernv PCIe based cards for
userspace access")
Signed-off-by: Andrew Donnellan <andrew.donnel...@au1.ibm.com>
---
Found by Coverity Scan.
Currently, this should only affect cxlflash.
---
drivers/misc/cxl/fault.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/cxl/fault.c b/drivers/misc/cxl/fault.c
index 9a8650b..a76cb8a 100644
--- a/drivers/misc/cxl/fault.c
+++ b/drivers/misc/cxl/fault.c
@@ -152,7 +152,7 @@ static void cxl_handle_page_fault(struct cxl_context *ctx,
access = _PAGE_PRESENT;
if (dsisr & CXL_PSL_DSISR_An_S)
access |= _PAGE_RW;
- if ((!ctx->kernel) || ~(dar & (1ULL << 63)))
+ if ((!ctx->kernel) || !(dar & (1ULL << 63)))
access |= _PAGE_USER;
if (dsisr & DSISR_NOHPTE)
--
Andrew Donnellan Software Engineer, OzLabs
andrew.donnel...@au1.ibm.com Australia Development Lab, Canberra
+61 2 6201 8874 (work) IBM Australia Limited
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
