Received: by 10.213.65.68 with SMTP id h4csp1470509imn; Thu, 29 Mar 2018 05:25:43 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+ZMDTCS1qNjaI8LuvXkTp69R/PInJi4dMvjQUh7SYnWCDw7KvdFhBmDdaXcFhVt+Ww4BGR X-Received: by 2002:a17:902:830a:: with SMTP id bd10-v6mr7952656plb.322.1522326343439; Thu, 29 Mar 2018 05:25:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522326343; cv=none; d=google.com; s=arc-20160816; b=Re/4EIw1zUSwbvybCdfmW5V84V6vske1gHS5nUZnwG/P0dYJF8BPAw2MMCx/KTTw3n 7dLYHOBw/r2JsdFh3lYUw/kiqi1MogZUfmjnswIFux2TL9CZ9Etcc63saHIcydJu/4eA lZbkB2AA4+k8xyexHDUi8wwI9oU+qIlss7nHrvaY3bi5I/s7hMnHvsp7lvjRHj0AmaAH c1cnk7F7yyx7sW9ok0aSC92h21CpqJ2S8Jz3k4btqeIOiHU2FP7xE+RZBy0eLaBfA7Mq IxDFahads+Get0RuytRFam/EC5g6cA+WJ/TiQoExU5yF567a0B/Ctmw/kOpH4mnIO4qF SSOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:arc-authentication-results; bh=1PDLZuSTuZ/9mdWfGELntkL4rYJoaSSp7rXbxLJpqCw=; b=UAJRYewXj+E2BuwSaT6CMehM5pbVoHxVM/62rUD1LA2+NNwKfOHq6URTPmp7TWQ4rB GDldWZz/sFsqViXkqf5QQLF7oF4+4A7kco6G3QzTRaxL1VCXqEaklxOUugD+F0XVkc/x PsVefs0FiWnfyAdAsriyl3LG87VN26LUmnHq0yUsW+AH5C4VPorQT/IWLYKD/RBgNcZG nuMDLSQeCH+XpxIOiQ3Cb82bxw+OoBHdMBHISqK2Xz4X3h1QNSKr/z4pqmgBJZSFENKz gbGcka9U2AGC2HDqiirdvkNSbsq+5kaEAozfEgnd1Xdp7Sd0vKKfuQo6l6HmJ3DJ67gJ mFyA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d62si3918197pgc.627.2018.03.29.05.25.29; Thu, 29 Mar 2018 05:25:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752820AbeC2MX5 (ORCPT + 99 others); Thu, 29 Mar 2018 08:23:57 -0400 Received: from 9pmail.ess.barracuda.com ([64.235.154.211]:36470 "EHLO 9pmail.ess.barracuda.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752256AbeC2MXz (ORCPT ); Thu, 29 Mar 2018 08:23:55 -0400 Received: from MIPSMAIL01.mipstec.com (mailrelay.mips.com [12.201.5.28]) by mx1411.ess.rzc.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Thu, 29 Mar 2018 12:23:50 +0000 Received: from mredfearn-linux.mipstec.com (192.168.155.41) by MIPSMAIL01.mipstec.com (10.20.43.31) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 29 Mar 2018 02:28:37 -0700 From: Matt Redfearn To: James Hogan , Ralf Baechle CC: , Matt Redfearn , Subject: [PATCH 0/2] MIPS: memset.S: Fix 2 issues with __clear_user Date: Thu, 29 Mar 2018 10:28:22 +0100 Message-ID: <1522315704-31641-1-git-send-email-matt.redfearn@mips.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [192.168.155.41] X-BESS-ID: 1522326228-452059-22111-54593-5 X-BESS-VER: 2018.4.1-r1803282120 X-BESS-Apparent-Source-IP: 12.201.5.28 X-BESS-Outbound-Spam-Score: 0.00 X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.191512 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------- 0.00 BSF_BESS_OUTBOUND META: BESS Outbound X-BESS-Outbound-Spam-Status: SCORE=0.00 using account:ESS59374 scores of KILL_LEVEL=7.0 tests=BSF_BESS_OUTBOUND X-BESS-BRTS-Status: 1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This series addresses 2 issues that have been present in memset.S since the initial git import(!). The first patch addresses an issue when memset is called with a size less than the size of a long (4 bytes on 32bit, 8 bytes on 64bit). There is no fixup handler provided for the byte store loop, meaning that if the access triggers a page fault, rather than being fixup up, the kernel OOPS'. A secondary issue is also addressed here, that when EVA support was added by commit fd9720e96e85 ("MIPS: lib: memset: Add EVA support for the __bzero function."), this small memset was not changed. Hence kernel mode addressing is always used and if the userspace address being stored to overlaps kernel, then some potentially critical kernel data is overwritten. The second patch addresses an issue found while debugging the first. clear_user() is specified to return the number of bytes that could not be cleared. After the first patch, this is now done for sizes 0-3, but sizes 4-63 would return garbage. This was tracked down to an error in reusing the t1 register meaning it no longer contained the expected value in the fault handler, and the fault handler erroneously masking off the lower bits of the result. The following test code was used to verify the behavior. int j, k; for (j = 0; j < 512; j++) { if ((k = clear_user(NULL, j)) != j) { pr_err("clear_user (NULL %d) returned %d\n", j, k); } } Without patch 1, an OOPS is triggered by the first iteration. Without the second patch, j = 4..63 returns garbage. Applies on v4.16-rc7 Tested on MIPS creator ci40 (MIPS32) and Cavium Octeon II (MIPS64). Matt Redfearn (2): MIPS: memset.S: EVA & fault support for small_memset MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup arch/mips/lib/memset.S | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) -- 2.7.4