Received: by 10.213.65.68 with SMTP id h4csp1624375imn; Thu, 29 Mar 2018 08:03:56 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+MOSFvV4NlolYwJEb4RLIIQ2aYvGzCpvYHck5Pi0Y0kefhZIQfKMKI8KmkD6w/3sgTAkz0 X-Received: by 10.98.12.140 with SMTP id 12mr6665277pfm.123.1522335836254; Thu, 29 Mar 2018 08:03:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522335836; cv=none; d=google.com; s=arc-20160816; b=kw+A/olZVg3Xt01oCDwfXKMMFCCoFqaxG1FajDthvUJdMGF6phkK682cxQOJunw0by JG1Of60p3YF+Qyc8Z95lQyh5PJgVF1NOZ2BuZ2Xe9sDdiCP/PoH+SN4uXU4FmyDn9KQV kVYaTWbaCxR3FF8Fri7l/bATi48Z+/t68l4bypCeJ6rH7C/H6jxZfKSz11j5Ck4BaiG0 9e9Yt48GnhrtkyCgxpjzthGhZEDNNl+lf5HRDLV/jpdccLKYskxrlISMpLwzxRtiP+8Z 4Sur4Ia94scA6snR2WMyKSj1t2itfO+Zl4Loa8exGfOWXYmo0frnALu9i/NMYH2j0XFk i+Rw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:arc-authentication-results; bh=9vyH1qwSnVq1mt5ecLpKLF26ICQlT9LhWmipkyuVBYo=; b=cCiidOPgeOjfNC2XA7MNLXXjb5Ui9nXf6t8J7oIOnmLmpsSr0e0UGV3Nozk/hQZik+ WJn75g8zcj/YCte+gW8s86Qm3DSW54mJIuPNRyex22W1/WR7pS5EgCWck14yXkg9kjv5 ksDQcNsF79HS2R3XFvCZOmA9ZAfhmMmgFID9pgWt2K+tfX/rn2aGK152HfK6gg8ffKVQ UspSuLdFN7lk/ID+Gilj9E1+REcaALGZzp3loQOFj0FVdwbfluna92p9JlmwGAlDI8Ar gtJtFoyGNuNx5/bg/xZfhdYyN4a/XlfTyjHufNbKWKxxoOQtS8iAgTs6X09XE+CcsXb/ YyqQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 71-v6si6144985pla.707.2018.03.29.08.03.38; Thu, 29 Mar 2018 08:03:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751341AbeC2PB2 (ORCPT + 99 others); Thu, 29 Mar 2018 11:01:28 -0400 Received: from 9pmail.ess.barracuda.com ([64.235.150.224]:42677 "EHLO 9pmail.ess.barracuda.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750708AbeC2PB1 (ORCPT ); Thu, 29 Mar 2018 11:01:27 -0400 X-Greylist: delayed 9443 seconds by postgrey-1.27 at vger.kernel.org; Thu, 29 Mar 2018 11:01:26 EDT Received: from MIPSMAIL01.mipstec.com (mailrelay.mips.com [12.201.5.28]) by mx26.ess.sfj.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Thu, 29 Mar 2018 15:01:24 +0000 Received: from mredfearn-linux.mipstec.com (192.168.155.41) by MIPSMAIL01.mipstec.com (10.20.43.31) with Microsoft SMTP Server (TLS) id 14.3.361.1; Thu, 29 Mar 2018 02:28:41 -0700 From: Matt Redfearn To: James Hogan , Ralf Baechle CC: , Matt Redfearn , , Subject: [PATCH 2/2] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Date: Thu, 29 Mar 2018 10:28:24 +0100 Message-ID: <1522315704-31641-3-git-send-email-matt.redfearn@mips.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1522315704-31641-1-git-send-email-matt.redfearn@mips.com> References: <1522315704-31641-1-git-send-email-matt.redfearn@mips.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [192.168.155.41] X-BESS-ID: 1522335682-853316-8127-463000-10 X-BESS-VER: 2018.3-r1803192001 X-BESS-Apparent-Source-IP: 12.201.5.28 X-BESS-Outbound-Spam-Score: 0.00 X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.191514 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------- 0.00 BSF_BESS_OUTBOUND META: BESS Outbound X-BESS-Outbound-Spam-Status: SCORE=0.00 using account:ESS59374 scores of KILL_LEVEL=7.0 tests=BSF_BESS_OUTBOUND X-BESS-BRTS-Status: 1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The __clear_user function is defined to return the number of bytes that could not be cleared. From the underlying memset / bzero implementation this means setting register a2 to that number on return. Currently if a page fault is triggered within the memset_partial block, the value loaded into a2 on return is meaningless. The label .Lpartial_fixup\@ is jumped to on page fault. Currently it masks the remaining count of bytes (a2) with STORMASK, meaning that the least significant 2 (32bit) or 3 (64bit) bits of the remaining count are always clear. Secondly, .Lpartial_fixup\@ expects t1 to contain the end address of the copy. This is set up by the initial block: PTR_ADDU t1, a0 /* end address */ However, the .Lmemset_partial\@ block then reuses register t1 to calculate a jump through a block of word copies. This leaves it no longer containing the end address of the copy operation if a page fault occurs, and the remaining bytes calculation is incorrect. Fix these issues by removing the and of a2 with STORMASK, and replace t1 with register t2 in the .Lmemset_partial\@ block. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Matt Redfearn --- arch/mips/lib/memset.S | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 90bcdf1224ee..3257dca58cad 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -161,19 +161,19 @@ .Lmemset_partial\@: R10KCBARRIER(0(ra)) - PTR_LA t1, 2f /* where to start */ + PTR_LA t2, 2f /* where to start */ #ifdef CONFIG_CPU_MICROMIPS LONG_SRL t7, t0, 1 #endif #if LONGSIZE == 4 - PTR_SUBU t1, FILLPTRG + PTR_SUBU t2, FILLPTRG #else .set noat LONG_SRL AT, FILLPTRG, 1 - PTR_SUBU t1, AT + PTR_SUBU t2, AT .set at #endif - jr t1 + jr t2 PTR_ADDU a0, t0 /* dest ptr */ .set push @@ -250,7 +250,6 @@ .Lpartial_fixup\@: PTR_L t0, TI_TASK($28) - andi a2, STORMASK LONG_L t0, THREAD_BUADDR(t0) LONG_ADDU a2, t1 jr ra -- 2.7.4