Received: by 10.192.165.156 with SMTP id m28csp89160imm; Tue, 17 Apr 2018 07:02:00 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+Po4DBTC7iY9e5PZm92IutCw+OkzJ+uqIWW6InkJ+D4VmZB6D2WL0pbLnKG9gYA5/jlRvt X-Received: by 2002:a17:902:5609:: with SMTP id h9-v6mr2190929pli.121.1523973720685; Tue, 17 Apr 2018 07:02:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523973720; cv=none; d=google.com; s=arc-20160816; b=IpunK7eQESLZ3JOnHOhxgDB7fpf3LvxYX3ibzk8Hakb/ZsP7E1u7yxtGmMPgXKWJZ3 zlbujaR5pKLgh6fe2bCiAl8f7tNc+uvyhQRXhq9YI+HrKe+q4boSXB1bA/mbjSZDTKd8 YzvbBP1Df5AsCamngFr5CvItlMKxe3MWb9o8h9MYU3n5jnHO+OetmtY89BqmW3DetnAC 8KH0tnGxGa6wpoSHCGisJXWMfgMQZuFrIfjHJlYRF6ADpL5MIY1FXcRYsivvBCFU7zS2 /Y+B26CV71qduRLPhACTx6FRXz9FK9lzzrG53sb6uppx8UR9t9CmWtcXiMTJC5d7ScB/ VMHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:arc-authentication-results; bh=+xyQmeuMVe0zO4vv9aogpLVvm817+aXYRTA+WDf2ddk=; b=zHZw1K972YwuHvlwdQt0Pl92+Pz9PfR0TXfG3due3wJMz1sV80O7mAm/G8eCJ+oTO4 m4SNjZypXUvulnhvb7eVWmBTB9cev/TgfiZUgfEUKycWf3rEhsEV0cjfrDRQ1SNl4OVy e6qX1z/AZCoE28K1I1uwj545Lfs12WiUDRZN+uzXHItjr35Um+oeLM6SN7NeLKZUComE dumFGnzFMXgdTREL8ji69Un5tMjL1Ysi4MR6qSkpUK0YogHaAKNYaVA14w6wYGWJlFdp JYyFGsI7hYPqDIj2Ca6cBTp3OSEow8nTKC59iKKDoho0q9btowvjVThtY7Vgyrz8V87+ zrhw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n61-v6si14588836plb.112.2018.04.17.07.01.44; Tue, 17 Apr 2018 07:02:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754040AbeDQN7v (ORCPT + 99 others); Tue, 17 Apr 2018 09:59:51 -0400 Received: from 9pmail.ess.barracuda.com ([64.235.154.211]:54738 "EHLO 9pmail.ess.barracuda.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753383AbeDQN7t (ORCPT ); Tue, 17 Apr 2018 09:59:49 -0400 Received: from MIPSMAIL01.mipstec.com (mailrelay.mips.com [12.201.5.28]) by mx1401.ess.rzc.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Tue, 17 Apr 2018 13:59:40 +0000 Received: from mredfearn-linux.mipstec.com (192.168.155.41) by MIPSMAIL01.mipstec.com (10.20.43.31) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 17 Apr 2018 06:59:57 -0700 From: Matt Redfearn To: James Hogan , Ralf Baechle CC: , Matt Redfearn , , Subject: [PATCH v2] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Date: Tue, 17 Apr 2018 14:59:50 +0100 Message-ID: <1523973590-23356-1-git-send-email-matt.redfearn@mips.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <20180416221340.GB23881@saruman> References: <20180416221340.GB23881@saruman> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [192.168.155.41] X-BESS-ID: 1523973580-321457-20211-1075-1 X-BESS-VER: 2018.4-r1804121647 X-BESS-Apparent-Source-IP: 12.201.5.28 X-BESS-Outbound-Spam-Score: 0.00 X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.192082 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------- 0.00 BSF_BESS_OUTBOUND META: BESS Outbound X-BESS-Outbound-Spam-Status: SCORE=0.00 using account:ESS59374 scores of KILL_LEVEL=7.0 tests=BSF_BESS_OUTBOUND X-BESS-BRTS-Status: 1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The __clear_user function is defined to return the number of bytes that could not be cleared. From the underlying memset / bzero implementation this means setting register a2 to that number on return. Currently if a page fault is triggered within the memset_partial block, the value loaded into a2 on return is meaningless. The label .Lpartial_fixup\@ is jumped to on page fault. In order to work out how many bytes failed to copy, the exception handler should find how many bytes left in the partial block (andi a2, STORMASK), add that to the partial block end address (a2), and subtract the faulting address to get the remainder. Currently it incorrectly subtracts the partial block start address (t1), which has additionally has been clobbered to generate a jump target in memset_partial. Fix this by adding the block end address instead. Since this code is non-trivial to read, add comments to describe the fault handling. This issue was found with the following test code: int j, k; for (j = 0; j < 512; j++) { if ((k = clear_user(NULL, j)) != j) { pr_err("clear_user (NULL %d) returned %d\n", j, k); } } Which now passes on Creator Ci40 (MIPS32) and Cavium Octeon II (MIPS64). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Suggested-by: James Hogan Signed-off-by: Matt Redfearn --- Changes in v2: - Use James Hogan's suggestion of replacing t1 with a0 to get the correct remainder count. - Add comments to .Lpartial_fixup to aid those who next try to deciper this code. arch/mips/lib/memset.S | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 90bcdf1224ee..fa3bec269331 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -250,11 +250,11 @@ .Lpartial_fixup\@: PTR_L t0, TI_TASK($28) - andi a2, STORMASK - LONG_L t0, THREAD_BUADDR(t0) - LONG_ADDU a2, t1 + andi a2, STORMASK /* #Bytes beyond partial block */ + LONG_L t0, THREAD_BUADDR(t0) /* Get faulting address */ + LONG_ADDU a2, a0 /* Add end address of partial block */ jr ra - LONG_SUBU a2, t0 + LONG_SUBU a2, t0 /* a2 = partial_end + #bytes - fault */ .Llast_fixup\@: jr ra -- 2.7.4