Received: by 10.192.165.156 with SMTP id m28csp145967imm; Tue, 17 Apr 2018 07:54:09 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/y5suMr6Lf8Hdme8+2zpbUVoGAXctc0nXZWq0qzSAPKSzcSJH0fFKbKuf7BsL6ap9h65sc X-Received: by 10.99.149.10 with SMTP id p10mr2019583pgd.217.1523976849057; Tue, 17 Apr 2018 07:54:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523976849; cv=none; d=google.com; s=arc-20160816; b=I4jbo91hjOWj8t2dQZb23gznoFsVELbCt72q2Yce5nJI7dG5l5xNsdxK7BzfU8Tf77 KKmmPI+/N/iJB90b7LUmi8KWtbtlT4c8PJTYhBz/tXv+k5Kco2cSgu8tMGtS6e5vWR9b 8uNqTGOK/y4D3kCzsPGQZv9ZtIX2+NbqwaztLq4Q43udNWRZvrUfNsGM0W1Inn+nN8On 54519JMhx+fZ2SxlreZwzoI4OVJ2jZWFBah05Q39dpcl5D51lWSKdx69h+IHEbg1tm4J 7fdQogPJ305Lp+Rtg0Gnlo7zDsIP8ohebfQBlapyZyeXvo9H/aFLzmTuwZ7AeGC7OQPN Vsag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:arc-authentication-results; bh=ZSnUofhwLHUdEc3oQlm1cqCzs3elCQUBUQaQKRaAuHg=; b=uvPgV5WPO6qMgs8dbT7izkRv9K59i+cakEz5sCGsdmkkutPb6021QKgaQB4R2p08tT pJ6aIxUWE0a2qGSKnvSCBcKKtpULjvl0zmBIEKFyS1muZuVN953QRS0xvC9fDbuEmVrK 7qMhPRyFdej+wymc56AWYs8+IRLZYTwN78TXx0tN/TJTivKaprKluMEp9QAVTGqlIdPK dEUY6MpbR0QvTqNbOAw/3hpOtGglQ+OnD333Yuya3g24yBWQcb400wF/SF3r5++eFuPY pJvy9SGs+7pZqTg4nYBAyufYdEVbZcdToVOMWi3fMS7E5uf46YETlnvVlNsz66KC9ELR D9kA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t12-v6si14783265plq.547.2018.04.17.07.53.55; Tue, 17 Apr 2018 07:54:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752619AbeDQOw0 (ORCPT + 99 others); Tue, 17 Apr 2018 10:52:26 -0400 Received: from 9pmail.ess.barracuda.com ([64.235.150.224]:60610 "EHLO 9pmail.ess.barracuda.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752357AbeDQOwZ (ORCPT ); Tue, 17 Apr 2018 10:52:25 -0400 Received: from MIPSMAIL01.mipstec.com (mailrelay.mips.com [12.201.5.28]) by mx28.ess.sfj.cudaops.com (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NO); Tue, 17 Apr 2018 14:52:11 +0000 Received: from mredfearn-linux.mipstec.com (192.168.155.41) by MIPSMAIL01.mipstec.com (10.20.43.31) with Microsoft SMTP Server (TLS) id 14.3.361.1; Tue, 17 Apr 2018 07:52:28 -0700 From: Matt Redfearn To: James Hogan , Ralf Baechle CC: , Matt Redfearn , , Subject: [PATCH v3] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Date: Tue, 17 Apr 2018 15:52:21 +0100 Message-ID: <1523976741-29916-1-git-send-email-matt.redfearn@mips.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1523973590-23356-1-git-send-email-matt.redfearn@mips.com> References: <1523973590-23356-1-git-send-email-matt.redfearn@mips.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [192.168.155.41] X-BESS-ID: 1523976730-637138-28956-86998-1 X-BESS-VER: 2018.4-r1804121647 X-BESS-Apparent-Source-IP: 12.201.5.28 X-BESS-Outbound-Spam-Score: 0.00 X-BESS-Outbound-Spam-Report: Code version 3.2, rules version 3.2.2.192083 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------- 0.00 BSF_BESS_OUTBOUND META: BESS Outbound X-BESS-Outbound-Spam-Status: SCORE=0.00 using account:ESS59374 scores of KILL_LEVEL=7.0 tests=BSF_BESS_OUTBOUND X-BESS-BRTS-Status: 1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The __clear_user function is defined to return the number of bytes that could not be cleared. From the underlying memset / bzero implementation this means setting register a2 to that number on return. Currently if a page fault is triggered within the memset_partial block, the value loaded into a2 on return is meaningless. The label .Lpartial_fixup\@ is jumped to on page fault. In order to work out how many bytes failed to copy, the exception handler should find how many bytes left in the partial block (andi a2, STORMASK), add that to the partial block end address (a2), and subtract the faulting address to get the remainder. Currently it incorrectly subtracts the partial block start address (t1), which has additionally has been clobbered to generate a jump target in memset_partial. Fix this by adding the block end address instead. This issue was found with the following test code: int j, k; for (j = 0; j < 512; j++) { if ((k = clear_user(NULL, j)) != j) { pr_err("clear_user (NULL %d) returned %d\n", j, k); } } Which now passes on Creator Ci40 (MIPS32) and Cavium Octeon II (MIPS64). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Suggested-by: James Hogan Signed-off-by: Matt Redfearn --- Changes in v3: - Just fix the issue at hand Changes in v2: - Use James Hogan's suggestion of replacing t1 with a0 to get the correct remainder count. arch/mips/lib/memset.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S index 90bcdf1224ee..184819c1d5c8 100644 --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -252,7 +252,7 @@ PTR_L t0, TI_TASK($28) andi a2, STORMASK LONG_L t0, THREAD_BUADDR(t0) - LONG_ADDU a2, t1 + LONG_ADDU a2, a0 jr ra LONG_SUBU a2, t0 -- 2.7.4