Received: by 10.192.165.148 with SMTP id m20csp2458752imm; Sun, 22 Apr 2018 07:28:33 -0700 (PDT) X-Google-Smtp-Source: AIpwx49Be5q1oJRQffzA/HcNvLHYN9J3ht0usgS2vuQGllPevgpO9NFbQuQKFBzOB49SYeWYwIAm X-Received: by 2002:a17:902:5a0b:: with SMTP id q11-v6mr17375959pli.199.1524407313852; Sun, 22 Apr 2018 07:28:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524407313; cv=none; d=google.com; s=arc-20160816; b=g8zP/zormY7PW2Hqb5XTjoUiwprjFE8tA9+Y/IVCF8hD2ZpV4oGcMsPoBLuCWJDx54 e4hRf8vT/1DBmYHqDGv8Xt5DtUUCStdB922/lq/GPIw4mglrTAZqrIBX8q10E7ZcqlxQ +CPvdlCEhoC2g/ZKvs71pjGIzW0DmznnrO0MWUHmhRYa5NEKtH569SkL2CEHPVxj8iDo OI0D67e1yBenq1+FvjFTxXleUfqftK4IEl5b2Cf4VsVMXG+2qRnRZgy1lJsl8km2KUXs lgwQXBRuupCUPPvGicr7lqIPhBg9EdNJj/CDpPDLEhgNbKzPIGZGJ6ENBbCGlBsaErPz 1A4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=lIxakWpIuY6813CrwEr1fHpso4qOlKBmYtNyoC359qg=; b=Zx3+TjxMhURXe1Ii1/fPB5J6dkcQhgMbK8x7xD17YvDM6dix0Ywlukqw9Qitd1Yjct JDESrHCEEHWTNMiph2r51WhnYUuYjPafINDDh4Z/d0jbUMjbj61SAWQxOJ+4UF+vij7L Ik4zCm2ZVsbMnJTlWCnmmX5Wr627ZZ0dukVwn3N2zwdDMxuo9AwbdjfzvXZf7ZAc8yEV N72cleqxguDJRIoMyXqGJ9iKfTzu6LLe9uuzJQJMZ+aKYwlqYobfuOvs6lnQaiikLxio 9JcweuxeNIr3GEWLvHv7qpkFhNAxq+MazVtMaBAC0AVx6Vf90SZbLTh77Bh4hmWf4lBl X12Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d2-v6si7420129plh.387.2018.04.22.07.27.57; Sun, 22 Apr 2018 07:28:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757596AbeDVOVl (ORCPT + 99 others); Sun, 22 Apr 2018 10:21:41 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:32968 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757566AbeDVOVh (ORCPT ); Sun, 22 Apr 2018 10:21:37 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 9453A98C; Sun, 22 Apr 2018 14:21:36 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, James Hogan , Matt Redfearn , Ralf Baechle , linux-mips@linux-mips.org Subject: [PATCH 3.18 44/52] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup Date: Sun, 22 Apr 2018 15:54:17 +0200 Message-Id: <20180422135317.399275218@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180422135315.254787616@linuxfoundation.org> References: <20180422135315.254787616@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Matt Redfearn commit daf70d89f80c6e1772233da9e020114b1254e7e0 upstream. The __clear_user function is defined to return the number of bytes that could not be cleared. From the underlying memset / bzero implementation this means setting register a2 to that number on return. Currently if a page fault is triggered within the memset_partial block, the value loaded into a2 on return is meaningless. The label .Lpartial_fixup\@ is jumped to on page fault. In order to work out how many bytes failed to copy, the exception handler should find how many bytes left in the partial block (andi a2, STORMASK), add that to the partial block end address (a2), and subtract the faulting address to get the remainder. Currently it incorrectly subtracts the partial block start address (t1), which has additionally been clobbered to generate a jump target in memset_partial. Fix this by adding the block end address instead. This issue was found with the following test code: int j, k; for (j = 0; j < 512; j++) { if ((k = clear_user(NULL, j)) != j) { pr_err("clear_user (NULL %d) returned %d\n", j, k); } } Which now passes on Creator Ci40 (MIPS32) and Cavium Octeon II (MIPS64). Suggested-by: James Hogan Signed-off-by: Matt Redfearn Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/19108/ Signed-off-by: James Hogan Signed-off-by: Greg Kroah-Hartman --- arch/mips/lib/memset.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/mips/lib/memset.S +++ b/arch/mips/lib/memset.S @@ -204,7 +204,7 @@ PTR_L t0, TI_TASK($28) andi a2, STORMASK LONG_L t0, THREAD_BUADDR(t0) - LONG_ADDU a2, t1 + LONG_ADDU a2, a0 jr ra LONG_SUBU a2, t0