Received: by 10.192.165.148 with SMTP id m20csp3220311imm;
        Mon, 23 Apr 2018 02:46:54 -0700 (PDT)
X-Google-Smtp-Source: AIpwx48yyhPxrjRd6jkAKnxukWikcmYgiljDRGb7dh6NvcbGBNQEUpID/utP+hcQN5Ppo6GftTVL
X-Received: by 10.99.106.7 with SMTP id f7mr16565670pgc.363.1524476814088;
        Mon, 23 Apr 2018 02:46:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524476814; cv=none;
        d=google.com; s=arc-20160816;
        b=jnCd0J6GtE23YBDiBZ8kvK6XeZI8Nj7TTmaKYROQlmHhJVffaC91OiUH4w4O97kDBv
         zdvCs3ugNVZrvaRnB+SGidNSBuO9xp4Qhu9OuSoHmtDAnsp+sNjMHZZGT7QeotNNIGmC
         2aHHauPJAlideOqPLz78oQVSu2v0VlaPUviDH8JMmslHP/HW+FEUAbROfTBeut+QRhqr
         ftP1UW859sW6fXbjg5CGHKZnkO4s1dkTDxsHQarpgJ4NtLlXyXOaPCRoLNKkV7C6WKeI
         MAG2GURAAW6SqqdKl3/8gGGuJRKvw43sYRzwILM1cu1egjPIhZqo/C/2EZXT7BA//IXi
         RYww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=t7DTZPv8cWgnRte7OHnI6lYKlO7thziQzD/+GfyHM6Y=;
        b=jqalrlKXP8NrmTwm57sliSTxR1zT6TVvMewv9hKLUd+QyEZljQcedDDeConnJ21iKg
         vxqtwyDZL0+LpBnuAJB1FOkr+77i4FyRh+iIGwfDM1kMJSNg4DDGFtmYRSwL6BSt9V94
         jM+2aCNhR6s3ba3uqxH/w/PbXC2m9ODOsk3Pcx/zKxS6EbKNYRJpdnK+3ivAGJVRXrpf
         rzVx/Bzi+LsOUJ1sU6nZUDvmW/kR7O9Txzo+qrxwp9n/+jDYG2s1KdLf5laTOGqOMbXy
         NGYCtFywO0Z64Ntgwrg4r+Q/8ThBn8zXJ+jkJ7JnInraqxzvm/D1odYJ9k9okcGQ/7u3
         L0Sw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@hev-cc.20150623.gappssmtp.com header.s=20150623 header.b=rVOyY3QD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m1si4437875pfe.79.2018.04.23.02.46.39;
        Mon, 23 Apr 2018 02:46:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@hev-cc.20150623.gappssmtp.com header.s=20150623 header.b=rVOyY3QD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1754380AbeDWJpe (ORCPT <rfc822;sujaykul91@gmail.com>
        + 99 others); Mon, 23 Apr 2018 05:45:34 -0400
Received: from mail-lf0-f67.google.com ([209.85.215.67]:41984 "EHLO
        mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754078AbeDWJpa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 23 Apr 2018 05:45:30 -0400
Received: by mail-lf0-f67.google.com with SMTP id u21-v6so12356319lfu.9
        for <linux-kernel@vger.kernel.org>; Mon, 23 Apr 2018 02:45:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=hev-cc.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=t7DTZPv8cWgnRte7OHnI6lYKlO7thziQzD/+GfyHM6Y=;
        b=rVOyY3QD4QvfJxGTcYigv9H7Nu4C54EkU0Lp8oSIJuxj3eHJwwr9cUyfQRCujsZIL/
         TmAU7Q5fjSoHBO5hk1g4D7ag8h3cGiO2sTlD6zGW+vmsordbg/n3T9F5bBsmPAYuNZaX
         fZFR1CStwLa4tl26OT/wYxNC0BN3AyFh/CwbJrrRmc/601ee0lYyO8XOcCNorqkE9N74
         CrcZpWQK8alb1zmv8t9hJZorDx7KLtoj7pEiw51VJK7rK0EAFU/p/tpoTQ9j0YyflBWA
         BE5Iadr7564l9k1pOPqoo9mZ84xSks82q+iVlCIB7rFXQ2/VlfXvn63dCvhQ7axZAE8l
         wpqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=t7DTZPv8cWgnRte7OHnI6lYKlO7thziQzD/+GfyHM6Y=;
        b=dxGnmStJnpd3ElDoPFKs4sDsMvu/7ZVF46jnyoNci8PwsT/7BYqzHIAw+YSYW3cIfA
         4OIpZKy03GOyV3a4qBPYgtSw9Cu+BULEBL97slQLNMT7BjrcDjJz870LbrHpzHL3sGps
         2WiTVwjGjsItiMRyhgsj8Sr74Mc5wbebRAMb7AH8sRwQas5iUeg3D9WiyBqLe64GlAMn
         Lm5e1ZzTRRpuLSSBXysvp1pb4/SskZbg2zhZhAVlyMM3Tspo4YgLHtwWMNeoLpSFSCFh
         lwBcI1miA0pUe2OjqKkIigOdyQJGCLbEiyy4PCnciGcHYitZGlQZw1JFBPTesH4cxsTE
         o/Sg==
X-Gm-Message-State: ALQs6tAoMqDQihDpe+M4Y6iF3JFSBZM3I7EXMd7HmppLNlzWpR7qDFCD
        ejgBgbpqPhDh8/VgkLuaWZfBlJ6SHKtzFAYbt9dGHLs4fkOJzw==
X-Received: by 10.46.145.213 with SMTP id u21mr6450471ljg.0.1524476729183;
 Mon, 23 Apr 2018 02:45:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a19:94c2:0:0:0:0:0 with HTTP; Mon, 23 Apr 2018 02:45:28
 -0700 (PDT)
X-Originating-IP: [172.247.34.138]
In-Reply-To: <8293aba6-81fa-6552-529e-030cc41c705f@mips.com>
References: <20180422135315.254787616@linuxfoundation.org> <20180422135317.436671003@linuxfoundation.org>
 <CAHirt9jOibozCFgm8-5bXukSvRBwvxz7ctZYvugQuxnfLFCeLQ@mail.gmail.com> <8293aba6-81fa-6552-529e-030cc41c705f@mips.com>
From:   Heiher <r@hev.cc>
Date:   Mon, 23 Apr 2018 17:45:28 +0800
Message-ID: <CAHirt9jWrkBk3btjxe1VVW_XSZYkGJMpc0vM3_OP5ugqrR2G=w@mail.gmail.com>
Subject: Re: [PATCH 3.18 45/52] MIPS: memset.S: Fix clobber of v1 in last_fixup
To:     Matt Redfearn <matt.redfearn@mips.com>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-kernel@vger.kernel.org, stable@vger.kernel.org,
        James Hogan <jhogan@kernel.org>,
        Ralf Baechle <ralf@linux-mips.org>, linux-mips@linux-mips.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

Now I understand, thank you explain.

On Mon, Apr 23, 2018 at 5:36 PM, Matt Redfearn <matt.redfearn@mips.com> wrote:
>
>
> On 23/04/18 08:16, Heiher wrote:
>>
>> Hi,
>>
>> IIRC, The v1 is a temporary register, value is not preserved across
>> function calls.
>
>
> v1 is conventionally used for a function return value and as such can be
> changed by called functions. However, bzero is called from inline assembly
> and v1 is not in the clobbers list
> https://elixir.bootlin.com/linux/v4.17-rc1/source/arch/mips/include/asm/uaccess.h#L652
> So the calling function does not expect that register to have been used and
> can legitimately expect its value to remain after the function call, which
> without this patch, it does not - as demonstrated by the test code.
>
> Thanks,
> Matt
>
>
>>
>> I don't see any functions that generated by compiler to restore values
>> of v1 after clobbered it.
>>
>> On Sun, Apr 22, 2018 at 9:54 PM, Greg Kroah-Hartman
>> <gregkh@linuxfoundation.org> wrote:
>>>
>>> 3.18-stable review patch.  If anyone has any objections, please let me
>>> know.
>>>
>>> ------------------
>>>
>>> From: Matt Redfearn <matt.redfearn@mips.com>
>>>
>>> commit c96eebf07692e53bf4dd5987510d8b550e793598 upstream.
>>>
>>> The label .Llast_fixup\@ is jumped to on page fault within the final
>>> byte set loop of memset (on < MIPSR6 architectures). For some reason, in
>>> this fault handler, the v1 register is randomly set to a2 & STORMASK.
>>> This clobbers v1 for the calling function. This can be observed with the
>>> following test code:
>>>
>>> static int __init __attribute__((optimize("O0"))) test_clear_user(void)
>>> {
>>>    register int t asm("v1");
>>>    char *test;
>>>    int j, k;
>>>
>>>    pr_info("\n\n\nTesting clear_user\n");
>>>    test = vmalloc(PAGE_SIZE);
>>>
>>>    for (j = 256; j < 512; j++) {
>>>      t = 0xa5a5a5a5;
>>>      if ((k = clear_user(test + PAGE_SIZE - 256, j)) != j - 256) {
>>>          pr_err("clear_user (%px %d) returned %d\n", test + PAGE_SIZE -
>>> 256, j, k);
>>>      }
>>>      if (t != 0xa5a5a5a5) {
>>>         pr_err("v1 was clobbered to 0x%x!\n", t);
>>>      }
>>>    }
>>>
>>>    return 0;
>>> }
>>> late_initcall(test_clear_user);
>>>
>>> Which demonstrates that v1 is indeed clobbered (MIPS64):
>>>
>>> Testing clear_user
>>> v1 was clobbered to 0x1!
>>> v1 was clobbered to 0x2!
>>> v1 was clobbered to 0x3!
>>> v1 was clobbered to 0x4!
>>> v1 was clobbered to 0x5!
>>> v1 was clobbered to 0x6!
>>> v1 was clobbered to 0x7!
>>>
>>> Since the number of bytes that could not be set is already contained in
>>> a2, the andi placing a value in v1 is not necessary and actively
>>> harmful in clobbering v1.
>>>
>>> Reported-by: James Hogan <jhogan@kernel.org>
>>> Signed-off-by: Matt Redfearn <matt.redfearn@mips.com>
>>> Cc: Ralf Baechle <ralf@linux-mips.org>
>>> Cc: linux-mips@linux-mips.org
>>> Cc: stable@vger.kernel.org
>>> Patchwork: https://patchwork.linux-mips.org/patch/19109/
>>> Signed-off-by: James Hogan <jhogan@kernel.org>
>>> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>>>
>>> ---
>>>   arch/mips/lib/memset.S |    2 +-
>>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> --- a/arch/mips/lib/memset.S
>>> +++ b/arch/mips/lib/memset.S
>>> @@ -210,7 +210,7 @@
>>>
>>>   .Llast_fixup\@:
>>>          jr              ra
>>> -       andi            v1, a2, STORMASK
>>> +        nop
>>>
>>>   .Lsmall_fixup\@:
>>>          PTR_SUBU        a2, t1, a0
>>>
>>>
>>>
>>
>>
>>
>



-- 
Best regards!
Hev
https://hev.cc