Received: by 10.192.165.148 with SMTP id m20csp3220311imm; Mon, 23 Apr 2018 02:46:54 -0700 (PDT) X-Google-Smtp-Source: AIpwx48yyhPxrjRd6jkAKnxukWikcmYgiljDRGb7dh6NvcbGBNQEUpID/utP+hcQN5Ppo6GftTVL X-Received: by 10.99.106.7 with SMTP id f7mr16565670pgc.363.1524476814088; Mon, 23 Apr 2018 02:46:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524476814; cv=none; d=google.com; s=arc-20160816; b=jnCd0J6GtE23YBDiBZ8kvK6XeZI8Nj7TTmaKYROQlmHhJVffaC91OiUH4w4O97kDBv zdvCs3ugNVZrvaRnB+SGidNSBuO9xp4Qhu9OuSoHmtDAnsp+sNjMHZZGT7QeotNNIGmC 2aHHauPJAlideOqPLz78oQVSu2v0VlaPUviDH8JMmslHP/HW+FEUAbROfTBeut+QRhqr ftP1UW859sW6fXbjg5CGHKZnkO4s1dkTDxsHQarpgJ4NtLlXyXOaPCRoLNKkV7C6WKeI MAG2GURAAW6SqqdKl3/8gGGuJRKvw43sYRzwILM1cu1egjPIhZqo/C/2EZXT7BA//IXi RYww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=t7DTZPv8cWgnRte7OHnI6lYKlO7thziQzD/+GfyHM6Y=; b=jqalrlKXP8NrmTwm57sliSTxR1zT6TVvMewv9hKLUd+QyEZljQcedDDeConnJ21iKg vxqtwyDZL0+LpBnuAJB1FOkr+77i4FyRh+iIGwfDM1kMJSNg4DDGFtmYRSwL6BSt9V94 jM+2aCNhR6s3ba3uqxH/w/PbXC2m9ODOsk3Pcx/zKxS6EbKNYRJpdnK+3ivAGJVRXrpf rzVx/Bzi+LsOUJ1sU6nZUDvmW/kR7O9Txzo+qrxwp9n/+jDYG2s1KdLf5laTOGqOMbXy NGYCtFywO0Z64Ntgwrg4r+Q/8ThBn8zXJ+jkJ7JnInraqxzvm/D1odYJ9k9okcGQ/7u3 L0Sw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hev-cc.20150623.gappssmtp.com header.s=20150623 header.b=rVOyY3QD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m1si4437875pfe.79.2018.04.23.02.46.39; Mon, 23 Apr 2018 02:46:54 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@hev-cc.20150623.gappssmtp.com header.s=20150623 header.b=rVOyY3QD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754380AbeDWJpe (ORCPT + 99 others); Mon, 23 Apr 2018 05:45:34 -0400 Received: from mail-lf0-f67.google.com ([209.85.215.67]:41984 "EHLO mail-lf0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754078AbeDWJpa (ORCPT ); Mon, 23 Apr 2018 05:45:30 -0400 Received: by mail-lf0-f67.google.com with SMTP id u21-v6so12356319lfu.9 for ; Mon, 23 Apr 2018 02:45:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hev-cc.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=t7DTZPv8cWgnRte7OHnI6lYKlO7thziQzD/+GfyHM6Y=; b=rVOyY3QD4QvfJxGTcYigv9H7Nu4C54EkU0Lp8oSIJuxj3eHJwwr9cUyfQRCujsZIL/ TmAU7Q5fjSoHBO5hk1g4D7ag8h3cGiO2sTlD6zGW+vmsordbg/n3T9F5bBsmPAYuNZaX fZFR1CStwLa4tl26OT/wYxNC0BN3AyFh/CwbJrrRmc/601ee0lYyO8XOcCNorqkE9N74 CrcZpWQK8alb1zmv8t9hJZorDx7KLtoj7pEiw51VJK7rK0EAFU/p/tpoTQ9j0YyflBWA BE5Iadr7564l9k1pOPqoo9mZ84xSks82q+iVlCIB7rFXQ2/VlfXvn63dCvhQ7axZAE8l wpqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=t7DTZPv8cWgnRte7OHnI6lYKlO7thziQzD/+GfyHM6Y=; b=dxGnmStJnpd3ElDoPFKs4sDsMvu/7ZVF46jnyoNci8PwsT/7BYqzHIAw+YSYW3cIfA 4OIpZKy03GOyV3a4qBPYgtSw9Cu+BULEBL97slQLNMT7BjrcDjJz870LbrHpzHL3sGps 2WiTVwjGjsItiMRyhgsj8Sr74Mc5wbebRAMb7AH8sRwQas5iUeg3D9WiyBqLe64GlAMn Lm5e1ZzTRRpuLSSBXysvp1pb4/SskZbg2zhZhAVlyMM3Tspo4YgLHtwWMNeoLpSFSCFh lwBcI1miA0pUe2OjqKkIigOdyQJGCLbEiyy4PCnciGcHYitZGlQZw1JFBPTesH4cxsTE o/Sg== X-Gm-Message-State: ALQs6tAoMqDQihDpe+M4Y6iF3JFSBZM3I7EXMd7HmppLNlzWpR7qDFCD ejgBgbpqPhDh8/VgkLuaWZfBlJ6SHKtzFAYbt9dGHLs4fkOJzw== X-Received: by 10.46.145.213 with SMTP id u21mr6450471ljg.0.1524476729183; Mon, 23 Apr 2018 02:45:29 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a19:94c2:0:0:0:0:0 with HTTP; Mon, 23 Apr 2018 02:45:28 -0700 (PDT) X-Originating-IP: [172.247.34.138] In-Reply-To: <8293aba6-81fa-6552-529e-030cc41c705f@mips.com> References: <20180422135315.254787616@linuxfoundation.org> <20180422135317.436671003@linuxfoundation.org> <8293aba6-81fa-6552-529e-030cc41c705f@mips.com> From: Heiher Date: Mon, 23 Apr 2018 17:45:28 +0800 Message-ID: Subject: Re: [PATCH 3.18 45/52] MIPS: memset.S: Fix clobber of v1 in last_fixup To: Matt Redfearn Cc: Greg Kroah-Hartman , linux-kernel@vger.kernel.org, stable@vger.kernel.org, James Hogan , Ralf Baechle , linux-mips@linux-mips.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Now I understand, thank you explain. On Mon, Apr 23, 2018 at 5:36 PM, Matt Redfearn wrote: > > > On 23/04/18 08:16, Heiher wrote: >> >> Hi, >> >> IIRC, The v1 is a temporary register, value is not preserved across >> function calls. > > > v1 is conventionally used for a function return value and as such can be > changed by called functions. However, bzero is called from inline assembly > and v1 is not in the clobbers list > https://elixir.bootlin.com/linux/v4.17-rc1/source/arch/mips/include/asm/uaccess.h#L652 > So the calling function does not expect that register to have been used and > can legitimately expect its value to remain after the function call, which > without this patch, it does not - as demonstrated by the test code. > > Thanks, > Matt > > >> >> I don't see any functions that generated by compiler to restore values >> of v1 after clobbered it. >> >> On Sun, Apr 22, 2018 at 9:54 PM, Greg Kroah-Hartman >> wrote: >>> >>> 3.18-stable review patch. If anyone has any objections, please let me >>> know. >>> >>> ------------------ >>> >>> From: Matt Redfearn >>> >>> commit c96eebf07692e53bf4dd5987510d8b550e793598 upstream. >>> >>> The label .Llast_fixup\@ is jumped to on page fault within the final >>> byte set loop of memset (on < MIPSR6 architectures). For some reason, in >>> this fault handler, the v1 register is randomly set to a2 & STORMASK. >>> This clobbers v1 for the calling function. This can be observed with the >>> following test code: >>> >>> static int __init __attribute__((optimize("O0"))) test_clear_user(void) >>> { >>> register int t asm("v1"); >>> char *test; >>> int j, k; >>> >>> pr_info("\n\n\nTesting clear_user\n"); >>> test = vmalloc(PAGE_SIZE); >>> >>> for (j = 256; j < 512; j++) { >>> t = 0xa5a5a5a5; >>> if ((k = clear_user(test + PAGE_SIZE - 256, j)) != j - 256) { >>> pr_err("clear_user (%px %d) returned %d\n", test + PAGE_SIZE - >>> 256, j, k); >>> } >>> if (t != 0xa5a5a5a5) { >>> pr_err("v1 was clobbered to 0x%x!\n", t); >>> } >>> } >>> >>> return 0; >>> } >>> late_initcall(test_clear_user); >>> >>> Which demonstrates that v1 is indeed clobbered (MIPS64): >>> >>> Testing clear_user >>> v1 was clobbered to 0x1! >>> v1 was clobbered to 0x2! >>> v1 was clobbered to 0x3! >>> v1 was clobbered to 0x4! >>> v1 was clobbered to 0x5! >>> v1 was clobbered to 0x6! >>> v1 was clobbered to 0x7! >>> >>> Since the number of bytes that could not be set is already contained in >>> a2, the andi placing a value in v1 is not necessary and actively >>> harmful in clobbering v1. >>> >>> Reported-by: James Hogan >>> Signed-off-by: Matt Redfearn >>> Cc: Ralf Baechle >>> Cc: linux-mips@linux-mips.org >>> Cc: stable@vger.kernel.org >>> Patchwork: https://patchwork.linux-mips.org/patch/19109/ >>> Signed-off-by: James Hogan >>> Signed-off-by: Greg Kroah-Hartman >>> >>> --- >>> arch/mips/lib/memset.S | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> --- a/arch/mips/lib/memset.S >>> +++ b/arch/mips/lib/memset.S >>> @@ -210,7 +210,7 @@ >>> >>> .Llast_fixup\@: >>> jr ra >>> - andi v1, a2, STORMASK >>> + nop >>> >>> .Lsmall_fixup\@: >>> PTR_SUBU a2, t1, a0 >>> >>> >>> >> >> >> > -- Best regards! Hev https://hev.cc