From: Segher Boessenkool <segher@kernel.crashing.org>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Larry Finger <Larry.Finger@lwfinger.net>,
Linus Torvalds <torvalds@linux-foundation.org>,
Thorsten Leemhuis <regressions@leemhuis.info>,
linuxppc-dev@lists.ozlabs.org,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3)
Date: Sun, 25 Jun 2017 16:44:09 -0500 [thread overview]
Message-ID: <20170625214408.GT16550@gate.crashing.org> (raw)
In-Reply-To: <20170625205324.GW10672@ZenIV.linux.org.uk>
On Sun, Jun 25, 2017 at 09:53:24PM +0100, Al Viro wrote:
> Confirmed. It manages to bugger the loop immediately after the (successful)
> copying of iovec array in rw_copy_check_uvector(); both with and without
> INLINE_COPY_FROM_USER it has (just before the call of copy_from_user()) r27
> set to nr_segs * sizeof(struct iovec). The call is made, we check that it
> has succeeded and that's when it hits the fan: without INLINE_COPY_FROM_USER
> we have (interleaved with unrelated insns)
> addi 27,27,-8
> srwi 27,27,3
> addi 27,27,1
> mtctr 27
> Weird, but manages to pass nr_segs to mtctr.
This weirdosity is https://gcc.gnu.org/PR67288 . Those three instructions
are not the same as just srwi 27,27,3 in case r27 is 0; GCC does not
figure out this cannot happen here.
> _With_ INLINE_COPY_FROM_USER we
> get this:
> lis 9,0x2000
> mtctr 9
> In other words, the loop will try to go through 8192 iterations. No idea where
> that number has come from, but it sure as hell is wrong.
8192*65535, even. This is as if r27 was 0 always.
Do you have a short stand-alone testcase? 4.6 is ancient, of course, but
the actual problem may still exist in more recent compilers (if it _is_
a compiler problem; if it's not, you *really* want to know :-) )
Segher
next prev parent reply other threads:[~2017-06-25 21:44 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-01 16:39 Regression in kernel 4.12-rc1 for Powerpc 32 - partially bisected Larry Finger
2017-06-21 15:10 ` Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3 Larry Finger
2017-06-21 21:22 ` Al Viro
2017-06-21 21:31 ` Larry Finger
2017-06-21 21:34 ` Al Viro
2017-06-21 21:49 ` Larry Finger
2017-06-22 14:12 ` Al Viro
2017-06-22 14:19 ` Larry Finger
2017-06-22 19:25 ` Al Viro
2017-06-22 21:41 ` Al Viro
2017-06-23 18:49 ` Larry Finger
2017-06-23 20:29 ` Al Viro
2017-06-24 0:04 ` Larry Finger
2017-06-24 17:29 ` Larry Finger
2017-06-25 9:53 ` Al Viro
2017-06-25 11:14 ` Al Viro
2017-06-25 20:53 ` gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3) Al Viro
2017-06-25 21:44 ` Segher Boessenkool [this message]
2017-06-25 22:21 ` Al Viro
2017-06-26 13:37 ` Michael Ellerman
2017-06-26 13:40 ` Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3 Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170625214408.GT16550@gate.crashing.org \
--to=segher@kernel.crashing.org \
--cc=Larry.Finger@lwfinger.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=regressions@leemhuis.info \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.