From: Mark Nelson <markn@au1.ibm.com>
To: benh@kernel.crashing.org
Cc: linuxppc-dev@ozlabs.org, Jan Kara <jack@ucw.cz>,
Jan Kara <jack@suse.cz>, Mel Gorman <mel@csn.ul.ie>,
linux-kernel <linux-kernel@vger.kernel.org>,
Paul Mackerras <paulus@samba.org>,
Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-ext4@vger.kernel.org
Subject: [PATCH] powerpc: Fix 64bit __copy_tofrom_user() regression
Date: Thu, 26 Feb 2009 10:46:24 +1100 [thread overview]
Message-ID: <200902261046.24367.markn@au1.ibm.com> (raw)
In-Reply-To: <200902261026.48183.markn@au1.ibm.com>
This fixes a regression introduced by commit
a4e22f02f5b6518c1484faea1f88d81802b9feac ("powerpc: Update 64bit
__copy_tofrom_user() using CPU_FTR_UNALIGNED_LD_STD").
The same bug that existed in the 64bit memcpy() also exists here so fix
it here too. The fix is the same as that applied to memcpy() with the
addition of fixes for the exception handling code required for
__copy_tofrom_user().
This stops us reading beyond the end of the source region we were told
to copy.
Signed-off-by: Mark Nelson <markn@au1.ibm.com>
---
arch/powerpc/lib/copyuser_64.S | 38 +++++++++++++++++++++++++++++++-------
1 file changed, 31 insertions(+), 7 deletions(-)
Index: upstream/arch/powerpc/lib/copyuser_64.S
===================================================================
--- upstream.orig/arch/powerpc/lib/copyuser_64.S
+++ upstream/arch/powerpc/lib/copyuser_64.S
@@ -62,18 +62,19 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
72: std r8,8(r3)
beq+ 3f
addi r3,r3,16
-23: ld r9,8(r4)
.Ldo_tail:
bf cr7*4+1,1f
- rotldi r9,r9,32
+23: lwz r9,8(r4)
+ addi r4,r4,4
73: stw r9,0(r3)
addi r3,r3,4
1: bf cr7*4+2,2f
- rotldi r9,r9,16
+44: lhz r9,8(r4)
+ addi r4,r4,2
74: sth r9,0(r3)
addi r3,r3,2
2: bf cr7*4+3,3f
- rotldi r9,r9,8
+45: lbz r9,8(r4)
75: stb r9,0(r3)
3: li r3,0
blr
@@ -141,11 +142,24 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
6: cmpwi cr1,r5,8
addi r3,r3,32
sld r9,r9,r10
- ble cr1,.Ldo_tail
+ ble cr1,7f
34: ld r0,8(r4)
srd r7,r0,r11
or r9,r7,r9
- b .Ldo_tail
+7:
+ bf cr7*4+1,1f
+ rotldi r9,r9,32
+94: stw r9,0(r3)
+ addi r3,r3,4
+1: bf cr7*4+2,2f
+ rotldi r9,r9,16
+95: sth r9,0(r3)
+ addi r3,r3,2
+2: bf cr7*4+3,3f
+ rotldi r9,r9,8
+96: stb r9,0(r3)
+3: li r3,0
+ blr
.Ldst_unaligned:
PPC_MTOCRF 0x01,r6 /* put #bytes to 8B bdry into cr7 */
@@ -218,7 +232,6 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
121:
132:
addi r3,r3,8
-123:
134:
135:
138:
@@ -226,6 +239,9 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
140:
141:
142:
+123:
+144:
+145:
/*
* here we have had a fault on a load and r3 points to the first
@@ -309,6 +325,9 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
187:
188:
189:
+194:
+195:
+196:
1:
ld r6,-24(r1)
ld r5,-8(r1)
@@ -329,7 +348,9 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
.llong 72b,172b
.llong 23b,123b
.llong 73b,173b
+ .llong 44b,144b
.llong 74b,174b
+ .llong 45b,145b
.llong 75b,175b
.llong 24b,124b
.llong 25b,125b
@@ -347,6 +368,9 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_
.llong 79b,179b
.llong 80b,180b
.llong 34b,134b
+ .llong 94b,194b
+ .llong 95b,195b
+ .llong 96b,196b
.llong 35b,135b
.llong 81b,181b
.llong 36b,136b
next prev parent reply other threads:[~2009-02-25 23:44 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-23 9:46 Crash (ext3 ) during 2.6.29-rc6 boot Sachin P. Sant
2009-02-23 10:13 ` Andrew Morton
2009-02-23 10:32 ` Paul Mackerras
2009-02-23 10:57 ` Sachin P. Sant
2009-02-23 15:51 ` Jan Kara
2009-02-24 6:38 ` Sachin P. Sant
2009-02-24 15:51 ` Jan Kara
2009-02-25 1:20 ` Mark Nelson
2009-02-25 6:52 ` Mark Nelson
2009-02-25 9:50 ` Geert Uytterhoeven
2009-02-25 12:10 ` Mark Nelson
2009-02-25 13:31 ` Geert Uytterhoeven
2009-02-25 22:45 ` Mark Nelson
2009-02-25 23:20 ` Mark Nelson
2009-02-26 17:40 ` Geert Uytterhoeven
2009-02-25 11:08 ` Sachin P. Sant
2009-02-25 12:13 ` Mark Nelson
2009-02-25 23:26 ` [PATCH] powerpc: Fix 64bit memcpy() regression Mark Nelson
2009-02-25 23:46 ` Mark Nelson [this message]
2009-02-24 18:01 ` Crash (ext3 ) during 2.6.29-rc6 boot Geert Uytterhoeven
2009-02-25 1:27 ` Mark Nelson
2009-02-25 10:50 ` Geert Uytterhoeven
2009-02-23 10:48 ` Sachin P. Sant
2009-02-24 16:14 ` Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200902261046.24367.markn@au1.ibm.com \
--to=markn@au1.ibm.com \
--cc=Geert.Uytterhoeven@sonycom.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=jack@suse.cz \
--cc=jack@ucw.cz \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@ozlabs.org \
--cc=mel@csn.ul.ie \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).