Re: gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3)

linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed

From: Segher Boessenkool <segher@kernel.crashing.org>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: Larry Finger <Larry.Finger@lwfinger.net>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Thorsten Leemhuis <regressions@leemhuis.info>,
	linuxppc-dev@lists.ozlabs.org,
	LKML <linux-kernel@vger.kernel.org>
Subject: Re: gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3)
Date: Sun, 25 Jun 2017 16:44:09 -0500	[thread overview]
Message-ID: <20170625214408.GT16550@gate.crashing.org> (raw)
In-Reply-To: <20170625205324.GW10672@ZenIV.linux.org.uk>

On Sun, Jun 25, 2017 at 09:53:24PM +0100, Al Viro wrote:
> Confirmed.  It manages to bugger the loop immediately after the (successful)
> copying of iovec array in rw_copy_check_uvector(); both with and without
> INLINE_COPY_FROM_USER it has (just before the call of copy_from_user()) r27
> set to nr_segs * sizeof(struct iovec).  The call is made, we check that it
> has succeeded and that's when it hits the fan: without INLINE_COPY_FROM_USER
> we have (interleaved with unrelated insns)
>         addi 27,27,-8
>         srwi 27,27,3
>         addi 27,27,1
>         mtctr 27
> Weird, but manages to pass nr_segs to mtctr.

This weirdosity is https://gcc.gnu.org/PR67288 .  Those three instructions
are not the same as just  srwi 27,27,3  in case r27 is 0; GCC does not
figure out this cannot happen here.

> _With_ INLINE_COPY_FROM_USER we
> get this:
>         lis 9,0x2000
>         mtctr 9
> In other words, the loop will try to go through 8192 iterations.  No idea where
> that number has come from, but it sure as hell is wrong.

8192*65535, even.  This is as if r27 was 0 always.

Do you have a short stand-alone testcase?  4.6 is ancient, of course, but
the actual problem may still exist in more recent compilers (if it _is_
a compiler problem; if it's not, you *really* want to know :-) )


Segher

next prev parent reply	other threads:[~2017-06-25 21:44 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <69187aa4-611f-b08a-8d14-b8fa47b4c464@lwfinger.net>
     [not found] ` <1588557c-2706-0c0e-3387-4ae65d0b5790@lwfinger.net>
     [not found]   ` <20170621212257.GN10672@ZenIV.linux.org.uk>
     [not found]     ` <5f4b9fa4-262a-31b1-32ba-a2f6e789b3d6@lwfinger.net>
     [not found]       ` <20170621213415.GO10672@ZenIV.linux.org.uk>
     [not found]         ` <655d304e-e455-6e0c-56e1-f127653ea13c@lwfinger.net>
     [not found]           ` <20170622141203.GP10672@ZenIV.linux.org.uk>
     [not found]             ` <7bbd4c87-e8ff-5f83-8c4c-e205872083bf@lwfinger.net>
     [not found]               ` <20170622192515.GQ10672@ZenIV.linux.org.uk>
     [not found]                 ` <2346c306-8e26-94cb-3c63-b866a7f4625d@lwfinger.net>
2017-06-23 20:29                   ` Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3 Al Viro
2017-06-24  0:04                     ` Larry Finger
2017-06-24 17:29                     ` Larry Finger
2017-06-25  9:53                       ` Al Viro
2017-06-25 11:14                         ` Al Viro
2017-06-25 20:53                           ` gcc 4.6.3 miscompile on ppc32 (was Re: Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3) Al Viro
2017-06-25 21:44                             ` Segher Boessenkool [this message]
2017-06-25 22:21                               ` Al Viro
2017-06-26 13:37                                 ` Michael Ellerman
2017-06-26 13:40                       ` Regression in kernel 4.12-rc1 for Powerpc 32 - bisected to commit 3448890c32c3 Michael Ellerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170625214408.GT16550@gate.crashing.org \
    --to=segher@kernel.crashing.org \
    --cc=Larry.Finger@lwfinger.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=regressions@leemhuis.info \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@ZenIV.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).