From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, James Hogan <jhogan@kernel.org>,
Matt Redfearn <matt.redfearn@mips.com>,
Ralf Baechle <ralf@linux-mips.org>,
linux-mips@linux-mips.org
Subject: [PATCH 3.18 44/52] MIPS: memset.S: Fix return of __clear_user from Lpartial_fixup
Date: Sun, 22 Apr 2018 15:54:17 +0200 [thread overview]
Message-ID: <20180422135317.399275218@linuxfoundation.org> (raw)
In-Reply-To: <20180422135315.254787616@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matt Redfearn <matt.redfearn@mips.com>
commit daf70d89f80c6e1772233da9e020114b1254e7e0 upstream.
The __clear_user function is defined to return the number of bytes that
could not be cleared. From the underlying memset / bzero implementation
this means setting register a2 to that number on return. Currently if a
page fault is triggered within the memset_partial block, the value
loaded into a2 on return is meaningless.
The label .Lpartial_fixup\@ is jumped to on page fault. In order to work
out how many bytes failed to copy, the exception handler should find how
many bytes left in the partial block (andi a2, STORMASK), add that to
the partial block end address (a2), and subtract the faulting address to
get the remainder. Currently it incorrectly subtracts the partial block
start address (t1), which has additionally been clobbered to generate a
jump target in memset_partial. Fix this by adding the block end address
instead.
This issue was found with the following test code:
int j, k;
for (j = 0; j < 512; j++) {
if ((k = clear_user(NULL, j)) != j) {
pr_err("clear_user (NULL %d) returned %d\n", j, k);
}
}
Which now passes on Creator Ci40 (MIPS32) and Cavium Octeon II (MIPS64).
Suggested-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Matt Redfearn <matt.redfearn@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Cc: stable@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/19108/
Signed-off-by: James Hogan <jhogan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/mips/lib/memset.S | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/mips/lib/memset.S
+++ b/arch/mips/lib/memset.S
@@ -204,7 +204,7 @@
PTR_L t0, TI_TASK($28)
andi a2, STORMASK
LONG_L t0, THREAD_BUADDR(t0)
- LONG_ADDU a2, t1
+ LONG_ADDU a2, a0
jr ra
LONG_SUBU a2, t0
next prev parent reply other threads:[~2018-04-22 13:54 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-22 13:53 [PATCH 3.18 00/52] 3.18.106-stable review Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 01/52] media: v4l2-compat-ioctl32: dont oops on overlay Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 02/52] parisc: Fix out of array access in match_pci_device() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 03/52] s390/qdio: dont retry EQBS after CCQ 96 Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 04/52] s390/qdio: dont merge ERROR output buffers Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 05/52] s390/ipl: ensure loadparm valid flag is set Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 06/52] slip: Check if rstate is initialized before uncompressing Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 07/52] ubifs: Check ubifs_wbuf_sync() return code Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 08/52] ubi: Fix error for write access Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 09/52] ubi: Reject MLC NAND Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 10/52] fs/reiserfs/journal.c: add missing resierfs_warning() arg Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 11/52] resource: fix integer overflow at reallocation Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 12/52] usb: musb: gadget: misplaced out of bounds check Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 13/52] ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 14/52] xen-netfront: Fix hang on device removal Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 15/52] ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 17/52] usb: dwc3: pci: Properly cleanup resource Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 18/52] HID: i2c-hid: fix size check and type usage Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 19/52] powerpc/powernv: Handle unknown OPAL errors in opal_nvram_write() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 20/52] powerpc/64: Fix smp_wmb barrier definition use use lwsync consistently Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 21/52] powerpc/powernv: Fix OPAL NVRAM driver OPAL_BUSY loops Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 22/52] ASoC: ssm2602: Replace reg_default_raw with reg_default Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 23/52] thunderbolt: Resume control channel after hibernation image is created Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 24/52] random: use a tighter cap in credit_entropy_bits_safe() Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 25/52] jbd2: if the journal is aborted then dont allow update of the log tail Greg Kroah-Hartman
2018-04-22 13:53 ` [PATCH 3.18 26/52] mmc: jz4740: Fix race condition in IRQ mask update Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 27/52] clk: mvebu: armada-38x: add support for 1866MHz variants Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 28/52] clk: mvebu: armada-38x: add support for missing clocks Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 29/52] thermal: imx: Fix race condition in imx_thermal_probe() Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 30/52] watchdog: f71808e_wdt: Fix WD_EN register read Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 31/52] ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 32/52] ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 33/52] ALSA: pcm: Avoid potential races between OSS ioctls and read/write Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 34/52] ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 35/52] ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 36/52] ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 37/52] ext4: add validity checks for bitmap block numbers Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 38/52] ext4: fail ext4_iget for root directory if unallocated Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 39/52] ext4: dont allow r/w mounts if metadata blocks overlap the superblock Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 41/52] ALSA: rawmidi: Fix missing input substream checks in compat ioctls Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 42/52] HID: hidraw: Fix crash on HIDIOCGFEATURE with a destroyed device Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 43/52] MIPS: memset.S: EVA & fault support for small_memset Greg Kroah-Hartman
2018-04-22 13:54 ` Greg Kroah-Hartman [this message]
2018-04-22 13:54 ` [PATCH 3.18 45/52] MIPS: memset.S: Fix clobber of v1 in last_fixup Greg Kroah-Hartman
2018-04-23 7:16 ` Heiher
2018-04-23 9:36 ` Matt Redfearn
2018-04-23 9:45 ` Heiher
2018-04-22 13:54 ` [PATCH 3.18 46/52] powerpc/lib: Fix off-by-one in alternate feature patching Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 47/52] jffs2_kill_sb(): deal with failed allocations Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 48/52] hypfs_kill_super(): " Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 49/52] rpc_pipefs: fix double-dput() Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 50/52] Dont leak MNT_INTERNAL away from internal mounts Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 51/52] autofs: mount point create should honour passed in mode Greg Kroah-Hartman
2018-04-22 13:54 ` [PATCH 3.18 52/52] fanotify: fix logic of events on child Greg Kroah-Hartman
2018-04-22 15:24 ` [PATCH 3.18 00/52] 3.18.106-stable review Harsh Shandilya
2018-04-22 15:27 ` Greg Kroah-Hartman
2018-04-23 16:52 ` Guenter Roeck
2018-04-23 21:39 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180422135317.399275218@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jhogan@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=matt.redfearn@mips.com \
--cc=ralf@linux-mips.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).