Message ID | 1476218732-53760-1-git-send-email-seth.forshee@canonical.com |
---|---|
State | New |
Headers | show |
On 10/11/2016 01:45 PM, Seth Forshee wrote: > From: Paul Mackerras <paulus@ozlabs.org> > > BugLink: http://bugs.launchpad.net/bugs/1632462 > > Debugging a data corruption issue with virtio-net/vhost-net led to > the observation that __copy_tofrom_user was occasionally returning > a value 16 larger than it should. Since the return value from > __copy_tofrom_user is the number of bytes not copied, this means > that __copy_tofrom_user can occasionally return a value larger > than the number of bytes it was asked to copy. In turn this can > cause higher-level copy functions such as copy_page_to_iter_iovec > to corrupt memory by copying data into the wrong memory locations. > > It turns out that the failing case involves a fault on the store > at label 79, and at that point the first unmodified byte of the > destination is at R3 + 16. Consequently the exception handler > for that store needs to add 16 to R3 before using it to work out > how many bytes were not copied, but in this one case it was not > adding the offset to R3. To fix it, this moves the label 179 to > the point where we add 16 to R3. I have checked manually all the > exception handlers for the loads and stores in this code and the > rest of them are correct (it would be excellent to have an > automated test of all the exception cases). > > Signed-off-by: Paul Mackerras <paulus@ozlabs.org> > Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Leann Ogasawara <leann.ogasawara@caonical.com> > --- > arch/powerpc/lib/copyuser_64.S | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/powerpc/lib/copyuser_64.S b/arch/powerpc/lib/copyuser_64.S > index f09899e35991..7b22624f332c 100644 > --- a/arch/powerpc/lib/copyuser_64.S > +++ b/arch/powerpc/lib/copyuser_64.S > @@ -359,6 +359,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_LD_STD) > addi r3,r3,8 > 171: > 177: > +179: > addi r3,r3,8 > 370: > 372: > @@ -373,7 +374,6 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_LD_STD) > 173: > 174: > 175: > -179: > 181: > 184: > 186: >
Applied with additional ack received from bjf on irc.
diff --git a/arch/powerpc/lib/copyuser_64.S b/arch/powerpc/lib/copyuser_64.S index f09899e35991..7b22624f332c 100644 --- a/arch/powerpc/lib/copyuser_64.S +++ b/arch/powerpc/lib/copyuser_64.S @@ -359,6 +359,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_LD_STD) addi r3,r3,8 171: 177: +179: addi r3,r3,8 370: 372: @@ -373,7 +374,6 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_LD_STD) 173: 174: 175: -179: 181: 184: 186: