Message ID | cfcff31e25dd6556b6cdf85842fb4e70174fabaa.1638036607.git.christophe.leroy@csgroup.eu (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | [v3,1/4] powerpc/inst: Refactor ___get_user_instr() | expand |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/github-powerpc_selftests | success | Successfully ran 8 jobs. |
snowpatch_ozlabs/github-powerpc_ppctests | success | Successfully ran 8 jobs. |
snowpatch_ozlabs/github-powerpc_sparse | success | Successfully ran 4 jobs. |
Le 27/11/2021 à 19:10, Christophe Leroy a écrit : > copy_inst_from_kernel_nofault() uses copy_from_kernel_nofault() to > copy one or two 32bits words. This means calling an out-of-line > function which itself calls back copy_from_kernel_nofault_allowed() > then performs a generic copy with loops. > > Rewrite copy_inst_from_kernel_nofault() to do everything at a > single place and use __get_kernel_nofault() directly to perform > single accesses without loops. > > Before the patch: > > 00000018 <copy_inst_from_kernel_nofault>: > 18: 94 21 ff e0 stwu r1,-32(r1) > 1c: 7c 08 02 a6 mflr r0 > 20: 38 a0 00 04 li r5,4 > 24: 93 e1 00 1c stw r31,28(r1) > 28: 7c 7f 1b 78 mr r31,r3 > 2c: 38 61 00 08 addi r3,r1,8 > 30: 90 01 00 24 stw r0,36(r1) > 34: 48 00 00 01 bl 34 <copy_inst_from_kernel_nofault+0x1c> > 34: R_PPC_REL24 copy_from_kernel_nofault > 38: 2c 03 00 00 cmpwi r3,0 > 3c: 40 82 00 0c bne 48 <copy_inst_from_kernel_nofault+0x30> > 40: 81 21 00 08 lwz r9,8(r1) > 44: 91 3f 00 00 stw r9,0(r31) > 48: 80 01 00 24 lwz r0,36(r1) > 4c: 83 e1 00 1c lwz r31,28(r1) > 50: 38 21 00 20 addi r1,r1,32 > 54: 7c 08 03 a6 mtlr r0 > 58: 4e 80 00 20 blr > > After the patch: > > 00000018 <copy_inst_from_kernel_nofault>: > 18: 3d 20 b0 00 lis r9,-20480 > 1c: 7c 04 48 40 cmplw r4,r9 > 20: 7c 69 1b 78 mr r9,r3 > 24: 41 80 00 2c blt 50 <copy_inst_from_kernel_nofault+0x38> > 28: 81 42 04 d0 lwz r10,1232(r2) > 2c: 39 4a 00 01 addi r10,r10,1 > 30: 91 42 04 d0 stw r10,1232(r2) > 34: 80 e4 00 00 lwz r7,0(r4) > 38: 81 42 04 d0 lwz r10,1232(r2) > 3c: 38 60 00 00 li r3,0 > 40: 39 4a ff ff addi r10,r10,-1 > 44: 91 42 04 d0 stw r10,1232(r2) > 48: 90 e9 00 00 stw r7,0(r9) > 4c: 4e 80 00 20 blr > > 50: 38 60 ff de li r3,-34 > 54: 4e 80 00 20 blr > 58: 81 22 04 d0 lwz r9,1232(r2) > 5c: 38 60 ff f2 li r3,-14 > 60: 39 29 ff ff addi r9,r9,-1 > 64: 91 22 04 d0 stw r9,1232(r2) > 68: 4e 80 00 20 blr > > Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> > --- > v3: New > --- > arch/powerpc/mm/maccess.c | 18 ++++++++++++------ > 1 file changed, 12 insertions(+), 6 deletions(-) > > diff --git a/arch/powerpc/mm/maccess.c b/arch/powerpc/mm/maccess.c > index 5abae96b2b46..90309806f5eb 100644 > --- a/arch/powerpc/mm/maccess.c > +++ b/arch/powerpc/mm/maccess.c > @@ -15,16 +15,22 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) > int copy_inst_from_kernel_nofault(ppc_inst_t *inst, u32 *src) > { > unsigned int val, suffix; > - int err; > > - err = copy_from_kernel_nofault(&val, src, sizeof(val)); > - if (err) > - return err; > + if (unlikely(!is_kernel_addr((unsigned long)src))) > + return -ERANGE; > + > + pagefault_disable(); Allthough generic version of copy_from_kernel_nofault() does it, disabling pagefault is pointless here because we are accessing kernel addresses only, so a page fault will always fail via bad_kernel_fault(), it will never reach the faulthandler_disabled() test. > + __get_kernel_nofault(&val, src, u32, Efault); > if (IS_ENABLED(CONFIG_PPC64) && get_op(val) == OP_PREFIX) { > - err = copy_from_kernel_nofault(&suffix, src + 1, sizeof(suffix)); > + __get_kernel_nofault(&suffix, src + 1, u32, Efault); > + pagefault_enable(); > *inst = ppc_inst_prefix(val, suffix); > } else { > + pagefault_enable(); > *inst = ppc_inst(val); > } > - return err; > + return 0; > +Efault: > + pagefault_enable(); > + return -EFAULT; > } >
diff --git a/arch/powerpc/mm/maccess.c b/arch/powerpc/mm/maccess.c index 5abae96b2b46..90309806f5eb 100644 --- a/arch/powerpc/mm/maccess.c +++ b/arch/powerpc/mm/maccess.c @@ -15,16 +15,22 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) int copy_inst_from_kernel_nofault(ppc_inst_t *inst, u32 *src) { unsigned int val, suffix; - int err; - err = copy_from_kernel_nofault(&val, src, sizeof(val)); - if (err) - return err; + if (unlikely(!is_kernel_addr((unsigned long)src))) + return -ERANGE; + + pagefault_disable(); + __get_kernel_nofault(&val, src, u32, Efault); if (IS_ENABLED(CONFIG_PPC64) && get_op(val) == OP_PREFIX) { - err = copy_from_kernel_nofault(&suffix, src + 1, sizeof(suffix)); + __get_kernel_nofault(&suffix, src + 1, u32, Efault); + pagefault_enable(); *inst = ppc_inst_prefix(val, suffix); } else { + pagefault_enable(); *inst = ppc_inst(val); } - return err; + return 0; +Efault: + pagefault_enable(); + return -EFAULT; }
copy_inst_from_kernel_nofault() uses copy_from_kernel_nofault() to copy one or two 32bits words. This means calling an out-of-line function which itself calls back copy_from_kernel_nofault_allowed() then performs a generic copy with loops. Rewrite copy_inst_from_kernel_nofault() to do everything at a single place and use __get_kernel_nofault() directly to perform single accesses without loops. Before the patch: 00000018 <copy_inst_from_kernel_nofault>: 18: 94 21 ff e0 stwu r1,-32(r1) 1c: 7c 08 02 a6 mflr r0 20: 38 a0 00 04 li r5,4 24: 93 e1 00 1c stw r31,28(r1) 28: 7c 7f 1b 78 mr r31,r3 2c: 38 61 00 08 addi r3,r1,8 30: 90 01 00 24 stw r0,36(r1) 34: 48 00 00 01 bl 34 <copy_inst_from_kernel_nofault+0x1c> 34: R_PPC_REL24 copy_from_kernel_nofault 38: 2c 03 00 00 cmpwi r3,0 3c: 40 82 00 0c bne 48 <copy_inst_from_kernel_nofault+0x30> 40: 81 21 00 08 lwz r9,8(r1) 44: 91 3f 00 00 stw r9,0(r31) 48: 80 01 00 24 lwz r0,36(r1) 4c: 83 e1 00 1c lwz r31,28(r1) 50: 38 21 00 20 addi r1,r1,32 54: 7c 08 03 a6 mtlr r0 58: 4e 80 00 20 blr After the patch: 00000018 <copy_inst_from_kernel_nofault>: 18: 3d 20 b0 00 lis r9,-20480 1c: 7c 04 48 40 cmplw r4,r9 20: 7c 69 1b 78 mr r9,r3 24: 41 80 00 2c blt 50 <copy_inst_from_kernel_nofault+0x38> 28: 81 42 04 d0 lwz r10,1232(r2) 2c: 39 4a 00 01 addi r10,r10,1 30: 91 42 04 d0 stw r10,1232(r2) 34: 80 e4 00 00 lwz r7,0(r4) 38: 81 42 04 d0 lwz r10,1232(r2) 3c: 38 60 00 00 li r3,0 40: 39 4a ff ff addi r10,r10,-1 44: 91 42 04 d0 stw r10,1232(r2) 48: 90 e9 00 00 stw r7,0(r9) 4c: 4e 80 00 20 blr 50: 38 60 ff de li r3,-34 54: 4e 80 00 20 blr 58: 81 22 04 d0 lwz r9,1232(r2) 5c: 38 60 ff f2 li r3,-14 60: 39 29 ff ff addi r9,r9,-1 64: 91 22 04 d0 stw r9,1232(r2) 68: 4e 80 00 20 blr Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> --- v3: New --- arch/powerpc/mm/maccess.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-)