2.5.43 s390 (3/6): uaccess bug.

2.5.43 s390 (3/6): uaccess bug.

Post by Martin Schwidefsk » Thu, 17 Oct 2002 19:00:27



Don't rely on lowcore information in __copy_{from,to}_user_asm.

diff -urN linux-2.5.43/arch/s390/lib/uaccess.S linux-2.5.43-s390/arch/s390/lib/uaccess.S
--- linux-2.5.43/arch/s390/lib/uaccess.S        Wed Oct 16 05:27:18 2002
+++ linux-2.5.43-s390/arch/s390/lib/uaccess.S   Wed Oct 16 17:54:05 2002
@@ -1,9 +1,9 @@
 /*
  *  arch/s390/lib/uaccess.S
- *    fixup routines for copy_{from|to}_user functions.
+ *    __copy_{from|to}_user functions.
  *
  *  s390
- *    Copyright (C) 2000 IBM Deutschland Entwicklung GmbH, IBM Corporation
+ *    Copyright (C) 2000,2002 IBM Deutschland Entwicklung GmbH, IBM Corporation
  *    Authors(s): Martin Schwidefsky (schwidef...@de.ibm.com)
  *
  *  These functions have standard call interface
@@ -22,17 +22,23 @@
 1:     sacf    0
        lr      %r2,%r5
        br      %r14
-2:      sll    %r4,1
-        srl    %r4,1
-        lhi    %r3,-4096
-        sll    %r3,1
-        srl    %r3,1
-        n      %r3,__LC_TRANS_EXC_ADDR
-        sr     %r3,%r4
-        jm     1b
-       j       0b
+2:     lhi     %r1,-4096
+       lr      %r3,%r4
+       slr     %r3,%r1      # %r3 = %r4 + 4096
+       nr      %r3,%r1      # %r3 = (%r4 + 4096) & -4096
+       slr     %r3,%r4      # %r3 = #bytes to next user page boundary
+       clr     %r5,%r3      # copy crosses next page boundary ?
+       jnh     1b           # no, this page fauled
+       # The page after the current user page might have faulted.
+       # We cant't find out which page because the program check handler
+       # might have callled schedule, destroying all lowcore information.
+       # We retry with the shortened length.
+3:     mvcle   %r2,%r4,0
+       jo      3b
+       j       1b
         .section __ex_table,"a"
        .long   0b,2b
+       .long   3b,1b
         .previous

         .align 4
@@ -46,17 +52,23 @@
 1:     sacf    0
        lr      %r2,%r3
        br      %r14
-2:      sll    %r4,1
-        srl    %r4,1
-        lhi    %r5,-4096
-        sll    %r5,1
-        srl    %r5,1
-        n      %r5,__LC_TRANS_EXC_ADDR
-        sr     %r5,%r4
-        jm     1b
-       j       0b
+2:     lhi     %r1,-4096
+       lr      %r5,%r4
+       slr     %r5,%r1      # %r5 = %r4 + 4096
+       nr      %r5,%r1      # %r5 = (%r4 + 4096) & -4096
+       slr     %r5,%r4      # %r5 = #bytes to next user page boundary
+       clr     %r3,%r5      # copy crosses next page boundary ?
+       jnh     1b           # no, the current page fauled
+       # The page after the current user page might have faulted.
+       # We cant't find out which page because the program check handler
+       # might have callled schedule, destroying all lowcore information.
+       # We retry with the shortened length.
+3:     mvcle   %r4,%r2,0
+       jo      3b
+       j       1b
         .section __ex_table,"a"
-       .long   0b,2b
+       .long   0b,2b
+       .long   3b,1b
         .previous

         .align 4
@@ -71,18 +83,26 @@
 0:     mvcle   %r4,%r2,0
        jo      0b
 1:     sacf    0
-       lr      %r2,%r3
        br      %r14
-2:      sll    %r4,1
-        srl    %r4,1
-        lhi    %r5,-4096
-        sll    %r5,1
-        srl    %r5,1
-        n      %r5,__LC_TRANS_EXC_ADDR
-        sr     %r5,%r4
-       jm      1b
-       j       0b
+2:     lr      %r2,%r5
+       lhi     %r1,-4096
+       slr     %r5,%r1      # %r5 = %r4 + 4096
+       nr      %r5,%r1      # %r5 = (%r4 + 4096) & -4096
+       slr     %r5,%r4      # %r5 = #bytes to next user page boundary
+       clr     %r2,%r5      # copy crosses next page boundary ?
+       jnh     1b           # no, the current page fauled
+       # The page after the current user page might have faulted.
+       # We cant't find out which page because the program check handler
+       # might have callled schedule, destroying all lowcore information.
+       # We retry with the shortened length.
+       slr     %r2,%r5
+3:     mvcle   %r4,%r2,0
+       jo      3b
+       j       1b
+4:     alr     %r2,%r5
+       j       1b
         .section __ex_table,"a"
-       .long   0b,2b
+       .long   0b,2b
+        .long  3b,4b
         .previous

diff -urN linux-2.5.43/arch/s390x/lib/uaccess.S linux-2.5.43-s390/arch/s390x/lib/uaccess.S
--- linux-2.5.43/arch/s390x/lib/uaccess.S       Wed Oct 16 05:28:33 2002
+++ linux-2.5.43-s390/arch/s390x/lib/uaccess.S  Wed Oct 16 17:54:05 2002
@@ -1,9 +1,9 @@
 /*
  *  arch/s390x/lib/uaccess.S
- *    fixup routines for copy_{from|to}_user functions.
+ *    __copy_{from|to}_user functions.
  *
- *  S390
- *    Copyright (C) 2000 IBM Deutschland Entwicklung GmbH, IBM Corporation
+ *  s390
+ *    Copyright (C) 2000,2002 IBM Deutschland Entwicklung GmbH, IBM Corporation
  *    Authors(s): Martin Schwidefsky (schwidef...@de.ibm.com)
  *
  *  These functions have standard call interface
@@ -22,14 +22,23 @@
 1:     sacf    0
        lgr     %r2,%r5
        br      %r14
-2:     lghi    %r3,-4096
-        ng     %r3,__LC_TRANS_EXC_ADDR
-        sgr    %r3,%r4
-        jm     1b
-       j       0b
+2:     lghi    %r1,-4096
+       lgr     %r3,%r4
+       slgr    %r3,%r1      # %r3 = %r4 + 4096
+       ngr     %r3,%r1      # %r3 = (%r4 + 4096) & -4096
+       slgr    %r3,%r4      # %r3 = #bytes to next user page boundary
+       clgr    %r5,%r3      # copy crosses next page boundary ?
+       jnh     1b           # no, this page fauled
+       # The page after the current user page might have faulted.
+       # We cant't find out which page because the program check handler
+       # might have callled schedule, destroying all lowcore information.
+       # We retry with the shortened length.
+3:     mvcle   %r2,%r4,0
+       jo      3b
+       j       1b
         .section __ex_table,"a"
-        .align 8
        .quad   0b,2b
+       .quad   3b,1b
         .previous

         .align 4
@@ -43,14 +52,23 @@
 1:     sacf    0
        lgr     %r2,%r3
        br      %r14
-2:      lghi   %r5,-4096
-        ng     %r5,__LC_TRANS_EXC_ADDR
-        sgr    %r5,%r4
-       jm      1b
-       j       0b
+2:     lghi    %r1,-4096
+       lgr     %r5,%r4
+       slgr    %r5,%r1      # %r5 = %r4 + 4096
+       ngr     %r5,%r1      # %r5 = (%r4 + 4096) & -4096
+       slgr    %r5,%r4      # %r5 = #bytes to next user page boundary
+       clgr    %r3,%r5      # copy crosses next page boundary ?
+       jnh     1b           # no, the current page fauled
+       # The page after the current user page might have faulted.
+       # We cant't find out which page because the program check handler
+       # might have callled schedule, destroying all lowcore information.
+       # We retry with the shortened length.
+3:     mvcle   %r4,%r2,0
+       jo      3b
+       j       1b
         .section __ex_table,"a"
-        .align 8
-        .quad  0b,2b
+       .quad   0b,2b
+       .quad   3b,1b
         .previous

         .align 4
@@ -65,14 +83,25 @@
 0:     mvcle   %r4,%r2,0
        jo      0b
 1:     sacf    0
-       lgr     %r2,%r5
        br      %r14
-2:      lghi   %r5,-4096
-        ng     %r5,__LC_TRANS_EXC_ADDR
-        sgr    %r5,%r4
-       jm      1b
-       j       0b
+2:     lgr     %r2,%r5
+       lghi    %r1,-4096
+       slgr    %r5,%r1      # %r5 = %r4 + 4096
+       ngr     %r5,%r1      # %r5 = (%r4 + 4096) & -4096
+       slgr    %r5,%r4      # %r5 = #bytes to next user page boundary
+       clgr    %r2,%r5      # copy crosses next page boundary ?
+       jnh     1b           # no, the current page fauled
+       # The page after the current user page might have faulted.
+       # We cant't find out which page because the program check handler
+       # might have callled schedule, destroying all lowcore information.
+       # We retry with the shortened length.
+       slgr    %r2,%r5
+3:     mvcle   %r4,%r2,0
+       jo      3b
+       j       1b
+4:     algr    %r2,%r5
+       j       1b
         .section __ex_table,"a"
-        .align 8
-        .quad  0b,2b
+       .quad   0b,2b
+        .quad  3b,4b
         .previous

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

1. 2.5.43 s390 (5/6): cpu_online_map.

Add volatile to extern declaration of cpu_possible_map.

diff -urN linux-2.5.43/include/asm-s390/smp.h linux-2.5.43-s390/include/asm-s390/smp.h
--- linux-2.5.43/include/asm-s390/smp.h Wed Oct 16 05:28:22 2002

 } sigp_info;

 extern volatile unsigned long cpu_online_map;
-extern unsigned long cpu_possible_map;
+extern volatile unsigned long cpu_possible_map;

 #define NO_PROC_ID             0xFF            /* No processor magic marker */

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. Masquerade Question for 1.2.13

3. 2.5.43 s390 (1/6): Makefiles.

4. Newbie ? on FreeBSD install over DSL

5. 2.5.43 s390 (2/6): config & help.

6. Any experience with Net Express products?

7. 2.5.43 s390.

8. Backup Question

9. 2.5.43 s390 (4/6): 31 bit emulation.

10. 2.5.43 s390 (6/6): dasd stuff.

11. 2.5.43 IO-APIC bug and spinlock deadlock

12. 2.5.43-bug

13. Problems in the sk98lin driver (2.5.43)