diff options
| author | Mark Nelson <markn@au1.ibm.com> | 2009-02-25 08:26:48 -0500 |
|---|---|---|
| committer | Benjamin Herrenschmidt <benh@kernel.crashing.org> | 2009-02-25 22:02:53 -0500 |
| commit | e423b9ecd6aa434ce9ba72a21fdc61079e620e0a (patch) | |
| tree | 497608c41554e8d2cbff6054d35988bcaf9577a8 /arch | |
| parent | 49f297f8df9adb797334155470ea9ca68bdb041e (diff) | |
powerpc: Fix 64bit memcpy() regression
This fixes a regression introduced by commit
25d6e2d7c58ddc4a3b614fc5381591c0cfe66556 ("powerpc: Update 64bit memcpy()
using CPU_FTR_UNALIGNED_LD_STD").
This commit allowed CPUs that have the CPU_FTR_UNALIGNED_LD_STD CPU
feature bit present to do the memcpy() with unaligned load doubles. But,
along with this came a bug where our final load double would read bytes
beyond a page boundary and into the next (unmapped) page. This was caught
by enabling CONFIG_DEBUG_PAGEALLOC,
The fix was to read only the number of bytes that we need to store rather
than reading a full 8-byte doubleword and storing only a portion of that.
In order to minimise the amount of existing code touched we use the
original do_tail for the src_unaligned case.
Below is an example of the regression, as reported by Sachin Sant:
Unable to handle kernel paging request for data at address 0xc00000003f380000
Faulting instruction address: 0xc000000000039574
cpu 0x1: Vector: 300 (Data Access) at [c00000003baf3020]
pc: c000000000039574: .memcpy+0x74/0x244
lr: d00000000244916c: .ext3_xattr_get+0x288/0x2f4 [ext3]
sp: c00000003baf32a0
msr: 8000000000009032
dar: c00000003f380000
dsisr: 40000000
current = 0xc00000003e54b010
paca = 0xc000000000a53680
pid = 1840, comm = readahead
enter ? for help
[link register ] d00000000244916c .ext3_xattr_get+0x288/0x2f4 [ext3]
[c00000003baf32a0] d000000002449104 .ext3_xattr_get+0x220/0x2f4 [ext3]
(unreliab
le)
[c00000003baf3390] d00000000244a6e8 .ext3_xattr_security_get+0x40/0x5c [ext3]
[c00000003baf3400] c000000000148154 .generic_getxattr+0x74/0x9c
[c00000003baf34a0] c000000000333400 .inode_doinit_with_dentry+0x1c4/0x678
[c00000003baf3560] c00000000032c6b0 .security_d_instantiate+0x50/0x68
[c00000003baf35e0] c00000000013c818 .d_instantiate+0x78/0x9c
[c00000003baf3680] c00000000013ced0 .d_splice_alias+0xf0/0x120
[c00000003baf3720] d00000000243e05c .ext3_lookup+0xec/0x134 [ext3]
[c00000003baf37c0] c000000000131e74 .do_lookup+0x110/0x260
[c00000003baf3880] c000000000134ed0 .__link_path_walk+0xa98/0x1010
[c00000003baf3970] c0000000001354a0 .path_walk+0x58/0xc4
[c00000003baf3a20] c000000000135720 .do_path_lookup+0x138/0x1e4
[c00000003baf3ad0] c00000000013645c .path_lookup_open+0x6c/0xc8
[c00000003baf3b70] c000000000136780 .do_filp_open+0xcc/0x874
[c00000003baf3d10] c0000000001251e0 .do_sys_open+0x80/0x140
[c00000003baf3dc0] c00000000016aaec .compat_sys_open+0x24/0x38
[c00000003baf3e30] c00000000000855c syscall_exit+0x0/0x40
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/powerpc/lib/memcpy_64.S | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/arch/powerpc/lib/memcpy_64.S b/arch/powerpc/lib/memcpy_64.S index fe2d34e5332d..e178922b2c21 100644 --- a/arch/powerpc/lib/memcpy_64.S +++ b/arch/powerpc/lib/memcpy_64.S | |||
| @@ -53,18 +53,19 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_LD_STD) | |||
| 53 | 3: std r8,8(r3) | 53 | 3: std r8,8(r3) |
| 54 | beq 3f | 54 | beq 3f |
| 55 | addi r3,r3,16 | 55 | addi r3,r3,16 |
| 56 | ld r9,8(r4) | ||
| 57 | .Ldo_tail: | 56 | .Ldo_tail: |
| 58 | bf cr7*4+1,1f | 57 | bf cr7*4+1,1f |
| 59 | rotldi r9,r9,32 | 58 | lwz r9,8(r4) |
| 59 | addi r4,r4,4 | ||
| 60 | stw r9,0(r3) | 60 | stw r9,0(r3) |
| 61 | addi r3,r3,4 | 61 | addi r3,r3,4 |
| 62 | 1: bf cr7*4+2,2f | 62 | 1: bf cr7*4+2,2f |
| 63 | rotldi r9,r9,16 | 63 | lhz r9,8(r4) |
| 64 | addi r4,r4,2 | ||
| 64 | sth r9,0(r3) | 65 | sth r9,0(r3) |
| 65 | addi r3,r3,2 | 66 | addi r3,r3,2 |
| 66 | 2: bf cr7*4+3,3f | 67 | 2: bf cr7*4+3,3f |
| 67 | rotldi r9,r9,8 | 68 | lbz r9,8(r4) |
| 68 | stb r9,0(r3) | 69 | stb r9,0(r3) |
| 69 | 3: ld r3,48(r1) /* return dest pointer */ | 70 | 3: ld r3,48(r1) /* return dest pointer */ |
| 70 | blr | 71 | blr |
| @@ -133,11 +134,24 @@ END_FTR_SECTION_IFCLR(CPU_FTR_UNALIGNED_LD_STD) | |||
| 133 | cmpwi cr1,r5,8 | 134 | cmpwi cr1,r5,8 |
| 134 | addi r3,r3,32 | 135 | addi r3,r3,32 |
| 135 | sld r9,r9,r10 | 136 | sld r9,r9,r10 |
| 136 | ble cr1,.Ldo_tail | 137 | ble cr1,6f |
| 137 | ld r0,8(r4) | 138 | ld r0,8(r4) |
| 138 | srd r7,r0,r11 | 139 | srd r7,r0,r11 |
| 139 | or r9,r7,r9 | 140 | or r9,r7,r9 |
| 140 | b .Ldo_tail | 141 | 6: |
| 142 | bf cr7*4+1,1f | ||
| 143 | rotldi r9,r9,32 | ||
| 144 | stw r9,0(r3) | ||
| 145 | addi r3,r3,4 | ||
| 146 | 1: bf cr7*4+2,2f | ||
| 147 | rotldi r9,r9,16 | ||
| 148 | sth r9,0(r3) | ||
| 149 | addi r3,r3,2 | ||
| 150 | 2: bf cr7*4+3,3f | ||
| 151 | rotldi r9,r9,8 | ||
| 152 | stb r9,0(r3) | ||
| 153 | 3: ld r3,48(r1) /* return dest pointer */ | ||
| 154 | blr | ||
| 141 | 155 | ||
| 142 | .Ldst_unaligned: | 156 | .Ldst_unaligned: |
| 143 | PPC_MTOCRF 0x01,r6 # put #bytes to 8B bdry into cr7 | 157 | PPC_MTOCRF 0x01,r6 # put #bytes to 8B bdry into cr7 |