From patchwork Sat Nov 11 22:11:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John David Anglin X-Patchwork-Id: 10054565 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 73E9A60632 for ; Sat, 11 Nov 2017 22:11:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 58FB529AC5 for ; Sat, 11 Nov 2017 22:11:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4ADD729B00; Sat, 11 Nov 2017 22:11:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_TVD_MIME_EPI, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C100129AC5 for ; Sat, 11 Nov 2017 22:11:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751760AbdKKWLT (ORCPT ); Sat, 11 Nov 2017 17:11:19 -0500 Received: from belmont79srvr.owm.bell.net ([184.150.200.79]:32904 "EHLO mtlfep01.bell.net" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751651AbdKKWLT (ORCPT ); Sat, 11 Nov 2017 17:11:19 -0500 Received: from bell.net mtlfep01 184.150.200.30 by mtlfep01.bell.net with ESMTP id <20171111221117.OGHG8034.mtlfep01.bell.net@mtlspm01.bell.net> for ; Sat, 11 Nov 2017 17:11:17 -0500 Received: from [192.168.2.25] (really [70.54.49.68]) by mtlspm01.bell.net with ESMTP id <20171111221117.JUJD24632.mtlspm01.bell.net@[192.168.2.25]>; Sat, 11 Nov 2017 17:11:17 -0500 From: John David Anglin Mime-Version: 1.0 (Apple Message framework v1085) Date: Sat, 11 Nov 2017 17:11:16 -0500 Subject: [PATCH] parisc: Fix validity check of pointer size argument in new CAS implementation Cc: Helge Deller , "James E.J. Bottomley" , Christoph Biedl To: linux-parisc List Message-Id: <45F72D1B-5939-43D5-B4E5-B7D604432C02@bell.net> X-Mailer: Apple Mail (2.1085) X-Cloudmark-Analysis: v=2.2 cv=dus0Mxo4 c=1 sm=0 tr=0 a=6wHw2kR6hpAEE/VjhHKMJQ==:17 a=sC3jslCIGhcA:10 a=FBHGMhGWAAAA:8 a=Djs76S14eWSnA5FY5RkA:9 a=CjuIK1q_8ugA:10 a=O_jZtBuPqHuCEl9G9ywA:9 a=Ld372NDzu18A:10 a=CTwWI_8SlGQyalyz8_QA:9 a=ATlVsGG5QSsA:10 a=9gvnlMMaQFpL9xblJ6ne:22 Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP As noted by Christoph Biedl, passing a pointer size of 4 in the new CAS implementation causes a kernel crash. The attached patch corrects the off by one error in the argument validity check. In reviewing the code, I noticed that we only perform word operations with the pointer size argument. The subi instruction intentionally uses a word condition on 64-bit kernels. Nullification was used instead of a cmpib instruction as the branch should never be taken. The shlw pseudo-operation generates a depw,z instruction and it clears the target before doing a shift left word deposit. Thus, we don't need to clip the upper 32 bits of this argument on 64-bit kernels. Tested with a gcc testsuite run with a 64-bit kernel. The gcc atomic code in libgcc is the only direct user of the new CAS implementation that I am aware of. Signed-off-by: John David Anglin --- John David Anglin dave.anglin@bell.net diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S index 41e60a9c7db2..e775f80ae28c 100644 --- a/arch/parisc/kernel/syscall.S +++ b/arch/parisc/kernel/syscall.S @@ -690,15 +690,15 @@ cas_action: /* ELF32 Process entry path */ lws_compare_and_swap_2: #ifdef CONFIG_64BIT - /* Clip the input registers */ + /* Clip the input registers. We don't need to clip %r23 as we + only use it for word operations */ depdi 0, 31, 32, %r26 depdi 0, 31, 32, %r25 depdi 0, 31, 32, %r24 - depdi 0, 31, 32, %r23 #endif /* Check the validity of the size pointer */ - subi,>>= 4, %r23, %r0 + subi,>>= 3, %r23, %r0 b,n lws_exit_nosys /* Jump to the functions which will load the old and new values into