linux/arch/powerpc
Paul Mackerras 1a34439e5a powerpc/64: Fix incorrect return value from __copy_tofrom_user
Debugging a data corruption issue with virtio-net/vhost-net led to
the observation that __copy_tofrom_user was occasionally returning
a value 16 larger than it should.  Since the return value from
__copy_tofrom_user is the number of bytes not copied, this means
that __copy_tofrom_user can occasionally return a value larger
than the number of bytes it was asked to copy.  In turn this can
cause higher-level copy functions such as copy_page_to_iter_iovec
to corrupt memory by copying data into the wrong memory locations.

It turns out that the failing case involves a fault on the store
at label 79, and at that point the first unmodified byte of the
destination is at R3 + 16.  Consequently the exception handler
for that store needs to add 16 to R3 before using it to work out
how many bytes were not copied, but in this one case it was not
adding the offset to R3.  To fix it, this moves the label 179 to
the point where we add 16 to R3.  I have checked manually all the
exception handlers for the loads and stores in this code and the
rest of them are correct (it would be excellent to have an
automated test of all the exception cases).

This bug has been present since this code was initially
committed in May 2002 to Linux version 2.5.20.

Cc: stable@vger.kernel.org
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-10-12 08:31:37 +11:00
..
boot powerpc/boot: Add support for XZ compression 2016-09-28 14:35:14 +10:00
configs Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into next 2016-10-11 20:07:56 +11:00
crypto crypto: crc32c-vpmsum - Convert to CPU feature based module autoloading 2016-08-09 14:50:17 +10:00
include Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into next 2016-10-11 20:07:56 +11:00
kernel powerpc/64s: Fix power4_fixup_nap placement 2016-10-11 21:28:30 +11:00
kvm powerpc: move hmi.c to arch/powerpc/kvm/ 2016-08-22 11:09:33 +10:00
lib powerpc/64: Fix incorrect return value from __copy_tofrom_user 2016-10-12 08:31:37 +11:00
math-emu
mm KVM: PPC: Book3S HV: Migrate pinned pages out of CMA 2016-09-29 15:14:44 +10:00
net powerpc/bpf: Add support for bpf constant blinding 2016-10-04 20:33:20 +11:00
oprofile powerpc/sparse: Make a bunch of things static 2016-09-13 17:35:47 +10:00
perf powerpc/sparse: Make a bunch of things static 2016-09-13 17:35:47 +10:00
platforms powerpc/pseries: Fix stack corruption in htpe code 2016-10-11 21:23:23 +11:00
scripts powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel 2016-03-07 14:53:56 +11:00
sysdev powerpc/fsl_pci: Size upper inbound window based on RAM size 2016-09-25 02:38:54 -05:00
xmon powerpc/xmon: Don't use ld on 32-bit 2016-09-13 17:37:02 +10:00
Kconfig powerpc: Only disable HAVE_EFFICIENT_UNALIGNED_ACCESS on POWER7 little endian 2016-10-04 16:15:00 +11:00
Kconfig.debug powerpc/mm: Catch usage of cpu/mmu_has_feature() before jump label init 2016-08-01 11:15:06 +10:00
Makefile arch/powerpc: Add CONFIG_FSL_DPAA to corenetXX_smp_defconfig 2016-09-25 02:39:01 -05:00
relocs_check.sh powerpc: Convert relocs_check to a shell script using grep 2015-03-23 14:47:39 +11:00