asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/arch
History
Helge Deller 5b879d78bc parisc: Fix gcc miscompilation in pa_memcpy() 
When running the LTP testsuite one may hit this kernel BUG() with the
write06 testcase:

kernel BUG at mm/filemap.c:2023!
CPU: 1 PID: 8614 Comm: writev01 Not tainted 3.10.0-rc7-64bit-c3000+ #6
IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000401e6e84 00000000401e6e88
 IIR: 03ffe01f    ISR: 0000000010340000  IOR: 000001fbe0380820
 CPU:        1   CR30: 00000000bef80000 CR31: ffffffffffffffff
 ORIG_R28: 00000000bdc192c0
 IAOQ[0]: iov_iter_advance+0x3c/0xc0
 IAOQ[1]: iov_iter_advance+0x40/0xc0
 RP(r2): generic_file_buffered_write+0x204/0x3f0
Backtrace:
 [<00000000401e764c>] generic_file_buffered_write+0x204/0x3f0
 [<00000000401eab24>] __generic_file_aio_write+0x244/0x448
 [<00000000401eadc0>] generic_file_aio_write+0x98/0x150
 [<000000004024f460>] do_sync_readv_writev+0xc0/0x130
 [<000000004025037c>] compat_do_readv_writev+0x12c/0x340
 [<00000000402505f8>] compat_writev+0x68/0xa0
 [<0000000040251d88>] compat_SyS_writev+0x98/0xf8

Reason for this crash is a gcc miscompilation in the fault handlers of
pa_memcpy() which return the fault address instead of the copied bytes.
Since this seems to be a generic problem with gcc-4.7.x (and below), it's
better to simplify the fault handlers in pa_memcpy to avoid this problem.

Here is a simple reproducer for the problem:

int main(int argc, char **argv)
{
	int fd, nbytes;
	struct iovec wr_iovec[] = {
		{ "TEST STRING                     ",32},
		{ (char*)0x40005000,32} }; // random memory.
	fd = open(DATA_FILE, O_RDWR | O_CREAT, 0666);
	nbytes = writev(fd, wr_iovec, 2);
	printf("return value = %d, errno %d (%s)\n",
		nbytes, errno, strerror(errno));
	return 0;
}

In addition, John David Anglin wrote:
There is no gcc PR as pa_memcpy is not legitimate C code. There is an
implicit assumption that certain variables will contain correct values
when an exception occurs and the code randomly jumps to one of the
exception blocks.  There is no guarantee of this.  If a PR was filed, it
would likely be marked as invalid.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Cc: <stable@vger.kernel.org> # 3.8+
Signed-off-by: Helge Deller <deller@gmx.de>
2013-07-09 22:09:23 +02:00
..
alpha mm/ALPHA: clean up unused VALID_PAGE() 2013-07-03 16:07:39 -07:00
arc Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-07-04 14:02:09 -07:00
arm Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2013-07-07 11:11:43 -07:00
arm64 tmem hypercall for arm and arm64 2013-07-06 12:38:42 -07:00
avr32 Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
blackfin Merge branch 'kconfig-diet' from Dave Hansen 2013-07-04 11:25:51 -07:00
c6x Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
cris Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
frv Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-07-04 11:40:58 -07:00
h8300 Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
hexagon mm/hexagon: prepare for removing num_physpages and simplify mem_init() 2013-07-03 16:07:36 -07:00
ia64 Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
m32r Merge branch 'kconfig-diet' from Dave Hansen 2013-07-04 11:25:51 -07:00
m68k Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
metag Metag architecture changes for v3.11 2013-07-06 12:39:39 -07:00
microblaze mm/microblaze: clean up unused VALID_PAGE() 2013-07-03 16:07:40 -07:00
mips Merge branch 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma 2013-07-07 11:11:43 -07:00
mn10300 Merge branch 'kconfig-diet' from Dave Hansen 2013-07-04 11:25:51 -07:00
openrisc Merge branch 'kconfig-diet' from Dave Hansen 2013-07-04 11:25:51 -07:00
parisc parisc: Fix gcc miscompilation in pa_memcpy() 2013-07-09 22:09:23 +02:00
powerpc irqdomain refactoring for v3.11 2013-07-06 12:37:04 -07:00
s390 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-07-04 10:29:23 -07:00
score Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
sh mm/SH: prepare for killing free_all_bootmem_node() 2013-07-03 16:07:39 -07:00
sparc Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-07-04 10:29:23 -07:00
tile Merge branch 'kconfig-diet' from Dave Hansen 2013-07-04 11:25:51 -07:00
um mm/um: prepare for removing num_physpages and simplify mem_init() 2013-07-03 16:07:37 -07:00
unicore32 Merge branch 'akpm' (updates from Andrew Morton) 2013-07-03 17:12:13 -07:00
x86 Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2013-07-06 14:09:38 -07:00
xtensa mm/xtensa: prepare for removing num_physpages and simplify mem_init() 2013-07-03 16:07:38 -07:00
.gitignore
Kconfig mm: soft-dirty bits for user memory changes tracking 2013-07-03 16:07:26 -07:00