kernel/linux.git/arch/sparc/lib, branch v5.10.257

sparc: fix accurate exception reporting in copy_{from,to}_user for M7

2025-10-29T13:01:07+00:00

[ Upstream commit 936fb512752af349fc30ccbe0afe14a2ae6d7159 ] The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations. This will fix the return value of copy_from_user and copy_to_user in the faulting case. The behaviour of memcpy stays unchanged. Fixes: 34060b8fffa7 ("arch/sparc: Add accurate exception reporting in M7memcpy") Tested-by: John Paul Adrian Glaubitz # on Oracle SPARC S7 Tested-by: Tony Rodriguez # S7, see https://lore.kernel.org/r/98564e2e68df2dda0e00c67a75c7f7dfedb33c7e.camel@physik.fu-berlin.de Signed-off-by: Michael Karcher Reviewed-by: Andreas Larsson Link: https://lore.kernel.org/r/20250905-memcpy_series-v4-5-1ca72dda195b@mkarcher.dialup.fu-berlin.de Signed-off-by: Andreas Larsson Signed-off-by: Sasha Levin

sparc: fix accurate exception reporting in copy_to_user for Niagara 4

2025-10-29T13:01:06+00:00

[ Upstream commit 5a746c1a2c7980de6c888b6373299f751ad7790b ] The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a bad calculation. This will fix the return value of copy_to_user in a specific faulting case. The behaviour of memcpy stays unchanged. Fixes: 957077048009 ("sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.") Tested-by: John Paul Adrian Glaubitz # on Oracle SPARC T4-1 Signed-off-by: Michael Karcher Reviewed-by: Andreas Larsson Link: https://lore.kernel.org/r/20250905-memcpy_series-v4-4-1ca72dda195b@mkarcher.dialup.fu-berlin.de Signed-off-by: Andreas Larsson Signed-off-by: Sasha Levin

sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara

2025-10-29T13:01:06+00:00

[ Upstream commit 0b67c8fc10b13a9090340c5f8a37d308f4e1571c ] The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations and a broken epilogue in the exception handlers. This will prevent crashes and ensure correct return values of copy_from_user and copy_to_user in the faulting case. The behaviour of memcpy stays unchanged. Fixes: 7ae3aaf53f16 ("sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.") Tested-by: John Paul Adrian Glaubitz # on SPARC T4 with modified kernel to use Niagara 1 code Tested-by: Magnus Lindholm # on Sun Fire T2000 Signed-off-by: Michael Karcher Tested-by: Ethan Hawke # on Sun Fire T2000 Tested-by: Ken Link # on Sun Fire T1000 Reviewed-by: Andreas Larsson Link: https://lore.kernel.org/r/20250905-memcpy_series-v4-3-1ca72dda195b@mkarcher.dialup.fu-berlin.de Signed-off-by: Andreas Larsson Signed-off-by: Sasha Levin

sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III

2025-10-29T13:01:06+00:00

[ Upstream commit 47b49c06eb62504075f0f2e2227aee2e2c2a58b3 ] Anthony Yznaga tracked down that a BUG_ON in ext4 code with large folios enabled resulted from copy_from_user() returning impossibly large values greater than the size to be copied. This lead to __copy_from_iter() returning impossible values instead of the actual number of bytes it was able to copy. The BUG_ON has been reported in https://lore.kernel.org/r/b14f55642207e63e907965e209f6323a0df6dcee.camel@physik.fu-berlin.de The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. The exception handlers expect that %o2 has already been masked during the bulk copy loop, but the masking was performed after that loop. This will fix the return value of copy_from_user and copy_to_user in the faulting case. The behaviour of memcpy stays unchanged. Fixes: ee841d0aff64 ("sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.") Tested-by: John Paul Adrian Glaubitz # on Sun Netra 240 Reviewed-by: Anthony Yznaga Tested-by: René Rebe # on UltraSparc III+ and UltraSparc IIIi Signed-off-by: Michael Karcher Reviewed-by: Andreas Larsson Link: https://lore.kernel.org/r/20250905-memcpy_series-v4-2-1ca72dda195b@mkarcher.dialup.fu-berlin.de Signed-off-by: Andreas Larsson Signed-off-by: Sasha Levin

sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC

2025-10-29T13:01:06+00:00

[ Upstream commit 4fba1713001195e59cfc001ff1f2837dab877efb ] The referenced commit introduced exception handlers on user-space memory references in copy_from_user and copy_to_user. These handlers return from the respective function and calculate the remaining bytes left to copy using the current register contents. This commit fixes a couple of bad calculations. This will fix the return value of copy_from_user and copy_to_user in the faulting case. The behaviour of memcpy stays unchanged. Fixes: cb736fdbb208 ("sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.") Tested-by: John Paul Adrian Glaubitz # on QEMU 10.0.3 Tested-by: René Rebe # on Ultra 5 UltraSparc IIi Tested-by: Jonathan 'theJPster' Pallant # on Sun Netra T1 Signed-off-by: Michael Karcher Reviewed-by: Andreas Larsson Link: https://lore.kernel.org/r/20250905-memcpy_series-v4-1-1ca72dda195b@mkarcher.dialup.fu-berlin.de Signed-off-by: Andreas Larsson Signed-off-by: Sasha Levin

sparc32: fix a braino in fault handling in csum_and_copy_..._user()

2023-11-08T16:30:45+00:00

commit 1f36cd05e0081f2c75769a551d584c4ffb2a5660 upstream. Fault handler used to make non-trivial calls, so it needed to set a stack frame up. Used to be save ... - grab a stack frame, old %o... become %i... .... ret - go back to address originally in %o7, currently %i7 restore - switch to previous stack frame, in delay slot Non-trivial calls had been gone since ab5e8b331244 and that code should have become retl - go back to address in %o7 clr %o0 - have return value set to 0 What it had become instead was ret - go back to address in %i7 - return address of *caller* clr %o0 - have return value set to 0 which is not good, to put it mildly - we forcibly return 0 from csum_and_copy_{from,to}_iter() (which is what the call of that thing had been inlined into) and do that without dropping the stack frame of said csum_and_copy_..._iter(). Confuses the hell out of the caller of csum_and_copy_..._iter(), obviously... Reviewed-by: Sam Ravnborg Fixes: ab5e8b331244 "sparc32: propagate the calling conventions change down to __csum_partial_copy_sparc_generic()" Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman

sparc64: fix pci_iounmap() when CONFIG_PCI is not set

2021-10-09T12:40:56+00:00

[ Upstream commit d8b1e10a2b8efaf71d151aa756052fbf2f3b6d57 ] Guenter reported [1] that the pci_iounmap() changes remain problematic, with sparc64 allnoconfig and tinyconfig still not building due to the header file changes and confusion with the arch-specific pci_iounmap() implementation. I'm pretty convinced that sparc should just use GENERIC_IOMAP instead of doing its own thing, since it turns out that the sparc64 version of pci_iounmap() is somewhat buggy (see [2]). But in the meantime, this just fixes the build by avoiding the trivial re-definition of the empty case. Link: https://lore.kernel.org/lkml/20210920134424.GA346531@roeck-us.net/ [1] Link: https://lore.kernel.org/lkml/CAHk-=wgheheFx9myQyy5osh79BAazvmvYURAtub2gQtMvLrhqQ@mail.gmail.com/ [2] Reported-by: Guenter Roeck Cc: David Miller Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin

sparc32: fix a user-triggerable oops in clear_user()

2021-03-04T10:38:43+00:00

commit 7780918b36489f0b2f9a3749d7be00c2ceaec513 upstream. Back in 2.1.29 the clear_user() guts (__bzero()) had been merged with memset(). Unfortunately, while all exception handlers had been copied, one of the exception table entries got lost. As the result, clear_user() starting at 128*n bytes before the end of page and spanning between 8 and 127 bytes into the next page would oops when the second page is unmapped. It's trivial to reproduce - all it takes is main() { int fd = open("/dev/zero", O_RDONLY); char *p = mmap(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); munmap(p + 8192, 8192); read(fd, p + 8192 - 128, 192); } which had been oopsing since March 1997. Says something about the quality of test coverage... ;-/ And while today sparc32 port is nearly dead, back in '97 it had been very much alive; in fact, sparc64 had only been in mainline for 3 months by that point... Cc: stable@kernel.org Fixes: v2.1.29 Signed-off-by: Al Viro Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman

[regression fix] really dumb fuckup in sparc64 __csum_partial_copy() changes

2020-12-08T21:37:47+00:00

~0U is -1, not 1 Reported-by: Anatoly Pugachev Tested-by: Anatoly Pugachev Fixes: fdf8bee96f9a "sparc64: propagate the calling convention changes down to __csum_partial_copy_...()" X-brown-paperbag: yes Signed-off-by: Al Viro

sparc64: propagate the calling convention changes down to __csum_partial_copy_...()

2020-08-20T19:45:21+00:00

... and rename them into csum_and_copy_...() - the wrappers become pointless. [braino fixed] Signed-off-by: Al Viro