A problem similar to that reported for __put_user_asm and __generic_copy_to_user is also present in __constant_copy_to_user_asm. Address the problem by extending the exception table to cover two instructions past each moves instruction, and adding a single NOP at the very end to catch faults on the final instruction (which is not guaranteed to be a movesb!). Tested on 68030 (Atari Falcon 030) with a transfer beginning at a single byte at the end of a mapped page followed by seven more bytes on an unmapped page (testcase derived from stress-ng sysbadaddr stressor by Finn Thain and modified to use the llseek syscall). Cc: Finn Thain <fthain@xxxxxxxxxxxxxx> Cc: Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> Tested-by: Finn Thain <fthain@xxxxxxxxxxxxxx> Link: https://lore.kernel.org/all/e0f23460779e6d16e2633486ac4841790ef2aca0.1713176294.git.fthain@xxxxxxxxxxxxxx Signed-off-by: Michael Schmitz <schmitzmic@xxxxxxxxx> --- arch/m68k/include/asm/uaccess.h | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/m68k/include/asm/uaccess.h b/arch/m68k/include/asm/uaccess.h index 44e52d8323e5..f1f4b62d6f69 100644 --- a/arch/m68k/include/asm/uaccess.h +++ b/arch/m68k/include/asm/uaccess.h @@ -288,10 +288,11 @@ __constant_copy_from_user(void *to, const void __user *from, unsigned long n) "21: "MOVES"."#s2" %3,(%1)+\n" \ "22:\n" \ " .ifnc \""#s3"\",\"\"\n" \ - " move."#s3" (%2)+,%3\n" \ - "31: "MOVES"."#s3" %3,(%1)+\n" \ - "32:\n" \ + "31: move."#s3" (%2)+,%3\n" \ + "32: "MOVES"."#s3" %3,(%1)+\n" \ + "33:\n" \ " .endif\n" \ + "34: nop\n" \ "4:\n" \ "\n" \ " .section __ex_table,\"a\"\n" \ @@ -303,7 +304,9 @@ __constant_copy_from_user(void *to, const void __user *from, unsigned long n) " .ifnc \""#s3"\",\"\"\n" \ " .long 31b,5f\n" \ " .long 32b,5f\n" \ + " .long 33b,5f\n" \ " .endif\n" \ + " .long 34b,5f\n" \ " .previous\n" \ "\n" \ " .section .fixup,\"ax\"\n" \ -- 2.17.1
