Correct the check for the span of the 256MB segment addressable by the J instruction according to this instruction's semantics. The calculation of the jump target is applied to the address of the delay-slot instruction that immediately follows. Adjust the check accordingly by adding 4 to `e->code' that holds the address of the J instruction itself. Signed-off-by: Maciej W. Rozycki <macro@xxxxxxxxxxxxxxxx> --- Hi, I wonder why people still make this mistake, now that the architecture has been around for nearly 30 years now... Please apply. Maciej linux-mips-jump-label-range.diff Index: linux-3.17-stable-malta/arch/mips/kernel/jump_label.c =================================================================== --- linux-3.17-stable-malta.orig/arch/mips/kernel/jump_label.c 2014-11-17 02:12:17.000000000 +0000 +++ linux-3.17-stable-malta/arch/mips/kernel/jump_label.c 2014-11-17 02:22:04.741976773 +0000 @@ -27,8 +27,8 @@ void arch_jump_label_transform(struct ju union mips_instruction *insn_p = (union mips_instruction *)(unsigned long)e->code; - /* Jump only works within a 256MB aligned region. */ - BUG_ON((e->target & ~J_RANGE_MASK) != (e->code & ~J_RANGE_MASK)); + /* Jump only works within a 256MB aligned region of its delay slot. */ + BUG_ON((e->target & ~J_RANGE_MASK) != ((e->code + 4) & ~J_RANGE_MASK)); /* Target must have 4 byte alignment. */ BUG_ON((e->target & 3) != 0);
