Patch "sparc32: fix a braino in fault handling in csum_and_copy_..._user()" has been added to the 5.15-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 29 Oct 2023 13:25:44 +0100

This is a note to let you know that I've just added the patch titled

    sparc32: fix a braino in fault handling in csum_and_copy_..._user()

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     sparc32-fix-a-braino-in-fault-handling-in-csum_and_copy_..._user.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 1f36cd05e0081f2c75769a551d584c4ffb2a5660 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Sun, 22 Oct 2023 19:34:28 -0400
Subject: sparc32: fix a braino in fault handling in csum_and_copy_..._user()

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

commit 1f36cd05e0081f2c75769a551d584c4ffb2a5660 upstream.

Fault handler used to make non-trivial calls, so it needed
to set a stack frame up.  Used to be
	save ... - grab a stack frame, old %o... become %i...
	....
	ret	- go back to address originally in %o7, currently %i7
	 restore - switch to previous stack frame, in delay slot
Non-trivial calls had been gone since ab5e8b331244 and that code should
have become
	retl	- go back to address in %o7
	 clr %o0 - have return value set to 0
What it had become instead was
	ret	- go back to address in %i7 - return address of *caller*
	 clr %o0 - have return value set to 0
which is not good, to put it mildly - we forcibly return 0 from
csum_and_copy_{from,to}_iter() (which is what the call of that
thing had been inlined into) and do that without dropping the
stack frame of said csum_and_copy_..._iter().  Confuses the
hell out of the caller of csum_and_copy_..._iter(), obviously...

Reviewed-by: Sam Ravnborg <sam@xxxxxxxxxxxx>
Fixes: ab5e8b331244 "sparc32: propagate the calling conventions change down to __csum_partial_copy_sparc_generic()"
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/sparc/lib/checksum_32.S |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/sparc/lib/checksum_32.S
+++ b/arch/sparc/lib/checksum_32.S
@@ -453,5 +453,5 @@ ccslow:	cmp	%g1, 0
  * we only bother with faults on loads... */
 
 cc_fault:
-	ret
+	retl
 	 clr	%o0


Patches currently in stable-queue which might be from viro@xxxxxxxxxxxxxxxxxx are

queue-5.15/sparc32-fix-a-braino-in-fault-handling-in-csum_and_copy_..._user.patch
queue-5.15/nfsd-lock_rename-needs-both-directories-to-live-on-the-same-fs.patch






