linux-mips
[Top] [All Lists]

Serious bug in uaccess.h

To: linux-mips@oss.sgi.com
Subject: Serious bug in uaccess.h
From: Fabrice Bellard <bellard@email.enst.fr>
Date: Tue, 27 Feb 2001 15:40:11 +0100 (MET)
Sender: owner-linux-mips@oss.sgi.com
Hi!

I found a serious bug in the assembler macros in asm-mips/uaccess.h. They
all do something like that:

                __asm__ __volatile__( \
                        "move\t$4, %1\n\t" \
                        "move\t$5, %2\n\t" \
                        "move\t$6, %3\n\t" \
                        ".set\tnoreorder\n\t" \
                        __MODULE_JAL(__copy_user) \
...

The problem is that you cannot assume that gcc will not put %1, %2 or %3
in registers different from $4, $5 or $6. For example, if %2 is put in $4,
the code is incorrect. (With gcc-2.95.2 I got a bug in
generic_file_write!).

Did someone already fixed this bug ?

A possible fix would be to use asm registers:

#define copy_from_user(to,from,n) ({ \
        register void *__cu_to asm("$4"); \
        register const void *__cu_from asm("$5"); \
        register long __cu_len asm("$6"); \
        \
        __cu_to = (to); \
        __cu_from = (from); \
        __cu_len = (n); \
        if (access_ok(VERIFY_READ, __cu_from, __cu_len)) \
                __asm__ __volatile__( \
                        ".set\tnoreorder\n\t" \
                        __MODULE_JAL(__copy_user) \
...

But I am not sure that it is always correct. Any idea ?

Fabrice.


<Prev in Thread] Current Thread [Next in Thread>