Skip to content

Commit 6010d30

Browse files
mcd500palmer-dabbelt
authored andcommitted
riscv: __asm_copy_to-from_user: Fix: overrun copy
There were two causes for the overrun memory access. The threshold size was too small. The aligning dst require one SZREG and unrolling word copy requires 8*SZREG, total have to be at least 9*SZREG. Inside the unrolling copy, the subtracting -(8*SZREG-1) would make iteration happening one extra loop. Proper value is -(8*SZREG). Signed-off-by: Akira Tsukamoto <[email protected]> Fixes: ca6eaaa ("riscv: __asm_copy_to-from_user: Optimize unaligned memory access and pipeline stall") Signed-off-by: Palmer Dabbelt <[email protected]>
1 parent 76f5dfa commit 6010d30

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

arch/riscv/lib/uaccess.S

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ ENTRY(__asm_copy_from_user)
3535
/*
3636
* Use byte copy only if too small.
3737
*/
38-
li a3, 8*SZREG /* size must be larger than size in word_copy */
38+
li a3, 9*SZREG /* size must be larger than size in word_copy */
3939
bltu a2, a3, .Lbyte_copy_tail
4040

4141
/*
@@ -75,7 +75,7 @@ ENTRY(__asm_copy_from_user)
7575
* a3 - a1 & mask:(SZREG-1)
7676
* t0 - end of aligned dst
7777
*/
78-
addi t0, t0, -(8*SZREG-1) /* not to over run */
78+
addi t0, t0, -(8*SZREG) /* not to over run */
7979
2:
8080
fixup REG_L a4, 0(a1), 10f
8181
fixup REG_L a5, SZREG(a1), 10f
@@ -97,7 +97,7 @@ ENTRY(__asm_copy_from_user)
9797
addi a1, a1, 8*SZREG
9898
bltu a0, t0, 2b
9999

100-
addi t0, t0, 8*SZREG-1 /* revert to original value */
100+
addi t0, t0, 8*SZREG /* revert to original value */
101101
j .Lbyte_copy_tail
102102

103103
.Lshift_copy:

0 commit comments

Comments
 (0)