• Linus Torvalds's avatar
    x86: fix 32-bit case of __get_user_asm_u64() · ae382caa
    Linus Torvalds authored
    commit 33c9e972 upstream.
    
    The code to fetch a 64-bit value from user space was entirely buggered,
    and has been since the code was merged in early 2016 in commit
    b2f68038 ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit
    kernels").
    
    Happily the buggered routine is almost certainly entirely unused, since
    the normal way to access user space memory is just with the non-inlined
    "get_user()", and the inlined version didn't even historically exist.
    
    The normal "get_user()" case is handled by external hand-written asm in
    arch/x86/lib/getuser.S that doesn't have either of these issues.
    
    There were two independent bugs in __get_user_asm_u64():
    
     - it still did the STAC/CLAC user space access marking, even though
       that is now done by the wrapper macros, see commit 11f1a4b9
       ("x86: reorganize SMAP handling in user space accesses").
    
       This didn't result in a semantic error, it just means that the
       inlined optimized version was hugely less efficient than the
       allegedly slower standard version, since the CLAC/STAC overhead is
       quite high on modern Intel CPU's.
    
     - the double register %eax/%edx was marked as an output, but the %eax
       part of it was touched early in the asm, and could thus clobber other
       inputs to the asm that gcc didn't expect it to touch.
    
       In particular, that meant that the generated code could look like
       this:
    
            mov    (%eax),%eax
            mov    0x4(%eax),%edx
    
       where the load of %edx obviously was _supposed_ to be from the 32-bit
       word that followed the source of %eax, but because %eax was
       overwritten by the first instruction, the source of %edx was
       basically random garbage.
    
    The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark
    the 64-bit output as early-clobber to let gcc know that no inputs should
    alias with the output register.
    
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Benjamin LaHaise <bcrl@kvack.org>
    Cc: Ingo Molnar <mingo@kernel.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    ae382caa
uaccess.h 21.9 KB