[PATCH 0/6] PowerPc 8xx TLB/MMU fixes

Tue Oct 6 21:58:51 EST 2009

>
>
> > > No, use get_user() not __get_user() or if you use the later, also use
> > > access_ok(), and test the result in case it errors (if it does, you
> > > probably want to just goto bad access and SEGV).
> >
> > OK, lets see what this gives us:
>
> Hrm... did you change anything ? :-)

Yes, see below

>
> Ben.
>
> > diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
> > index c33c6de..1bf91d3 100644
> > --- a/arch/powerpc/mm/fault.c
> > +++ b/arch/powerpc/mm/fault.c
> > @@ -153,7 +153,8 @@ int __kprobes do_page_fault(struct pt_regs *regs,
> unsigned long address,
> >  #ifdef DEBUG_DCBX
> >        const char *istr = NULL;
> >
> > -      insn = *((unsigned long *)regs->nip);
> > +      insn = 0;
> > +      __get_user(insn, (unsigned long __user *)regs->nip);

Here I don't care if err. insn will be 0 if it fails and the following
if will be false

> >        if (((insn >> (31-5)) & 0x3f) == 31) {
> >           if (((insn >> 1) & 0x3ff) == 1014) /* dcbz ? 0x3f6 */
> >              istr = "dcbz";
> > @@ -171,27 +172,32 @@ int __kprobes do_page_fault(struct pt_regs *regs,
> unsigned long address,
> >              dar = regs->gpr[rb];
> >              if (ra)
> >                 dar += regs->gpr[ra];
> > -            if (dar != address && address != 0x00f0 && trap == 0x300)
> > +            if (dar != address && trap == 0x300)
> >                 printk(KERN_CRIT "%s: address:%lx, dar:%lx!\n", istr, address, dar);
> >              if (!strcmp(istr, "dcbst") && is_write) {
> >                 printk(KERN_CRIT "dcbst R%ld,R%ld = %lx as a store, fixing!\n",
> >                        ra, rb, dar);
> >                 is_write = 0;
> >              }
> > -
> > +#if 0
> >              if (trap == 0x300 && address != dar) {
> >                 __asm__ ("mtdar %0" : : "r" (dar));
> >                 return 0;
> >              }
> > +#endif
> >           }
> >        }
> >  #endif
> >        if (address == 0x00f0 && trap == 0x300) {
> > -         pte_t *ptep;
> > +         //pte_t *ptep;
> >
> >           /* This is from a dcbX or icbi insn gone bad, these
> >            * insn do not set DAR so we have to do it here instead */
> > -         insn = *((unsigned long *)regs->nip);
> > +         if (get_user(insn, (unsigned long __user *)regs->nip)) {
> > +            printk(KERN_CRIT "get_user failed, NIP:%lx\n",
> > +                   regs->nip);
> > +            goto bad_area_nosemaphore;
> > +         }

and here I go to bad_area