Re: [patch 2.6.11] __copy_user breaks on unaligned src

From: David Mosberger <>
Date: 2005-03-18 18:17:29
>>>>> On Fri, 18 Mar 2005 18:04:37 +1100, Keith Owens <> said:

  Keith> memcpy_mck.S::__copy_user breaks in the prefetch code under these
  Keith> conditions :-

  Keith> * src is unaligned and
  Keith> * dst is near the end of a page and
  Keith> * the page after dst is unmapped.

  Keith> The loop count in r21 is 1 value too high.  A length of 0x100 gives
  Keith> == r21 == 2.  .unaligned_src incorrectly copies r21 into,
  Keith> when it should copy cnt, so the lfetch lines are executed 3 times, not
  Keith> 2.  That takes dst_pre_mem past the end of the page and into an
  Keith> unallocated area, oops.

That's a good thing to fix (it's definitely a performance bug).  However,
lfetch.fault should be safe to use even on unmapped memory.  See this
code in ia64_do_page_fault():

  * This fault was due to a speculative load or lfetch.fault, set the "ed"
  * bit in the psr to ensure forward progress.  (Target register will get a
  * NaT for ld.s, lfetch will be canceled.)

I don't see off-hand why this wouldn't work as intended.

To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to
More majordomo info at
Received on Fri Mar 18 02:17:44 2005

This archive was generated by hypermail 2.1.8 : 2005-08-02 09:20:37 EST