# git rev-parse -q --verify c228d294f2040c3a5f5965ff04d4947d0bf6e7da^{commit}
c228d294f2040c3a5f5965ff04d4947d0bf6e7da
already have revision, skipping fetch
# git checkout -q -f -B kisskb c228d294f2040c3a5f5965ff04d4947d0bf6e7da
# git clean -qxdf
# < git log -1
# commit c228d294f2040c3a5f5965ff04d4947d0bf6e7da
# Author: Linus Torvalds <torvalds@linux-foundation.org>
# Date:   Thu Jan 31 11:10:20 2019 -0800
# 
#     x86: explicitly align IO accesses in memcpy_{to,from}io
#     
#     In commit 170d13ca3a2f ("x86: re-introduce non-generic memcpy_{to,from}io")
#     I made our copy from IO space use a separate copy routine rather than
#     rely on the generic memcpy.  I did that because our generic memory copy
#     isn't actually well-defined when it comes to internal access ordering or
#     alignment, and will in fact depend on various CPUID flags.
#     
#     In particular, the default memcpy() for a modern Intel CPU will
#     generally be just a "rep movsb", which works reasonably well for
#     medium-sized memory copies of regular RAM, since the CPU will turn it
#     into fairly optimized microcode.
#     
#     However, for non-cached memory and IO, "rep movs" ends up being
#     horrendously slow and will just do the architectural "one byte at a
#     time" accesses implied by the movsb.
#     
#     At the other end of the spectrum, if you _don't_ end up using the "rep
#     movsb" code, you'd likely fall back to the software copy, which does
#     overlapping accesses for the tail, and may copy things backwards.
#     Again, for regular memory that's fine, for IO memory not so much.
#     
#     The thinking was that clearly nobody really cared (because things
#     worked), but some people had seen horrible performance due to the byte
#     accesses, so let's just revert back to our long ago version that dod
#     "rep movsl" for the bulk of the copy, and then fixed up the potentially
#     last few bytes of the tail with "movsw/b".
#     
#     Interestingly (and perhaps not entirely surprisingly), while that was
#     our original memory copy implementation, and had been used before for
#     IO, in the meantime many new users of memcpy_*io() had come about.  And
#     while the access patterns for the memory copy weren't well-defined (so
#     arguably _any_ access pattern should work), in practice the "rep movsb"
#     case had been very common for the last several years.
#     
#     In particular Jarkko Sakkinen reported that the memcpy_*io() change
#     resuled in weird errors from his Geminilake NUC TPM module.
#     
#     And it turns out that the TPM TCG accesses according to spec require
#     that the accesses be
#     
#      (a) done strictly sequentially
#     
#      (b) be naturally aligned
#     
#     otherwise the TPM chip will abort the PCI transaction.
#     
#     And, in fact, the tpm_crb.c driver did this:
#     
#             memcpy_fromio(buf, priv->rsp, 6);
#             ...
#             memcpy_fromio(&buf[6], &priv->rsp[6], expected - 6);
#     
#     which really should never have worked in the first place, but back
#     before commit 170d13ca3a2f it *happened* to work, because the
#     memcpy_fromio() would be expanded to a regular memcpy, and
#     
#      (a) gcc would expand the first memcpy in-line, and turn it into a
#          4-byte and a 2-byte read, and they happened to be in the right
#          order, and the alignment was right.
#     
#      (b) gcc would call "memcpy()" for the second one, and the machines that
#          had this TPM chip also apparently ended up always having ERMS
#          ("Enhanced REP MOVSB/STOSB instructions"), so we'd use the "rep
#          movbs" for that copy.
#     
#     In other words, basically by pure luck, the code happened to use the
#     right access sizes in the (two different!) memcpy() implementations to
#     make it all work.
#     
#     But after commit 170d13ca3a2f, both of the memcpy_fromio() calls
#     resulted in a call to the routine with the consistent memory accesses,
#     and in both cases it started out transferring with 4-byte accesses.
#     Which worked for the first copy, but resulted in the second copy doing a
#     32-bit read at an address that was only 2-byte aligned.
#     
#     Jarkko is actually fixing the fragile code in the TPM driver, but since
#     this is an excellent example of why we absolutely must not use a generic
#     memcpy for IO accesses, _and_ an IO-specific one really should strive to
#     align the IO accesses, let's do exactly that.
#     
#     Side note: Jarkko also noted that the driver had been used on ARM
#     platforms, and had worked.  That was because on 32-bit ARM, memcpy_*io()
#     ends up always doing byte accesses, and on 64-bit ARM it first does byte
#     accesses to align to 8-byte boundaries, and then does 8-byte accesses
#     for the bulk.
#     
#     So ARM actually worked by design, and the x86 case worked by pure luck.
#     
#     We *might* want to make x86-64 do the 8-byte case too.  That should be a
#     pretty straightforward extension, but let's do one thing at a time.  And
#     generally MMIO accesses aren't really all that performance-critical, as
#     shown by the fact that for a long time we just did them a byte at a
#     time, and very few people ever noticed.
#     
#     Reported-and-tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
#     Tested-by: Jerry Snitselaar <jsnitsel@redhat.com>
#     Cc: David Laight <David.Laight@aculab.com>
#     Fixes: 170d13ca3a2f ("x86: re-introduce non-generic memcpy_{to,from}io")
#     Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
# < /opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux-gcc --version
# < /opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux-ld --version
# < git log --format=%s --max-count=1 c228d294f2040c3a5f5965ff04d4947d0bf6e7da
# < make -s -j 80 ARCH=um O=/kisskb/build/linus_um-allyesconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux- SUBARCH=x86_64 allyesconfig
# Added to kconfig CONFIG_STANDALONE=y
# Added to kconfig CONFIG_KCOV=n
# Added to kconfig CONFIG_GCC_PLUGINS=n
# Added to kconfig CONFIG_GCC_PLUGIN_CYC_COMPLEXITY=n
# Added to kconfig CONFIG_GCC_PLUGIN_SANCOV=n
# Added to kconfig CONFIG_GCC_PLUGIN_LATENT_ENTROPY=n
# Added to kconfig CONFIG_GCC_PLUGIN_STRUCTLEAK=n
# Added to kconfig CONFIG_GCC_PLUGIN_RANDSTRUCT=n
# Added to kconfig CONFIG_UML_NET=n
# Added to kconfig CONFIG_UML_NET_ETHERTAP=n
# Added to kconfig CONFIG_UML_NET_TUNTAP=n
# Added to kconfig CONFIG_UML_NET_SLIP=n
# Added to kconfig CONFIG_UML_NET_DAEMON=n
# Added to kconfig CONFIG_UML_NET_VDE=n
# Added to kconfig CONFIG_UML_NET_MCAST=n
# Added to kconfig CONFIG_UML_NET_PCAP=n
# Added to kconfig CONFIG_UML_NET_SLIRP=n
# Added to kconfig CONFIG_GCOV_KERNEL=n
# yes \n | make -s -j 80 ARCH=um O=/kisskb/build/linus_um-allyesconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux- SUBARCH=x86_64 oldconfig
yes: standard output: Broken pipe
# make -s -j 80 ARCH=um O=/kisskb/build/linus_um-allyesconfig_um-x86_64 CROSS_COMPILE=/opt/cross/kisskb/fe-x86-64-core-i7-2017.05/bin/x86_64-linux- SUBARCH=x86_64 
/kisskb/src/arch/um/kernel/skas/uaccess.c: In function 'do_op_one_page':
/kisskb/src/arch/um/kernel/skas/uaccess.c:62:10: warning: unused variable 'buf' [-Wunused-variable]
  jmp_buf buf;
          ^
/kisskb/src/arch/um/os-Linux/umid.c: In function 'is_umdir_used':
/kisskb/src/arch/um/os-Linux/umid.c:138:2: warning: ISO C90 forbids variable length array 'file' [-Wvla]
  char file[strlen(uml_dir) + UMID_LEN + sizeof("/pid\0")];
  ^
/kisskb/src/arch/um/os-Linux/umid.c: In function 'create_pid_file':
/kisskb/src/arch/um/os-Linux/umid.c:213:2: warning: ISO C90 forbids variable length array 'file' [-Wvla]
  char file[strlen(uml_dir) + UMID_LEN + sizeof("/pid\0")];
  ^
/kisskb/src/arch/um/os-Linux/umid.c: In function 'remove_umid_dir':
/kisskb/src/arch/um/os-Linux/umid.c:388:2: warning: ISO C90 forbids variable length array 'dir' [-Wvla]
  char dir[strlen(uml_dir) + UMID_LEN + 1], err;
  ^
/kisskb/src/kernel/bpf/verifier.c: In function 'check_btf_info':
/kisskb/src/kernel/bpf/verifier.c:5065:4: warning: 'prev_offset' may be used uninitialized in this function [-Wmaybe-uninitialized]
    verbose(env,
    ^
/kisskb/src/kernel/bpf/verifier.c:5000:38: note: 'prev_offset' was declared here
  u32 i, nfuncs, urec_size, min_size, prev_offset;
                                      ^
/kisskb/src/security/apparmor/policy_unpack.c: In function 'unpack_trans_table':
/kisskb/src/security/apparmor/policy_unpack.c:496:9: warning: 'pos' may be used uninitialized in this function [-Wmaybe-uninitialized]
      str[pos] = ':';
         ^
/kisskb/src/kernel/cgroup/cgroup-v1.c: In function 'cgroup1_mount':
/kisskb/src/kernel/cgroup/cgroup-v1.c:1263:3: warning: 'root' may be used uninitialized in this function [-Wmaybe-uninitialized]
   percpu_ref_reinit(&root->cgrp.self.refcnt);
   ^
/kisskb/src/drivers/i2c/i2c-core-base.c: In function 'i2c_generic_scl_recovery':
/kisskb/src/drivers/i2c/i2c-core-base.c:235:5: warning: 'ret' may be used uninitialized in this function [-Wmaybe-uninitialized]
  if (ret == -EOPNOTSUPP)
     ^
/kisskb/src/lib/lz4/lz4hc_compress.c: In function 'LZ4HC_compress_generic':
/kisskb/src/lib/lz4/lz4hc_compress.c:579:1: warning: the frame size of 2144 bytes is larger than 2048 bytes [-Wframe-larger-than=]
 }
 ^
  LINK linux
Completed OK
# rm -rf /kisskb/build/linus_um-allyesconfig_um-x86_64
# Build took: 0:05:17.385021