[PATCH] arch-sh csum_partial_copy_generic() bugfix

There's a bug in Hitachi SuperH csum_partial_copy_generic()implementation. If the supplied length is 1 (and several alignmentconditions are met), the function immediately branches to label 4.However, the assembly at label 4 expects the length to be stored inregister r2. Since this has not occurred, subsequent behavior is undefined.


This can cause bad payload checksums in TCP connections.

I've fixed the problem by initializing register r2 prior to the branchinstruction.


Ollie

diff --git a/arch/sh/lib/checksum.S b/arch/sh/lib/checksum.S
--- a/arch/sh/lib/checksum.S
+++ b/arch/sh/lib/checksum.S
@@ -202,8 +202,9 @@ ENTRY(csum_partial_copy_generic)
 	cmp/pz	r6		! Jump if we had at least two bytes.
 	bt/s	1f
 	 clrt
+	add	#2,r6		! r6 was < 2.	Deal with it.
 	bra	4f
-	 add	#2,r6		! r6 was < 2.	Deal with it.
+	 mov	r6,r2
 
 3:	! Handle different src and dest alignments.
 	! This is not common, so simple byte by byte copy will do.

Prev by Date: Re: [PATCH] NTP ntp-helper functions
Next by Date: Re: [RFC - 0/9] Generic timekeeping subsystem (v. B5)
Previous by thread: [PATCH][-mm] Generic VFS fallback for security xattrs
Next by thread: Re: [PATCH] arch-sh csum_partial_copy_generic() bugfix
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind]