提交 b1054282 编写于 作者: T Tkhai Kirill 提交者: David S. Miller

sparc32: Fixed unaligned memory copying in function __csum_partial_copy_sparc_generic

When we are in the label cc_dword_align, registers %o0 and %o1 have the same last 2 bits,
but it's not guaranteed one of them is zero. So we can get unaligned memory access
in label ccte. Example of parameters which lead to this:
%o0=0x7ff183e9, %o1=0x8e709e7d, %g1=3

With the parameters I had a memory corruption, when the additional 5 bytes were rewritten.
This patch corrects the error.

One comment to the patch. We don't care about the third bit in %o1, because cc_end_cruft
stores word or less.
Signed-off-by: NTkhai Kirill <tkhai@yandex.ru>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 f486b3dc
...@@ -289,10 +289,16 @@ cc_end_cruft: ...@@ -289,10 +289,16 @@ cc_end_cruft:
/* Also, handle the alignment code out of band. */ /* Also, handle the alignment code out of band. */
cc_dword_align: cc_dword_align:
cmp %g1, 6 cmp %g1, 16
bl,a ccte bge 1f
srl %g1, 1, %o3
2: cmp %o3, 0
be,a ccte
andcc %g1, 0xf, %o3 andcc %g1, 0xf, %o3
andcc %o0, 0x1, %g0 andcc %o3, %o0, %g0 ! Check %o0 only (%o1 has the same last 2 bits)
be,a 2b
srl %o3, 1, %o3
1: andcc %o0, 0x1, %g0
bne ccslow bne ccslow
andcc %o0, 0x2, %g0 andcc %o0, 0x2, %g0
be 1f be 1f
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册