From patchwork Tue Feb 1 18:03:43 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Hellstrom X-Patchwork-Id: 81343 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 17950B70F4 for ; Wed, 2 Feb 2011 05:04:09 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754271Ab1BASEH (ORCPT ); Tue, 1 Feb 2011 13:04:07 -0500 Received: from mail176c2.megamailservers.com ([69.49.111.76]:38402 "EHLO mail176c2.megamailservers.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753457Ab1BASEG (ORCPT ); Tue, 1 Feb 2011 13:04:06 -0500 X-POP-User: sandi@gaisler.com Received: from localhost.localdomain (static-92-33-28-242.sme.bredbandsbolaget.se [92.33.28.242]) by mail176c2.megamailservers.com (8.13.6/8.13.1) with ESMTP id p11I3rje030437; Tue, 1 Feb 2011 13:03:55 -0500 From: Daniel Hellstrom To: davem@davemloft.net Cc: sparclinux@vger.kernel.org, sam@ravnborg.org, gregkh@suse.de Subject: [PATCH] sparc32: unaligned memory access (MNA) trap handler bug Date: Tue, 1 Feb 2011 19:03:43 +0100 Message-Id: <1296583423-5469-1-git-send-email-daniel@gaisler.com> X-Mailer: git-send-email 1.5.4 X-CSC: 0 X-CHA: v=1.1 cv=7GFoO/wu22Xu7f+7cd9V9wY/biOPJIupRAMVre9JRXg= c=1 sm=1 a=l0aWBdtuFtwA:10 a=jXKJviUpWSOlMmIvGrHOfw==:17 a=ebG-ZW-8AAAA:8 a=lb5GmeoB4erOcj6urGgA:9 a=oS05dvXjSY1RjAw84LIA:7 a=jBhYL8Q6pV8vd8cWAATV9nZAvq8A:4 a=cCYF7-FHeg4A:10 a=jXKJviUpWSOlMmIvGrHOfw==:117 Sender: sparclinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: sparclinux@vger.kernel.org Since the merge process of the sparc and sparc64 the sparc32 MNA trap handler does not emulate stores to unaligned addresses correctly. MNA operation from both from kernel and user space are affected. A typical effect of this bug is nr_frags in skbs are overwritten during buffer copying/checksum-calculation, or maximally 6 bytes of data in the network buffer will be overwitten with garbage. Signed-off-by: Daniel Hellstrom --- arch/sparc/kernel/una_asm_32.S | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/sparc/kernel/una_asm_32.S b/arch/sparc/kernel/una_asm_32.S index 8cc0345..8f096e8 100644 --- a/arch/sparc/kernel/una_asm_32.S +++ b/arch/sparc/kernel/una_asm_32.S @@ -24,9 +24,9 @@ retl_efault: .globl __do_int_store __do_int_store: ld [%o2], %g1 - cmp %1, 2 + cmp %o1, 2 be 2f - cmp %1, 4 + cmp %o1, 4 be 1f srl %g1, 24, %g2 srl %g1, 16, %g7