Re: Unaligned kernel access in crypto/sha1.c

From: Andrew Morton <akpm_at_osdl.org>
Date: 2004-09-21 04:35:27
"H. J. Lu" <hjl@lucon.org> wrote:
>
> On Fri, Sep 17, 2004 at 10:11:08PM -0700, Andrew Morton wrote:
> > "H. J. Lu" <hjl@lucon.org> wrote:
> > >
> > > I got
> > > 
> > > Sep 16 15:45:32 gnu-2 kernel: kernel unaligned access to
> > > 0xa0000002001c008e, ip=0xa0000001002135e0
> > > Sep 16 15:45:37 gnu-2 kernel: kernel unaligned access to
> > > 0xa0000002002d005e, ip=0xa0000001002135e0
> > > Sep 16 15:45:37 gnu-2 kernel: kernel unaligned access to
> > > 0xa0000002002d006e, ip=0xa0000001002135e0
> > > Sep 16 15:45:37 gnu-2 kernel: kernel unaligned access to
> > > 0xa0000002002d007e, ip=0xa0000001002135e0
> > > Sep 16 15:45:37 gnu-2 kernel: kernel unaligned access to
> > > 0xa0000002002d008e, ip=0xa0000001002135e0
> > > 
> > > on ia64 from sha1_transform in crypto/sha1.c:
> > > 
> > > /* Hash a single 512-bit block. This is the core of the algorithm. */
> > > static void sha1_transform(u32 *state, const u8 *in)
> > > {
> > >         u32 a, b, c, d, e;
> > >         u32 block32[16];
> > >                                                                                 
> > >         /* convert/copy data to workspace */
> > >         for (a = 0; a < sizeof(block32)/sizeof(u32); a++)
> > >           block32[a] = be32_to_cpu (((const u32 *)in)[a]);
> > > 				     ^^^^^^^^^^^^^^^^
> > > 				 This may not be aligned for u32 on ia64.
> > > 
> > > 
> > 
> > We really need to know the call trace here.
> > 
> 
> This is from a kernel with signed module support.
> 
> kernel unaligned access to 0xa0000002002e47ee, ip=0xa000000100211960
>  
> Call Trace:
>  [<a000000100017490>] show_stack+0x90/0xc0
>                                 sp=e00000017b8cf610
> bsp=e00000017b8c9330
>  [<a0000001000174f0>] dump_stack+0x30/0x60
>                                 sp=e00000017b8cf7e0
> bsp=e00000017b8c9318
>  [<a000000100043100>] ia64_handle_unaligned+0x540/0x2600
>                                 sp=e00000017b8cf7e0
> bsp=e00000017b8c9290
>  [<a0000001000101b0>] ia64_prepare_handle_unaligned+0x30/0x60
>                                 sp=e00000017b8cf990
> bsp=e00000017b8c9290
>  [<a00000010000fbe0>] ia64_leave_kernel+0x0/0x260
>                                 sp=e00000017b8cfba0
> bsp=e00000017b8c9290
>  [<a000000100211960>] sha1_transform+0x60/0x3160
>                                 sp=e00000017b8cfd70
> bsp=e00000017b8c9128
>  [<a000000100214c60>] sha1_update+0x120/0x1a0
>                                 sp=e00000017b8cfda0
> bsp=e00000017b8c90e0
>  [<a00000010020fd40>] update_kernel+0x60/0x100
>                                 sp=e00000017b8cfda0
> bsp=e00000017b8c90b0
>  [<a0000001000b3340>] module_verify_sig+0x660/0x740
>                                 sp=e00000017b8cfda0

The bug is in either module_verify_sig() or in update_kernel().

Neither of these functions are present in kernel.org kernels, so there's
some sort of lesson there.
-
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Received on Mon Sep 20 14:38:41 2004

This archive was generated by hypermail 2.1.8 : 2005-08-02 09:20:30 EST