132997 – Signed module causes unaligned kernel access

Bug 132997 - Signed module causes unaligned kernel access

Summary: Signed module causes unaligned kernel access

Keywords:
Status:	CLOSED WORKSFORME
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	kernel
Sub Component:
Version:	4.0
Hardware:	ia64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	David Howells
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-09-20 19:21 UTC by H.J. Lu
Modified:	2007-11-30 22:07 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-02-08 17:00:13 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
Patch to fix SHA1's potential misaligned accesses (435 bytes, patch) 2004-11-18 16:20 UTC, David Howells	no flags	Details \| Diff
View All

Description H.J. Lu 2004-09-20 19:21:51 UTC

Starting from 1-579 kernel, signed module causes unaligned kernel
access on ia64. I am getting

kernel unaligned access to 0xa0000002002e47ee, ip=0xa000000100211960
 
Call Trace:
 [<a000000100017490>] show_stack+0x90/0xc0
                                sp=e00000017b8cf610 bsp=e00000017b8c9330
 [<a0000001000174f0>] dump_stack+0x30/0x60
                                sp=e00000017b8cf7e0 bsp=e00000017b8c9318
 [<a000000100043100>] ia64_handle_unaligned+0x540/0x2600
                                sp=e00000017b8cf7e0 bsp=e00000017b8c9290
 [<a0000001000101b0>] ia64_prepare_handle_unaligned+0x30/0x60
                                sp=e00000017b8cf990 bsp=e00000017b8c9290
 [<a00000010000fbe0>] ia64_leave_kernel+0x0/0x260
                                sp=e00000017b8cfba0 bsp=e00000017b8c9290
 [<a000000100211960>] sha1_transform+0x60/0x3160
                                sp=e00000017b8cfd70 bsp=e00000017b8c9128
 [<a000000100214c60>] sha1_update+0x120/0x1a0
                                sp=e00000017b8cfda0 bsp=e00000017b8c90e0
 [<a00000010020fd40>] update_kernel+0x60/0x100
                                sp=e00000017b8cfda0 bsp=e00000017b8c90b0
 [<a0000001000b3340>] module_verify_sig+0x660/0x740
                                sp=e00000017b8cfda0 bsp=e00000017b8c8ff0
 [<a0000001000aed80>] load_module+0x7e0/0x2ba0
                                sp=e00000017b8cfda0 bsp=e00000017b8c8ec0
 [<a0000001000b1220>] sys_init_module+0xe0/0x640
                                sp=e00000017b8cfe30 bsp=e00000017b8c8e50
 [<a00000010000fa80>] ia64_ret_from_syscall+0x0/0x20
                                sp=e00000017b8cfe30 bsp=e00000017b8c8e50
 [<a000000000010620>] 0xa000000000010620
                                sp=e00000017b8d0000 bsp=e00000017b8c8e50

Comment 1 Arjan van de Ven 2004-09-20 19:26:10 UTC

kernel unaligned accesses are legal and usually not a problem
I'll neuter the warning

Comment 2 H.J. Lu 2004-10-11 17:07:13 UTC

2.6.8-1.603 still reports:

kernel unaligned access to 0xa0000002002d805e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d806e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d807e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d808e, ip=0xa0000001002112e0

Comment 4 H.J. Lu 2004-11-08 19:48:44 UTC

2.6.9-1.648_EL has the same problem:

kernel unaligned access to 0xa00000020039805f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039806f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039807f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039808f, ip=0xa000000100215c80

Comment 5 David Howells 2004-11-18 16:18:31 UTC

I have a patch for this. The problem is that the SHA1 crypto code is given a 
u8* to the buffer it is to digest, but then reads from it as u32* under certain 
circumstances. 
 
Situations can be contrived in which the u32* will be misaligned, either by 
preloading the digest with an odd number of bytes or by passing it a pointer 
that's not aligned on a 32-bit boundary. 
 
For most archs, this shouldn't be a problem as fixing up is possible, if not 
trivial; but for some archs fixing up isn't possible. So I've made the patch 
fix SHA1 rather than removing the warning from IA64.

Comment 6 David Howells 2004-11-18 16:20:12 UTC

Created attachment 106966 [details]
Patch to fix SHA1's potential misaligned accesses

Comment 7 H.J. Lu 2004-11-18 21:47:20 UTC

This patch works for me.

Comment 8 Jay Turner 2005-01-14 11:17:10 UTC

Fix confirmed with latest code.  Closing out.

Comment 16 Red Hat Bugzilla 2007-02-05 18:59:24 UTC

REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.

Comment 18 Linda Wang 2007-02-08 17:00:13 UTC

closed per comment #17.  If anyone would like to revisit this issue, please
reopen if need to.

Note You need to log in before you can comment on or make changes to this bug.