Bug 132997 - Signed module causes unaligned kernel access
Summary: Signed module causes unaligned kernel access
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
(Show other bugs)
Version: 4.0
Hardware: ia64 Linux
medium
medium
Target Milestone: ---
: ---
Assignee: David Howells
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords: Reopened
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-09-20 19:21 UTC by H.J. Lu
Modified: 2007-11-30 22:07 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-08 17:00:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix SHA1's potential misaligned accesses (435 bytes, patch)
2004-11-18 16:20 UTC, David Howells
no flags Details | Diff

Description H.J. Lu 2004-09-20 19:21:51 UTC
Starting from 1-579 kernel, signed module causes unaligned kernel
access on ia64. I am getting

kernel unaligned access to 0xa0000002002e47ee, ip=0xa000000100211960
 
Call Trace:
 [<a000000100017490>] show_stack+0x90/0xc0
                                sp=e00000017b8cf610 bsp=e00000017b8c9330
 [<a0000001000174f0>] dump_stack+0x30/0x60
                                sp=e00000017b8cf7e0 bsp=e00000017b8c9318
 [<a000000100043100>] ia64_handle_unaligned+0x540/0x2600
                                sp=e00000017b8cf7e0 bsp=e00000017b8c9290
 [<a0000001000101b0>] ia64_prepare_handle_unaligned+0x30/0x60
                                sp=e00000017b8cf990 bsp=e00000017b8c9290
 [<a00000010000fbe0>] ia64_leave_kernel+0x0/0x260
                                sp=e00000017b8cfba0 bsp=e00000017b8c9290
 [<a000000100211960>] sha1_transform+0x60/0x3160
                                sp=e00000017b8cfd70 bsp=e00000017b8c9128
 [<a000000100214c60>] sha1_update+0x120/0x1a0
                                sp=e00000017b8cfda0 bsp=e00000017b8c90e0
 [<a00000010020fd40>] update_kernel+0x60/0x100
                                sp=e00000017b8cfda0 bsp=e00000017b8c90b0
 [<a0000001000b3340>] module_verify_sig+0x660/0x740
                                sp=e00000017b8cfda0 bsp=e00000017b8c8ff0
 [<a0000001000aed80>] load_module+0x7e0/0x2ba0
                                sp=e00000017b8cfda0 bsp=e00000017b8c8ec0
 [<a0000001000b1220>] sys_init_module+0xe0/0x640
                                sp=e00000017b8cfe30 bsp=e00000017b8c8e50
 [<a00000010000fa80>] ia64_ret_from_syscall+0x0/0x20
                                sp=e00000017b8cfe30 bsp=e00000017b8c8e50
 [<a000000000010620>] 0xa000000000010620
                                sp=e00000017b8d0000 bsp=e00000017b8c8e50

Comment 1 Arjan van de Ven 2004-09-20 19:26:10 UTC
kernel unaligned accesses are legal and usually not a problem
I'll neuter the warning


Comment 2 H.J. Lu 2004-10-11 17:07:13 UTC
2.6.8-1.603 still reports:

kernel unaligned access to 0xa0000002002d805e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d806e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d807e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d808e, ip=0xa0000001002112e0


Comment 4 H.J. Lu 2004-11-08 19:48:44 UTC
2.6.9-1.648_EL has the same problem:

kernel unaligned access to 0xa00000020039805f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039806f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039807f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039808f, ip=0xa000000100215c80

Comment 5 David Howells 2004-11-18 16:18:31 UTC
I have a patch for this. The problem is that the SHA1 crypto code is given a 
u8* to the buffer it is to digest, but then reads from it as u32* under certain 
circumstances. 
 
Situations can be contrived in which the u32* will be misaligned, either by 
preloading the digest with an odd number of bytes or by passing it a pointer 
that's not aligned on a 32-bit boundary. 
 
For most archs, this shouldn't be a problem as fixing up is possible, if not 
trivial; but for some archs fixing up isn't possible. So I've made the patch 
fix SHA1 rather than removing the warning from IA64. 

Comment 6 David Howells 2004-11-18 16:20:12 UTC
Created attachment 106966 [details]
Patch to fix SHA1's potential misaligned accesses

Comment 7 H.J. Lu 2004-11-18 21:47:20 UTC
This patch works for me.

Comment 8 Jay Turner 2005-01-14 11:17:10 UTC
Fix confirmed with latest code.  Closing out.

Comment 16 Red Hat Bugzilla 2007-02-05 18:59:24 UTC
REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.

Comment 18 Linda Wang 2007-02-08 17:00:13 UTC
closed per comment #17.  If anyone would like to revisit this issue, please
reopen if need to.



Note You need to log in before you can comment on or make changes to this bug.