Bug 132997 – Signed module causes unaligned kernel access

Bug 132997 - Signed module causes unaligned kernel access

Summary:	Signed module causes unaligned kernel access

Status:	CLOSED WORKSFORME

Aliases:	None

Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	kernel (Show other bugs)
Sub Component:
Version:	4.0
Hardware:	ia64 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	David Howells
QA Contact:	Brian Brock
Docs Contact:

URL:
Whiteboard:
Keywords:	Reopened

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2004-09-20 15:21 EDT by H.J. Lu
Modified:	2007-11-30 17:07 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-02-08 12:00:13 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Patch to fix SHA1's potential misaligned accesses (435 bytes, patch) 2004-11-18 11:20 EST, David Howells	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description H.J. Lu 2004-09-20 15:21:51 EDT

Starting from 1-579 kernel, signed module causes unaligned kernel
access on ia64. I am getting

kernel unaligned access to 0xa0000002002e47ee, ip=0xa000000100211960
 
Call Trace:
 [<a000000100017490>] show_stack+0x90/0xc0
                                sp=e00000017b8cf610 bsp=e00000017b8c9330
 [<a0000001000174f0>] dump_stack+0x30/0x60
                                sp=e00000017b8cf7e0 bsp=e00000017b8c9318
 [<a000000100043100>] ia64_handle_unaligned+0x540/0x2600
                                sp=e00000017b8cf7e0 bsp=e00000017b8c9290
 [<a0000001000101b0>] ia64_prepare_handle_unaligned+0x30/0x60
                                sp=e00000017b8cf990 bsp=e00000017b8c9290
 [<a00000010000fbe0>] ia64_leave_kernel+0x0/0x260
                                sp=e00000017b8cfba0 bsp=e00000017b8c9290
 [<a000000100211960>] sha1_transform+0x60/0x3160
                                sp=e00000017b8cfd70 bsp=e00000017b8c9128
 [<a000000100214c60>] sha1_update+0x120/0x1a0
                                sp=e00000017b8cfda0 bsp=e00000017b8c90e0
 [<a00000010020fd40>] update_kernel+0x60/0x100
                                sp=e00000017b8cfda0 bsp=e00000017b8c90b0
 [<a0000001000b3340>] module_verify_sig+0x660/0x740
                                sp=e00000017b8cfda0 bsp=e00000017b8c8ff0
 [<a0000001000aed80>] load_module+0x7e0/0x2ba0
                                sp=e00000017b8cfda0 bsp=e00000017b8c8ec0
 [<a0000001000b1220>] sys_init_module+0xe0/0x640
                                sp=e00000017b8cfe30 bsp=e00000017b8c8e50
 [<a00000010000fa80>] ia64_ret_from_syscall+0x0/0x20
                                sp=e00000017b8cfe30 bsp=e00000017b8c8e50
 [<a000000000010620>] 0xa000000000010620
                                sp=e00000017b8d0000 bsp=e00000017b8c8e50

Comment 1 Arjan van de Ven 2004-09-20 15:26:10 EDT

kernel unaligned accesses are legal and usually not a problem
I'll neuter the warning

Comment 2 H.J. Lu 2004-10-11 13:07:13 EDT

2.6.8-1.603 still reports:

kernel unaligned access to 0xa0000002002d805e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d806e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d807e, ip=0xa0000001002112e0
kernel unaligned access to 0xa0000002002d808e, ip=0xa0000001002112e0

Comment 4 H.J. Lu 2004-11-08 14:48:44 EST

2.6.9-1.648_EL has the same problem:

kernel unaligned access to 0xa00000020039805f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039806f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039807f, ip=0xa000000100215c80
kernel unaligned access to 0xa00000020039808f, ip=0xa000000100215c80

Comment 5 David Howells 2004-11-18 11:18:31 EST

I have a patch for this. The problem is that the SHA1 crypto code is given a 
u8* to the buffer it is to digest, but then reads from it as u32* under certain 
circumstances. 
 
Situations can be contrived in which the u32* will be misaligned, either by 
preloading the digest with an odd number of bytes or by passing it a pointer 
that's not aligned on a 32-bit boundary. 
 
For most archs, this shouldn't be a problem as fixing up is possible, if not 
trivial; but for some archs fixing up isn't possible. So I've made the patch 
fix SHA1 rather than removing the warning from IA64.

Comment 6 David Howells 2004-11-18 11:20:12 EST

Created attachment 106966 [details]
Patch to fix SHA1's potential misaligned accesses

Comment 7 H.J. Lu 2004-11-18 16:47:20 EST

This patch works for me.

Comment 8 Jay Turner 2005-01-14 06:17:10 EST

Fix confirmed with latest code.  Closing out.

Comment 16 Red Hat Bugzilla 2007-02-05 13:59:24 EST

REOPENED status has been deprecated. ASSIGNED with keyword of Reopened is preferred.

Comment 18 Linda Wang 2007-02-08 12:00:13 EST

closed per comment #17.  If anyone would like to revisit this issue, please
reopen if need to.

Note You need to log in before you can comment on or make changes to this bug.