From: Larry Finger <Larry.Finger@lwfinger.net>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Mario 'BitKoenig' Holbe <Mario.Holbe@TU-Ilmenau.DE>,
Matt Mackall <mpm@selenic.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Harald Welte <HaraldWelte@viatech.com>,
Michal Ludvig <michal@logix.cz>
Subject: Re: 2.6.37-rc7: Regression: b43: crashes in hwrng_register()
Date: Tue, 04 Jan 2011 18:14:16 -0600 [thread overview]
Message-ID: <4D23B7D8.7090701@lwfinger.net> (raw)
In-Reply-To: <20110104224238.GA4978@gondor.apana.org.au>
On 01/04/2011 04:42 PM, Herbert Xu wrote:
> On Tue, Jan 04, 2011 at 01:57:22PM +0100, Mario 'BitKoenig' Holbe wrote:
>>
>> # hexdump -n 512 -C /dev/hwrng
>> 00000000 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
>> 00000010 ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 |................|
>> 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
>> *
>
> Weird.
>
> Can you please try this patch against vanilla to print out the
> raw output of xstore?
>
> diff --git a/drivers/char/hw_random/via-rng.c b/drivers/char/hw_random/via-rng.c
> index 794aacb..4408d4e 100644
> --- a/drivers/char/hw_random/via-rng.c
> +++ b/drivers/char/hw_random/via-rng.c
> @@ -24,6 +24,7 @@
> * warranty of any kind, whether express or implied.
> */
>
> +#include <crypto/padlock.h>
> #include <linux/module.h>
> #include <linux/kernel.h>
> #include <linux/hw_random.h>
> @@ -34,7 +35,6 @@
> #include <asm/i387.h>
>
>
> -#define PFX KBUILD_MODNAME ": "
>
>
> enum {
> @@ -85,13 +85,16 @@ static inline u32 xstore(u32 *addr, u32 edx_in)
> :"D"(addr), "d"(edx_in));
>
> irq_ts_restore(ts_state);
> + printk(KERN_DEBUG "0x%x\n", *addr);
> return eax_out;
> }
>
> static int via_rng_data_present(struct hwrng *rng, int wait)
> {
> + char buf[16 + PADLOCK_ALIGNMENT - STACK_ALIGN] __attribute__
> + ((aligned(STACK_ALIGN)));
> + u32 *via_rng_datum = (u32 *)PTR_ALIGN(&buf[0], PADLOCK_ALIGNMENT);
If I didn't get lost in expanding all those macros, I think the above can end up
with what is essentially a negative value for the index of buf. Shouldn't the
right-hand side of the statement be
(u32 *)PTR_ALIGN(&buf[PADLOCK_ALIGNMENT], PADLOCK_ALIGNMENT);
That resolves to an index for buf from 0 to (PADLOCK_ALIGNMENT - 1).
Larry
WARNING: multiple messages have this Message-ID (diff)
From: Larry Finger <Larry.Finger@lwfinger.net>
To: Herbert Xu <herbert@gondor.hengli.com.au>
Cc: "Mario 'BitKoenig' Holbe" <Mario.Holbe@TU-Ilmenau.DE>,
Matt Mackall <mpm@selenic.com>,
LKML <linux-kernel@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Harald Welte <HaraldWelte@viatech.com>,
Michal Ludvig <michal@logix.cz>
Subject: Re: 2.6.37-rc7: Regression: b43: crashes in hwrng_register()
Date: Tue, 04 Jan 2011 18:14:16 -0600 [thread overview]
Message-ID: <4D23B7D8.7090701@lwfinger.net> (raw)
In-Reply-To: <20110104224238.GA4978@gondor.apana.org.au>
On 01/04/2011 04:42 PM, Herbert Xu wrote:
> On Tue, Jan 04, 2011 at 01:57:22PM +0100, Mario 'BitKoenig' Holbe wrote:
>>
>> # hexdump -n 512 -C /dev/hwrng
>> 00000000 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |................|
>> 00000010 ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 |................|
>> 00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
>> *
>
> Weird.
>
> Can you please try this patch against vanilla to print out the
> raw output of xstore?
>
> diff --git a/drivers/char/hw_random/via-rng.c b/drivers/char/hw_random/via-rng.c
> index 794aacb..4408d4e 100644
> --- a/drivers/char/hw_random/via-rng.c
> +++ b/drivers/char/hw_random/via-rng.c
> @@ -24,6 +24,7 @@
> * warranty of any kind, whether express or implied.
> */
>
> +#include <crypto/padlock.h>
> #include <linux/module.h>
> #include <linux/kernel.h>
> #include <linux/hw_random.h>
> @@ -34,7 +35,6 @@
> #include <asm/i387.h>
>
>
> -#define PFX KBUILD_MODNAME ": "
>
>
> enum {
> @@ -85,13 +85,16 @@ static inline u32 xstore(u32 *addr, u32 edx_in)
> :"D"(addr), "d"(edx_in));
>
> irq_ts_restore(ts_state);
> + printk(KERN_DEBUG "0x%x\n", *addr);
> return eax_out;
> }
>
> static int via_rng_data_present(struct hwrng *rng, int wait)
> {
> + char buf[16 + PADLOCK_ALIGNMENT - STACK_ALIGN] __attribute__
> + ((aligned(STACK_ALIGN)));
> + u32 *via_rng_datum = (u32 *)PTR_ALIGN(&buf[0], PADLOCK_ALIGNMENT);
If I didn't get lost in expanding all those macros, I think the above can end up
with what is essentially a negative value for the index of buf. Shouldn't the
right-hand side of the statement be
(u32 *)PTR_ALIGN(&buf[PADLOCK_ALIGNMENT], PADLOCK_ALIGNMENT);
That resolves to an index for buf from 0 to (PADLOCK_ALIGNMENT - 1).
Larry
next prev parent reply other threads:[~2011-01-05 0:14 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-29 0:34 2.6.37-rc7: Regression: b43: crashes in hwrng_register() Larry Finger
2010-12-29 0:34 ` Larry Finger
2010-12-29 19:54 ` Mario 'BitKoenig' Holbe
2010-12-30 0:30 ` Larry Finger
2010-12-30 0:30 ` Larry Finger
2010-12-30 1:20 ` Mario 'BitKoenig' Holbe
2010-12-30 2:37 ` Larry Finger
2010-12-30 2:37 ` Larry Finger
2010-12-30 14:34 ` Mario 'BitKoenig' Holbe
2010-12-30 18:37 ` Larry Finger
2010-12-30 18:37 ` Larry Finger
2010-12-30 20:45 ` Mario 'BitKoenig' Holbe
2010-12-30 22:49 ` Larry Finger
2010-12-30 23:17 ` Mario 'BitKoenig' Holbe
2010-12-31 0:37 ` Herbert Xu
2010-12-31 0:37 ` Herbert Xu
2010-12-31 0:46 ` Larry Finger
2010-12-31 0:46 ` Larry Finger
2010-12-31 2:25 ` Mario 'BitKoenig' Holbe
2010-12-31 2:46 ` Herbert Xu
2010-12-31 2:46 ` Herbert Xu
2010-12-31 8:51 ` Mario 'BitKoenig' Holbe
2011-01-04 4:33 ` Herbert Xu
2011-01-04 4:33 ` Herbert Xu
2011-01-04 12:19 ` Mario 'BitKoenig' Holbe
2011-01-04 12:38 ` Herbert Xu
2011-01-04 12:38 ` Herbert Xu
2011-01-04 12:57 ` Mario 'BitKoenig' Holbe
2011-01-04 22:42 ` Herbert Xu
2011-01-04 22:42 ` Herbert Xu
2011-01-04 23:06 ` Mario 'BitKoenig' Holbe
2011-01-04 23:26 ` Larry Finger
2011-01-04 23:26 ` Larry Finger
2011-01-04 23:35 ` Mario 'BitKoenig' Holbe
2011-01-04 23:35 ` Mario 'BitKoenig' Holbe
2011-01-05 0:30 ` Herbert Xu
2011-01-05 0:30 ` Herbert Xu
2011-01-05 1:45 ` Mario 'BitKoenig' Holbe
2011-01-05 3:52 ` Mario 'BitKoenig' Holbe
2011-01-05 5:47 ` Herbert Xu
2011-01-05 5:47 ` Herbert Xu
2011-01-05 13:16 ` Mario 'BitKoenig' Holbe
2011-01-06 6:12 ` Herbert Xu
2011-01-06 13:15 ` Mario 'BitKoenig' Holbe
2011-01-06 13:35 ` Herbert Xu
2011-01-06 13:35 ` Herbert Xu
2011-01-06 13:56 ` Larry Finger
2011-01-06 13:56 ` Larry Finger
2011-01-06 14:42 ` Mario 'BitKoenig' Holbe
2011-01-07 3:49 ` Herbert Xu
2011-01-07 3:49 ` Herbert Xu
2011-01-07 3:54 ` crypto: padlock - Move padlock.h into include/crypto Herbert Xu
2011-01-07 3:54 ` Herbert Xu
2011-01-07 3:55 ` hwrng: via_rng - Fix memory scribbling on some CPUs Herbert Xu
2011-01-07 3:55 ` Herbert Xu
2011-01-06 6:12 ` 2.6.37-rc7: Regression: b43: crashes in hwrng_register() Herbert Xu
2011-01-05 0:14 ` Larry Finger [this message]
2011-01-05 0:14 ` Larry Finger
2011-01-05 0:19 ` Herbert Xu
2011-01-05 0:19 ` Herbert Xu
2011-01-05 1:38 ` Larry Finger
2011-01-05 1:38 ` Larry Finger
2010-12-31 1:57 ` Michael Büsch
2010-12-31 1:57 ` Michael Büsch
2010-12-31 2:25 ` Larry Finger
2010-12-31 2:25 ` Larry Finger
-- strict thread matches above, loose matches on Subject: below --
2010-12-28 13:32 Mario 'BitKoenig' Holbe
2010-12-29 10:30 ` Maciej Rutecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D23B7D8.7090701@lwfinger.net \
--to=larry.finger@lwfinger.net \
--cc=HaraldWelte@viatech.com \
--cc=Mario.Holbe@TU-Ilmenau.DE \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michal@logix.cz \
--cc=mpm@selenic.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.