linux-mips
[Top] [All Lists]

Improper handling of unaligned user address access?

To: linux-mips@linux-mips.org
Subject: Improper handling of unaligned user address access?
From: "Steven J. Hill" <sjhill@realitydiluted.com>
Date: Mon, 03 Mar 2003 13:48:12 -0600
Original-recipient: rfc822;linux-mips@linux-mips.org
Sender: linux-mips-bounce@linux-mips.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20021226 Debian/1.2.1-9
Greetings.

I am having some issues using 'copy_from_user' in a driver. The issue
is that instead of returning a EFAULT for a bad address, it throws a
kernel panic and then proceeds to segfault the application. I am doing
a test on the module where I pass in an invalid user source address:

   copy_from_user(&dst, src, sizeof(dst));

where 'src' is equal to '0xa'. Now for the interesting part. When it
goes to do the copy, in 'arch/mips/lib/memcpy.S' it correctly jumps
to 'src_unaligned_dst_aligned' and then to 'cleanup_src_unaligned'
and we have the following code:

   8025f004 <cleanup_src_unaligned>:
   8025f004:       10c00017        beqz    a2,8025f064 <done>
   8025f008:       30d80003        andi    t8,a2,0x3
   8025f00c:       13060009        beq     t8,a2,8025f034 <copy_bytes>
   8025f010:       88a80000        lwl     t0,0(a1)

The instruction at 8025f00c is the offending instruction, however, the
kernel oops that kills the process shows:

   Unable to handle kernel paging request at virtual address 0000000a,
   epc == 8025f00c, ra == 8011c3c8
   Oops in fault.c:do_page_fault, line 199:
$0 : 00000000 00000012 0000001a 0000001a 87887f10 0000000a 00000008 00000001 $8 : 00000000 00000000 00000000 00001116 802ec2f0 fffffffe ffffffff 00000010 $16: 0000000a 7fff7d68 87887f10 00000000 004009b4 00000000 00000000 00000000 $24: 00000000 87887e18 87886000 87887f00 7fff7d30 8011c3c8
   Hi : 00000000
   Lo : 00000000
   epc  : 8025f00c    Not tainted
   Status: 3000fc03
   Cause : 90000008

I am using the last version of the 2.4.18 Linux/MIPS kernel. It looks
like there was a possible fix for this in 'arch/mips/kernel/unaligned.c'
by Ralf, but it did not seem to work. Any thoughts on this?

-Steve



<Prev in Thread] Current Thread [Next in Thread>