Commit 24ab54cb authored Sep 27, 2006 by Ollie Wild Committed by Paul Mundt Sep 27, 2006

sh: Fix TCP payload csum bug in csum_partial_copy_generic().



There's a bug in the Hitachi SuperH csum_partial_copy_generic()
implementation.  If the supplied length is 1 (and several alignment
conditions are met), the function immediately branches to label 4.
However, the assembly at label 4 expects the length to be stored in
register r2.  Since this has not occurred, subsequent behavior is
undefined.

This can cause bad payload checksums in TCP connections.

I've fixed the problem by initializing register r2 prior to the branch
instruction.

Signed-off-by: Ollie Wild <aaw@rincewind.tv>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>

parent 8b395265

arch/sh/lib/checksum.S

+2 −1

Original line number	Diff line number	Diff line
		@@ -202,8 +202,9 @@ ENTRY(csum_partial_copy_generic)
		cmp/pz r6 ! Jump if we had at least two bytes.
		bt/s 1f
		clrt
		bra 4f
		add #2,r6 ! r6 was < 2. Deal with it.
		bra 4f
		mov r6,r2

		3: ! Handle different src and dest alignments.
		! This is not common, so simple byte by byte copy will do.