IPSec kernel oops on ppc64

Herbert Xu herbert at gondor.apana.org.au
Wed Aug 30 21:09:20 EST 2006


Thanks to some excellent info from Joy, I've trakced the problem down to
a broken implementation of memmove on ppc64, which in turn is due to a
broken memcpy.

Both memmove and memcpy need to return the destination pointer as per
the C standard.  The ppc64 version of memcpy returns a pointer to the
last byte copied instead.  Since memmove degenerates into memcpy in
some cases, this makes it broken as well.

Something like the following patch should fix the problem.  Be warned
that I know absolutely nothing about ppc assembly so don't come back
to me if this patch eats your disk :)

BTW, I spotted a couple of typos in memcpy_64.S/copyuser_64.S where
"cmpldi cr1,..." became "cmpldi r1,...".  So please fix that up while
you ppc64 guys are at it.

Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/arch/powerpc/lib/memcpy_64.S b/arch/powerpc/lib/memcpy_64.S
index fd66acf..9e8d9e7 100644
--- a/arch/powerpc/lib/memcpy_64.S
+++ b/arch/powerpc/lib/memcpy_64.S
@@ -11,6 +11,7 @@ #include <asm/ppc_asm.h>
 	.align	7
+	std	r3,-8(r1)
 	mtcrf	0x01,r5
 	cmpldi	cr1,r5,16
 	neg	r6,r3		# LS 3 bits = # bytes to 8-byte dest bdry
@@ -53,7 +54,8 @@ _GLOBAL(memcpy)
 2:	bf	cr7*4+3,3f
 	rotldi	r9,r9,8
 	stb	r9,0(r3)
-3:	blr
+3:	ld	r3,-8(r1)
+	blr
 	srdi	r6,r5,3
@@ -167,4 +169,5 @@ _GLOBAL(memcpy)
 3:	bf	cr7*4+3,4f
 	lbz	r0,0(r4)
 	stb	r0,0(r3)
-4:	blr
+4:	ld	r3,-8(r1)
+	blr

More information about the Linuxppc-dev mailing list