sh: Fix TCP payload csum bug in csum_partial_copy_generic().

There's a bug in the Hitachi SuperH csum_partial_copy_generic() implementation. If the supplied length is 1 (and several alignment conditions are met), the function immediately branches to label 4. However, the assembly at label 4 expects the length to be stored in register r2. Since this has not occurred, subsequent behavior is undefined. This can cause bad payload checksums in TCP connections. I've fixed the problem by initializing register r2 prior to the branch instruction. Signed-off-by: Ollie Wild <aaw@rincewind.tv> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
git-mirror · Sep 27, 2006 · 24ab54c · 24ab54c
1 parent 8b39526
commit 24ab54c
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/arch/sh/lib/checksum.S b/arch/sh/lib/checksum.S
@@ -202,8 +202,9 @@ ENTRY(csum_partial_copy_generic)
 	cmp/pz	r6		! Jump if we had at least two bytes.
 	bt/s	1f
 	 clrt
+	add	#2,r6		! r6 was < 2.	Deal with it.
 	bra	4f
-	 add	#2,r6		! r6 was < 2.	Deal with it.
+	 mov	r6,r2
 
 3:	! Handle different src and dest alignments.
 	! This is not common, so simple byte by byte copy will do.