* [PATCH] crypto: caam - fix zero-length buffer DMA mapping
@ 2018-12-19 14:36 Horia Geantă
2018-12-19 14:41 ` Christoph Hellwig
2019-01-10 14:03 ` Herbert Xu
0 siblings, 2 replies; 3+ messages in thread
From: Horia Geantă @ 2018-12-19 14:36 UTC (permalink / raw)
To: Herbert Xu
Cc: Aymen Sghaier, Christoph Hellwig, linux-crypto, David S. Miller,
linux-arm-kernel, linux-imx
From: Aymen Sghaier <aymen.sghaier@nxp.com>
Recent changes - probably DMA API related (generic and/or arm64-specific) -
exposed a case where driver maps a zero-length buffer:
ahash_init()->ahash_update()->ahash_final() with a zero-length string to
hash
kernel BUG at kernel/dma/swiotlb.c:475!
Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
Modules linked in:
CPU: 2 PID: 1823 Comm: cryptomgr_test Not tainted 4.20.0-rc1-00108-g00c9fe37a7f2 #1
Hardware name: LS1046A RDB Board (DT)
pstate: 80000005 (Nzcv daif -PAN -UAO)
pc : swiotlb_tbl_map_single+0x170/0x2b8
lr : swiotlb_map_page+0x134/0x1f8
sp : ffff00000f79b8f0
x29: ffff00000f79b8f0 x28: 0000000000000000
x27: ffff0000093d0000 x26: 0000000000000000
x25: 00000000001f3ffe x24: 0000000000200000
x23: 0000000000000000 x22: 00000009f2c538c0
x21: ffff800970aeb410 x20: 0000000000000001
x19: ffff800970aeb410 x18: 0000000000000007
x17: 000000000000000e x16: 0000000000000001
x15: 0000000000000019 x14: c32cb8218a167fe8
x13: ffffffff00000000 x12: ffff80097fdae348
x11: 0000800976bca000 x10: 0000000000000010
x9 : 0000000000000000 x8 : ffff0000091fd6c8
x7 : 0000000000000000 x6 : 00000009f2c538bf
x5 : 0000000000000000 x4 : 0000000000000001
x3 : 0000000000000000 x2 : 00000009f2c538c0
x1 : 00000000f9fff000 x0 : 0000000000000000
Process cryptomgr_test (pid: 1823, stack limit = 0x(____ptrval____))
Call trace:
swiotlb_tbl_map_single+0x170/0x2b8
swiotlb_map_page+0x134/0x1f8
ahash_final_no_ctx+0xc4/0x6cc
ahash_final+0x10/0x18
crypto_ahash_op+0x30/0x84
crypto_ahash_final+0x14/0x1c
__test_hash+0x574/0xe0c
test_hash+0x28/0x80
__alg_test_hash+0x84/0xd0
alg_test_hash+0x78/0x144
alg_test.part.30+0x12c/0x2b4
alg_test+0x3c/0x68
cryptomgr_test+0x44/0x4c
kthread+0xfc/0x128
ret_from_fork+0x10/0x18
Code: d34bfc18 2a1a03f7 1a9f8694 35fff89a (d4210000)
Cc: <stable@vger.kernel.org>
Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
---
A bisect b/w above-mentioned commit 00c9fe37a7f2 (bad) and v4.19 (good)
points to commit
b4ebe6063204 ("dma-direct: implement complete bus_dma_mask handling")
Chronologically:
v4.19 (good) -> b4ebe6063204 (bad) -> 00c9fe37a7f2 (bad) -> v4.20-rc7 (good)
Cc-ing stable to make sure patch will be added in 4.20.y
drivers/crypto/caam/caamhash.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
index 81712aa5d0f2..bb1a2cdf1951 100644
--- a/drivers/crypto/caam/caamhash.c
+++ b/drivers/crypto/caam/caamhash.c
@@ -1072,13 +1072,16 @@ static int ahash_final_no_ctx(struct ahash_request *req)
desc = edesc->hw_desc;
- state->buf_dma = dma_map_single(jrdev, buf, buflen, DMA_TO_DEVICE);
- if (dma_mapping_error(jrdev, state->buf_dma)) {
- dev_err(jrdev, "unable to map src\n");
- goto unmap;
- }
+ if (buflen) {
+ state->buf_dma = dma_map_single(jrdev, buf, buflen,
+ DMA_TO_DEVICE);
+ if (dma_mapping_error(jrdev, state->buf_dma)) {
+ dev_err(jrdev, "unable to map src\n");
+ goto unmap;
+ }
- append_seq_in_ptr(desc, state->buf_dma, buflen, 0);
+ append_seq_in_ptr(desc, state->buf_dma, buflen, 0);
+ }
edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result,
digestsize);
--
2.16.2
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] crypto: caam - fix zero-length buffer DMA mapping
2018-12-19 14:36 [PATCH] crypto: caam - fix zero-length buffer DMA mapping Horia Geantă
@ 2018-12-19 14:41 ` Christoph Hellwig
2019-01-10 14:03 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Christoph Hellwig @ 2018-12-19 14:41 UTC (permalink / raw)
To: Horia Geantă
Cc: Aymen Sghaier, Herbert Xu, David S. Miller, linux-crypto,
Christoph Hellwig, linux-arm-kernel, linux-imx
Yes, we should never do zero-length dma mappings, so this looks good:
Reviewed-by: Christoph Hellwig <hch@lst.de>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: caam - fix zero-length buffer DMA mapping
2018-12-19 14:36 [PATCH] crypto: caam - fix zero-length buffer DMA mapping Horia Geantă
2018-12-19 14:41 ` Christoph Hellwig
@ 2019-01-10 14:03 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2019-01-10 14:03 UTC (permalink / raw)
To: Horia Geantă
Cc: Aymen Sghaier, Christoph Hellwig, linux-crypto, David S. Miller,
linux-arm-kernel, linux-imx
On Wed, Dec 19, 2018 at 04:36:44PM +0200, Horia Geantă wrote:
> From: Aymen Sghaier <aymen.sghaier@nxp.com>
>
> Recent changes - probably DMA API related (generic and/or arm64-specific) -
> exposed a case where driver maps a zero-length buffer:
> ahash_init()->ahash_update()->ahash_final() with a zero-length string to
> hash
>
> kernel BUG at kernel/dma/swiotlb.c:475!
> Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
> Modules linked in:
> CPU: 2 PID: 1823 Comm: cryptomgr_test Not tainted 4.20.0-rc1-00108-g00c9fe37a7f2 #1
> Hardware name: LS1046A RDB Board (DT)
> pstate: 80000005 (Nzcv daif -PAN -UAO)
> pc : swiotlb_tbl_map_single+0x170/0x2b8
> lr : swiotlb_map_page+0x134/0x1f8
> sp : ffff00000f79b8f0
> x29: ffff00000f79b8f0 x28: 0000000000000000
> x27: ffff0000093d0000 x26: 0000000000000000
> x25: 00000000001f3ffe x24: 0000000000200000
> x23: 0000000000000000 x22: 00000009f2c538c0
> x21: ffff800970aeb410 x20: 0000000000000001
> x19: ffff800970aeb410 x18: 0000000000000007
> x17: 000000000000000e x16: 0000000000000001
> x15: 0000000000000019 x14: c32cb8218a167fe8
> x13: ffffffff00000000 x12: ffff80097fdae348
> x11: 0000800976bca000 x10: 0000000000000010
> x9 : 0000000000000000 x8 : ffff0000091fd6c8
> x7 : 0000000000000000 x6 : 00000009f2c538bf
> x5 : 0000000000000000 x4 : 0000000000000001
> x3 : 0000000000000000 x2 : 00000009f2c538c0
> x1 : 00000000f9fff000 x0 : 0000000000000000
> Process cryptomgr_test (pid: 1823, stack limit = 0x(____ptrval____))
> Call trace:
> swiotlb_tbl_map_single+0x170/0x2b8
> swiotlb_map_page+0x134/0x1f8
> ahash_final_no_ctx+0xc4/0x6cc
> ahash_final+0x10/0x18
> crypto_ahash_op+0x30/0x84
> crypto_ahash_final+0x14/0x1c
> __test_hash+0x574/0xe0c
> test_hash+0x28/0x80
> __alg_test_hash+0x84/0xd0
> alg_test_hash+0x78/0x144
> alg_test.part.30+0x12c/0x2b4
> alg_test+0x3c/0x68
> cryptomgr_test+0x44/0x4c
> kthread+0xfc/0x128
> ret_from_fork+0x10/0x18
> Code: d34bfc18 2a1a03f7 1a9f8694 35fff89a (d4210000)
>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Aymen Sghaier <aymen.sghaier@nxp.com>
> Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-01-10 14:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-12-19 14:36 [PATCH] crypto: caam - fix zero-length buffer DMA mapping Horia Geantă
2018-12-19 14:41 ` Christoph Hellwig
2019-01-10 14:03 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).