From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jan Glauber <jglauber@cavium.com>,
Robert Richter <rrichter@cavium.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.16 39/43] crypto: cavium - Fix fallout from CONFIG_VMAP_STACK
Date: Thu, 14 Jun 2018 16:04:43 +0200 [thread overview]
Message-ID: <20180614132137.773280448@linuxfoundation.org> (raw)
In-Reply-To: <20180614132135.111973468@linuxfoundation.org>
4.16-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Glauber <jglauber@cavium.com>
commit 37ff02acaa3d7be87ecb89f198a549ffd3ae2403 upstream.
Enabling virtual mapped kernel stacks breaks the thunderx_zip
driver. On compression or decompression the executing CPU hangs
in an endless loop. The reason for this is the usage of __pa
by the driver which does no longer work for an address that is
not part of the 1:1 mapping.
The zip driver allocates a result struct on the stack and needs
to tell the hardware the physical address within this struct
that is used to signal the completion of the request.
As the hardware gets the wrong address after the broken __pa
conversion it writes to an arbitrary address. The zip driver then
waits forever for the completion byte to contain a non-zero value.
Allocating the result struct from 1:1 mapped memory resolves this
bug.
Signed-off-by: Jan Glauber <jglauber@cavium.com>
Reviewed-by: Robert Richter <rrichter@cavium.com>
Cc: stable <stable@vger.kernel.org> # 4.14
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/cavium/zip/zip_crypto.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
--- a/drivers/crypto/cavium/zip/zip_crypto.c
+++ b/drivers/crypto/cavium/zip/zip_crypto.c
@@ -124,7 +124,7 @@ int zip_compress(const u8 *src, unsigned
struct zip_kernel_ctx *zip_ctx)
{
struct zip_operation *zip_ops = NULL;
- struct zip_state zip_state;
+ struct zip_state *zip_state;
struct zip_device *zip = NULL;
int ret;
@@ -135,20 +135,23 @@ int zip_compress(const u8 *src, unsigned
if (!zip)
return -ENODEV;
- memset(&zip_state, 0, sizeof(struct zip_state));
+ zip_state = kzalloc(sizeof(*zip_state), GFP_ATOMIC);
+ if (!zip_state)
+ return -ENOMEM;
+
zip_ops = &zip_ctx->zip_comp;
zip_ops->input_len = slen;
zip_ops->output_len = *dlen;
memcpy(zip_ops->input, src, slen);
- ret = zip_deflate(zip_ops, &zip_state, zip);
+ ret = zip_deflate(zip_ops, zip_state, zip);
if (!ret) {
*dlen = zip_ops->output_len;
memcpy(dst, zip_ops->output, *dlen);
}
-
+ kfree(zip_state);
return ret;
}
@@ -157,7 +160,7 @@ int zip_decompress(const u8 *src, unsign
struct zip_kernel_ctx *zip_ctx)
{
struct zip_operation *zip_ops = NULL;
- struct zip_state zip_state;
+ struct zip_state *zip_state;
struct zip_device *zip = NULL;
int ret;
@@ -168,7 +171,10 @@ int zip_decompress(const u8 *src, unsign
if (!zip)
return -ENODEV;
- memset(&zip_state, 0, sizeof(struct zip_state));
+ zip_state = kzalloc(sizeof(*zip_state), GFP_ATOMIC);
+ if (!zip_state)
+ return -ENOMEM;
+
zip_ops = &zip_ctx->zip_decomp;
memcpy(zip_ops->input, src, slen);
@@ -179,13 +185,13 @@ int zip_decompress(const u8 *src, unsign
zip_ops->input_len = slen;
zip_ops->output_len = *dlen;
- ret = zip_inflate(zip_ops, &zip_state, zip);
+ ret = zip_inflate(zip_ops, zip_state, zip);
if (!ret) {
*dlen = zip_ops->output_len;
memcpy(dst, zip_ops->output, *dlen);
}
-
+ kfree(zip_state);
return ret;
}
next prev parent reply other threads:[~2018-06-14 14:09 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-14 14:04 [PATCH 4.16 00/43] 4.16.16-stable review Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 01/43] netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump() Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 02/43] crypto: chelsio - request to HW should wrap Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 03/43] blkdev_report_zones_ioctl(): Use vmalloc() to allocate large buffers Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 04/43] af_key: Always verify length of provided sadb_key Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 06/43] KVM: x86: introduce linear_{read,write}_system Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 07/43] kvm: nVMX: Enforce cpl=0 for VMX instructions Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 08/43] KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 09/43] staging: android: ion: Switch to pr_warn_once in ion_buffer_destroy Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 10/43] NFC: pn533: dont send USB data off of the stack Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 11/43] usbip: vhci_sysfs: fix potential Spectre v1 Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 12/43] usb-storage: Add support for FL_ALWAYS_SYNC flag in the UAS driver Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 13/43] usb-storage: Add compatibility quirk flags for G-Technologies G-Drive Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 14/43] Input: xpad - add GPD Win 2 Controller USB IDs Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 15/43] phy: qcom-qusb2: Fix crash if nvmem cell not specified Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 16/43] usb: core: message: remove extra endianness conversion in usb_set_isoch_delay Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 17/43] usb: typec: wcove: Remove dependency on HW FSM Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 18/43] usb: gadget: function: printer: avoid wrong list handling in printer_write() Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 19/43] usb: gadget: udc: renesas_usb3: fix double phy_put() Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 20/43] usb: gadget: udc: renesas_usb3: should remove debugfs Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 21/43] usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add udc Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 22/43] usb: gadget: udc: renesas_usb3: should call devm_phy_get() " Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 23/43] usb: gadget: udc: renesas_usb3: should fail if devm_phy_get() returns error Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 24/43] usb: gadget: udc: renesas_usb3: disable the controllers irqs for reconnecting Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 25/43] serial: sh-sci: Stop using printk format %pCr Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 26/43] tty/serial: atmel: use port->name as name in request_irq() Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 27/43] serial: samsung: fix maxburst parameter for DMA transactions Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 28/43] serial: 8250: omap: Fix idling of clocks for unused uarts Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 29/43] vmw_balloon: fixing double free when batching mode is off Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 30/43] tty: pl011: Avoid spuriously stuck-off interrupts Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 31/43] kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 32/43] Input: goodix - add new ACPI id for GPD Win 2 touch screen Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 33/43] Input: elan_i2c - add ELAN0612 (Lenovo v330 14IKB) ACPI ID Greg Kroah-Hartman
2018-06-14 14:04 ` Greg Kroah-Hartman [this message]
2018-06-14 14:04 ` [PATCH 4.16 40/43] crypto: cavium - Limit result reading attempts Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 41/43] crypto: vmx - Remove overly verbose printk from AES init routines Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 42/43] crypto: vmx - Remove overly verbose printk from AES XTS init Greg Kroah-Hartman
2018-06-14 14:04 ` [PATCH 4.16 43/43] crypto: omap-sham - fix memleak Greg Kroah-Hartman
2018-06-14 22:33 ` [PATCH 4.16 00/43] 4.16.16-stable review Shuah Khan
2018-06-15 0:51 ` Naresh Kamboju
2018-06-15 15:19 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180614132137.773280448@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=herbert@gondor.apana.org.au \
--cc=jglauber@cavium.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rrichter@cavium.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox