leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e04a61bebc
linux/drivers/crypto
History
LEROY Christophe e04a61bebc crypto: talitos - fix memory corruption on SEC2 
On SEC2, when using the old descriptors type (hmac snoop no afeu)
for doing IPsec, the CICV out pointeur points out of the allocated
memory.

[    2.502554] =============================================================================
[    2.510740] BUG dma-kmalloc-256 (Not tainted): Redzone overwritten
[    2.516907] -----------------------------------------------------------------------------
[    2.516907]
[    2.526535] Disabling lock debugging due to kernel taint
[    2.531845] INFO: 0xde858108-0xde85810b. First byte 0xf8 instead of 0xcc
[    2.538549] INFO: Allocated in 0x806181a9 age=0 cpu=0 pid=58
[    2.544229] 	__kmalloc+0x374/0x564
[    2.547649] 	talitos_edesc_alloc+0x17c/0x48c
[    2.551929] 	aead_edesc_alloc+0x80/0x154
[    2.555863] 	aead_encrypt+0x30/0xe0
[    2.559368] 	__test_aead+0x5a0/0x1f3c
[    2.563042] 	test_aead+0x2c/0x110
[    2.566371] 	alg_test_aead+0x5c/0xf4
[    2.569958] 	alg_test+0x1dc/0x5a0
[    2.573305] 	cryptomgr_test+0x50/0x70
[    2.576984] 	kthread+0xd8/0x134
[    2.580155] 	ret_from_kernel_thread+0x5c/0x64
[    2.584534] INFO: Freed in ipsec_esp_encrypt_done+0x130/0x240 age=6 cpu=0 pid=0
[    2.591839] 	ipsec_esp_encrypt_done+0x130/0x240
[    2.596395] 	flush_channel+0x1dc/0x488
[    2.600161] 	talitos2_done_4ch+0x30/0x200
[    2.604185] 	tasklet_action+0xa0/0x13c
[    2.607948] 	__do_softirq+0x148/0x6cc
[    2.611623] 	irq_exit+0xc0/0x124
[    2.614869] 	call_do_irq+0x24/0x3c
[    2.618292] 	do_IRQ+0x78/0x108
[    2.621369] 	ret_from_except+0x0/0x14
[    2.625055] 	finish_task_switch+0x58/0x350
[    2.629165] 	schedule+0x80/0x134
[    2.632409] 	schedule_preempt_disabled+0x38/0xc8
[    2.637042] 	cpu_startup_entry+0xe4/0x190
[    2.641074] 	start_kernel+0x3f4/0x408
[    2.644741] 	0x3438
[    2.646857] INFO: Slab 0xdffbdb00 objects=9 used=1 fp=0xde8581c0 flags=0x0080
[    2.653978] INFO: Object 0xde858008 @offset=8 fp=0xca4395df
[    2.653978]
[    2.661032] Redzone de858000: cc cc cc cc cc cc cc cc                          ........
[    2.669029] Object de858008: 00 00 00 02 00 00 00 02 00 6b 6b 6b 1e 83 ea 28  .........kkk...(
[    2.677628] Object de858018: 00 00 00 70 1e 85 80 64 ff 73 1d 21 6b 6b 6b 6b  ...p...d.s.!kkkk
[    2.686228] Object de858028: 00 20 00 00 1e 84 17 24 00 10 00 00 1e 85 70 00  . .....$......p.
[    2.694829] Object de858038: 00 18 00 00 1e 84 17 44 00 08 00 00 1e 83 ea 28  .......D.......(
[    2.703430] Object de858048: 00 80 00 00 1e 84 f0 00 00 80 00 00 1e 85 70 10  ..............p.
[    2.712030] Object de858058: 00 20 6b 00 1e 85 80 f4 6b 6b 6b 6b 00 80 02 00  . k.....kkkk....
[    2.720629] Object de858068: 1e 84 f0 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  ....kkkkkkkkkkkk
[    2.729230] Object de858078: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.737830] Object de858088: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.746429] Object de858098: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.755029] Object de8580a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.763628] Object de8580b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.772229] Object de8580c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.780829] Object de8580d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.789430] Object de8580e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 73 b0 ea 9f  kkkkkkkkkkkks...
[    2.798030] Object de8580f8: e8 18 80 d6 56 38 44 c0 db e3 4f 71 f7 ce d1 d3  ....V8D...Oq....
[    2.806629] Redzone de858108: f8 bd 3e 4f                                      ..>O
[    2.814279] Padding de8581b0: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
[    2.822283] CPU: 0 PID: 0 Comm: swapper Tainted: G    B           4.9.50-g995be12679 #179
[    2.831819] Call Trace:
[    2.834301] [dffefd20] [c01aa9a8] check_bytes_and_report+0x100/0x194 (unreliable)
[    2.841801] [dffefd50] [c01aac3c] check_object+0x200/0x530
[    2.847306] [dffefd80] [c01ae584] free_debug_processing+0x290/0x690
[    2.853585] [dffefde0] [c01aec8c] __slab_free+0x308/0x628
[    2.859000] [dffefe80] [c05057f4] ipsec_esp_encrypt_done+0x130/0x240
[    2.865378] [dffefeb0] [c05002c4] flush_channel+0x1dc/0x488
[    2.870968] [dffeff10] [c05007a8] talitos2_done_4ch+0x30/0x200
[    2.876814] [dffeff30] [c002fe38] tasklet_action+0xa0/0x13c
[    2.882399] [dffeff60] [c002f118] __do_softirq+0x148/0x6cc
[    2.887896] [dffeffd0] [c002f954] irq_exit+0xc0/0x124
[    2.892968] [dffefff0] [c0013adc] call_do_irq+0x24/0x3c
[    2.898213] [c0d4be00] [c000757c] do_IRQ+0x78/0x108
[    2.903113] [c0d4be30] [c0015c08] ret_from_except+0x0/0x14
[    2.908634] --- interrupt: 501 at finish_task_switch+0x70/0x350
[    2.908634]     LR = finish_task_switch+0x58/0x350
[    2.919327] [c0d4bf20] [c085e1d4] schedule+0x80/0x134
[    2.924398] [c0d4bf50] [c085e2c0] schedule_preempt_disabled+0x38/0xc8
[    2.930853] [c0d4bf60] [c007f064] cpu_startup_entry+0xe4/0x190
[    2.936707] [c0d4bfb0] [c096c434] start_kernel+0x3f4/0x408
[    2.942198] [c0d4bff0] [00003438] 0x3438
[    2.946137] FIX dma-kmalloc-256: Restoring 0xde858108-0xde85810b=0xcc
[    2.946137]
[    2.954158] FIX dma-kmalloc-256: Object at 0xde858008 not freed

This patch reworks the handling of the CICV out in order
to properly handle all cases.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-10-12 22:55:23 +08:00
..
amcc crypto: crypto4xx - add aes-gcm support 2017-10-12 22:55:22 +08:00
axis crypto: axis - hide an unused variable 2017-09-22 17:38:19 +08:00
bcm crypto: bcm - pr_err() strings should end with newlines 2017-10-12 22:54:57 +08:00
caam crypto: caam - Use GCM IV size constant 2017-09-22 17:43:09 +08:00
cavium crypto: cavium/nitrox - Fix an error handling path in 'nitrox_probe()' 2017-08-22 14:54:55 +08:00
ccp crypto:ccp - invoke the DMA callback in a standard way 2017-10-07 12:10:30 +08:00
chelsio crypto: chelsio - pr_err() strings should end with newlines 2017-10-12 22:54:55 +08:00
inside-secure crypto: inside-secure - remove null check before kfree 2017-09-22 17:43:25 +08:00
marvell crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
mediatek crypto: mediatek - Use GCM IV size constant 2017-09-22 17:43:12 +08:00
nx crypto: nx - Use GCM IV size constant 2017-09-22 17:43:10 +08:00
qat crypto: qat - pr_err() strings should end with newlines 2017-10-12 22:54:56 +08:00
qce crypto: Use PTR_ERR_ZERO 2017-09-22 17:43:27 +08:00
rockchip crypto: rockchip - Don't dequeue the request when device is busy 2017-08-22 14:54:54 +08:00
stm32 crypto: stm32 - use of_device_get_match_data 2017-10-07 12:10:34 +08:00
sunxi-ss crypto: sun4i-ss - support the Security System PRNG 2017-07-18 17:50:55 +08:00
ux500 crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
virtio crypto: virtio - pr_err() strings should end with newlines 2017-10-12 22:54:52 +08:00
vmx crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
atmel-aes-regs.h crypto: atmel-authenc - add support to authenc(hmac(shaX), Y(aes)) modes 2017-02-03 18:16:14 +08:00
atmel-aes.c crypto: atmel - Use GCM IV size constant 2017-09-22 17:43:12 +08:00
atmel-authenc.h crypto: atmel-authenc - add support to authenc(hmac(shaX), Y(aes)) modes 2017-02-03 18:16:14 +08:00
atmel-ecc.c crypto: atmel-ecc - fix signed integer to u8 assignment 2017-08-03 13:47:23 +08:00
atmel-ecc.h crypto: atmel-ecc - introduce Microchip / Atmel ECC driver 2017-07-18 17:50:58 +08:00
atmel-sha-regs.h crypto: atmel-authenc - add support to authenc(hmac(shaX), Y(aes)) modes 2017-02-03 18:16:14 +08:00
atmel-sha.c crypto: atmel-sha - remove unnecessary static in atmel_sha_remove() 2017-08-03 13:47:16 +08:00
atmel-tdes-regs.h crypto: atmel-tdes - add support for latest release of the IP (0x700) 2013-03-10 16:46:42 +08:00
atmel-tdes.c crypto: atmel-tdes - remove unnecessary static in atmel_tdes_remove() 2017-08-03 13:47:18 +08:00
bfin_crc.c crypto: bfin_crc - Fix format printing warning 2016-12-27 17:50:51 +08:00
bfin_crc.h crypto: bfin_crc - Remove unneeded linux/miscdevice.h include 2016-12-27 17:50:51 +08:00
exynos-rng.c crypto: exynos - Add new Exynos RNG driver 2017-04-21 20:30:46 +08:00
geode-aes.c crypto: geode-aes - fixed coding style warnings and error 2017-07-18 18:15:57 +08:00
geode-aes.h crypto: geode - Consistently use AES_KEYSIZE_128 2014-05-22 21:03:12 +08:00
hifn_795x.c crypto: squash lines for simple wrapper functions 2016-09-13 20:27:26 +08:00
img-hash.c crypto: img-hash - remove unnecessary static in img_hash_remove() 2017-08-03 13:47:18 +08:00
ixp4xx_crypto.c crypto: drop unnecessary return statements 2017-09-22 17:43:28 +08:00
Kconfig crypto: crypto4xx - prepare for AEAD support 2017-10-12 22:55:19 +08:00
Makefile crypto: axis - add ARTPEC-6/7 crypto accelerator driver 2017-08-22 14:54:52 +08:00
mv_cesa.c crypto: Use PTR_ERR_ZERO 2017-09-22 17:43:27 +08:00
mv_cesa.h crypto: mv_cesa - Add missing #define 2014-08-29 21:46:36 +08:00
mxc-scc.c crypto: mxc-scc - fix error code in mxc_scc_probe() 2017-07-18 17:50:54 +08:00
mxs-dcp.c crypto: mxs-dcp - print error message on platform_get_irq failure 2017-07-18 17:50:54 +08:00
n2_asm.S
n2_core.c crypto: n2 - remove null check before kfree 2017-09-22 17:43:25 +08:00
n2_core.h
omap-aes-gcm.c crypto: omap-aes - pr_err() strings should end with newlines 2017-10-12 22:54:51 +08:00
omap-aes.c crypto: omap - use of_device_get_match_data 2017-10-07 12:10:35 +08:00
omap-aes.h crypto: omap-aes - Add support for GCM mode 2017-06-10 12:04:19 +08:00
omap-crypto.c crypto: omap - add base support library for common routines 2017-06-10 12:04:15 +08:00
omap-crypto.h crypto: omap - add base support library for common routines 2017-06-10 12:04:15 +08:00
omap-des.c crypto: omap - use of_device_get_match_data 2017-10-07 12:10:35 +08:00
omap-sham.c crypto: omap - use of_device_get_match_data 2017-10-07 12:10:35 +08:00
padlock-aes.c crypto: padlock-aes - constify x86_cpu_id 2017-09-22 17:43:20 +08:00
padlock-sha.c crypto: padlock-sha - constify x86_cpu_id 2017-09-22 17:43:20 +08:00
picoxcell_crypto_regs.h
picoxcell_crypto.c crypto: picoxcell - Remove spacc_is_compatible() wrapper function 2017-01-13 00:24:41 +08:00
s5p-sss.c crypto: s5p-sss - Document the struct s5p_aes_dev 2017-03-24 22:03:00 +08:00
sahara.c crypto: sahara - constify platform_device_id 2017-08-22 14:54:53 +08:00
talitos.c crypto: talitos - fix memory corruption on SEC2 2017-10-12 22:55:23 +08:00
talitos.h crypto: talitos - add new crypto modes 2015-12-04 22:29:56 +08:00