mirror of
https://github.com/torvalds/linux.git
synced 2024-11-14 16:12:02 +00:00
d41519a69b
On sparc, if we have an alloca() like situation, as is the case with SHASH_DESC_ON_STACK(), we can end up referencing deallocated stack memory. The result can be that the value is clobbered if a trap or interrupt arrives at just the right instruction. It only occurs if the function ends returning a value from that alloca() area and that value can be placed into the return value register using a single instruction. For example, in lib/libcrc32c.c:crc32c() we end up with a return sequence like: return %i7+8 lduw [%o5+16], %o0 ! MEM[(u32 *)__shash_desc.1_10 + 16B], %o5 holds the base of the on-stack area allocated for the shash descriptor. But the return released the stack frame and the register window. So if an intererupt arrives between 'return' and 'lduw', then the value read at %o5+16 can be corrupted. Add a data compiler barrier to work around this problem. This is exactly what the gcc fix will end up doing as well, and it absolutely should not change the code generated for other cpus (unless gcc on them has the same bug :-) With crucial insight from Eric Sandeen. Cc: <stable@vger.kernel.org> Reported-by: Anatoly Pugachev <matorola@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
55 lines
1.2 KiB
C
55 lines
1.2 KiB
C
/*
|
|
* Copyright (C) 2014 Filipe David Borba Manana <fdmanana@gmail.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public
|
|
* License v2 as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*/
|
|
|
|
#include <crypto/hash.h>
|
|
#include <linux/err.h>
|
|
#include "hash.h"
|
|
|
|
static struct crypto_shash *tfm;
|
|
|
|
int __init btrfs_hash_init(void)
|
|
{
|
|
tfm = crypto_alloc_shash("crc32c", 0, 0);
|
|
|
|
return PTR_ERR_OR_ZERO(tfm);
|
|
}
|
|
|
|
const char* btrfs_crc32c_impl(void)
|
|
{
|
|
return crypto_tfm_alg_driver_name(crypto_shash_tfm(tfm));
|
|
}
|
|
|
|
void btrfs_hash_exit(void)
|
|
{
|
|
crypto_free_shash(tfm);
|
|
}
|
|
|
|
u32 btrfs_crc32c(u32 crc, const void *address, unsigned int length)
|
|
{
|
|
SHASH_DESC_ON_STACK(shash, tfm);
|
|
u32 *ctx = (u32 *)shash_desc_ctx(shash);
|
|
u32 retval;
|
|
int err;
|
|
|
|
shash->tfm = tfm;
|
|
shash->flags = 0;
|
|
*ctx = crc;
|
|
|
|
err = crypto_shash_update(shash, address, length);
|
|
BUG_ON(err);
|
|
|
|
retval = *ctx;
|
|
barrier_data(ctx);
|
|
return retval;
|
|
}
|