linux

History

LEROY Christophe e04a61bebc crypto: talitos - fix memory corruption on SEC2 On SEC2, when using the old descriptors type (hmac snoop no afeu) for doing IPsec, the CICV out pointeur points out of the allocated memory. [ 2.502554] ============================================================================= [ 2.510740] BUG dma-kmalloc-256 (Not tainted): Redzone overwritten [ 2.516907] ----------------------------------------------------------------------------- [ 2.516907] [ 2.526535] Disabling lock debugging due to kernel taint [ 2.531845] INFO: 0xde858108-0xde85810b. First byte 0xf8 instead of 0xcc [ 2.538549] INFO: Allocated in 0x806181a9 age=0 cpu=0 pid=58 [ 2.544229] __kmalloc+0x374/0x564 [ 2.547649] talitos_edesc_alloc+0x17c/0x48c [ 2.551929] aead_edesc_alloc+0x80/0x154 [ 2.555863] aead_encrypt+0x30/0xe0 [ 2.559368] __test_aead+0x5a0/0x1f3c [ 2.563042] test_aead+0x2c/0x110 [ 2.566371] alg_test_aead+0x5c/0xf4 [ 2.569958] alg_test+0x1dc/0x5a0 [ 2.573305] cryptomgr_test+0x50/0x70 [ 2.576984] kthread+0xd8/0x134 [ 2.580155] ret_from_kernel_thread+0x5c/0x64 [ 2.584534] INFO: Freed in ipsec_esp_encrypt_done+0x130/0x240 age=6 cpu=0 pid=0 [ 2.591839] ipsec_esp_encrypt_done+0x130/0x240 [ 2.596395] flush_channel+0x1dc/0x488 [ 2.600161] talitos2_done_4ch+0x30/0x200 [ 2.604185] tasklet_action+0xa0/0x13c [ 2.607948] __do_softirq+0x148/0x6cc [ 2.611623] irq_exit+0xc0/0x124 [ 2.614869] call_do_irq+0x24/0x3c [ 2.618292] do_IRQ+0x78/0x108 [ 2.621369] ret_from_except+0x0/0x14 [ 2.625055] finish_task_switch+0x58/0x350 [ 2.629165] schedule+0x80/0x134 [ 2.632409] schedule_preempt_disabled+0x38/0xc8 [ 2.637042] cpu_startup_entry+0xe4/0x190 [ 2.641074] start_kernel+0x3f4/0x408 [ 2.644741] 0x3438 [ 2.646857] INFO: Slab 0xdffbdb00 objects=9 used=1 fp=0xde8581c0 flags=0x0080 [ 2.653978] INFO: Object 0xde858008 @offset=8 fp=0xca4395df [ 2.653978] [ 2.661032] Redzone de858000: cc cc cc cc cc cc cc cc ........ [ 2.669029] Object de858008: 00 00 00 02 00 00 00 02 00 6b 6b 6b 1e 83 ea 28 .........kkk...( [ 2.677628] Object de858018: 00 00 00 70 1e 85 80 64 ff 73 1d 21 6b 6b 6b 6b ...p...d.s.!kkkk [ 2.686228] Object de858028: 00 20 00 00 1e 84 17 24 00 10 00 00 1e 85 70 00 . .....$......p. [ 2.694829] Object de858038: 00 18 00 00 1e 84 17 44 00 08 00 00 1e 83 ea 28 .......D.......( [ 2.703430] Object de858048: 00 80 00 00 1e 84 f0 00 00 80 00 00 1e 85 70 10 ..............p. [ 2.712030] Object de858058: 00 20 6b 00 1e 85 80 f4 6b 6b 6b 6b 00 80 02 00 . k.....kkkk.... [ 2.720629] Object de858068: 1e 84 f0 00 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b ....kkkkkkkkkkkk [ 2.729230] Object de858078: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk [ 2.737830] Object de858088: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk [ 2.746429] Object de858098: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk [ 2.755029] Object de8580a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk [ 2.763628] Object de8580b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk [ 2.772229] Object de8580c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk [ 2.780829] Object de8580d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk [ 2.789430] Object de8580e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 73 b0 ea 9f kkkkkkkkkkkks... [ 2.798030] Object de8580f8: e8 18 80 d6 56 38 44 c0 db e3 4f 71 f7 ce d1 d3 ....V8D...Oq.... [ 2.806629] Redzone de858108: f8 bd 3e 4f ..>O [ 2.814279] Padding de8581b0: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ [ 2.822283] CPU: 0 PID: 0 Comm: swapper Tainted: G B 4.9.50-g995be12679 #179 [ 2.831819] Call Trace: [ 2.834301] [dffefd20] [c01aa9a8] check_bytes_and_report+0x100/0x194 (unreliable) [ 2.841801] [dffefd50] [c01aac3c] check_object+0x200/0x530 [ 2.847306] [dffefd80] [c01ae584] free_debug_processing+0x290/0x690 [ 2.853585] [dffefde0] [c01aec8c] __slab_free+0x308/0x628 [ 2.859000] [dffefe80] [c05057f4] ipsec_esp_encrypt_done+0x130/0x240 [ 2.865378] [dffefeb0] [c05002c4] flush_channel+0x1dc/0x488 [ 2.870968] [dffeff10] [c05007a8] talitos2_done_4ch+0x30/0x200 [ 2.876814] [dffeff30] [c002fe38] tasklet_action+0xa0/0x13c [ 2.882399] [dffeff60] [c002f118] __do_softirq+0x148/0x6cc [ 2.887896] [dffeffd0] [c002f954] irq_exit+0xc0/0x124 [ 2.892968] [dffefff0] [c0013adc] call_do_irq+0x24/0x3c [ 2.898213] [c0d4be00] [c000757c] do_IRQ+0x78/0x108 [ 2.903113] [c0d4be30] [c0015c08] ret_from_except+0x0/0x14 [ 2.908634] --- interrupt: 501 at finish_task_switch+0x70/0x350 [ 2.908634] LR = finish_task_switch+0x58/0x350 [ 2.919327] [c0d4bf20] [c085e1d4] schedule+0x80/0x134 [ 2.924398] [c0d4bf50] [c085e2c0] schedule_preempt_disabled+0x38/0xc8 [ 2.930853] [c0d4bf60] [c007f064] cpu_startup_entry+0xe4/0x190 [ 2.936707] [c0d4bfb0] [c096c434] start_kernel+0x3f4/0x408 [ 2.942198] [c0d4bff0] [00003438] 0x3438 [ 2.946137] FIX dma-kmalloc-256: Restoring 0xde858108-0xde85810b=0xcc [ 2.946137] [ 2.954158] FIX dma-kmalloc-256: Object at 0xde858008 not freed This patch reworks the handling of the CICV out in order to properly handle all cases. Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>		2017-10-12 22:55:23 +08:00
..
accessibility
acpi	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
amba
android	ANDROID: binder: don't queue async transactions to thread.	2017-09-01 09:22:50 +02:00
ata	Merge branch 'for-4.14' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata	2017-09-06 22:41:21 -07:00
atm
auxdisplay
base	firmware: Restore support for built-in firmware	2017-09-16 10:58:48 -07:00
bcma
block	The highlights include:	2017-09-12 20:03:53 -07:00
bluetooth
bus	ARM: SoC driver updates for v4.14	2017-09-10 20:40:00 -07:00
cdrom
char	hwrng: core - pr_err() strings should end with newlines	2017-10-12 22:54:49 +08:00
clk	The diff is dominated by the Allwinner A10/A20 SoCs getting converted to	2017-09-13 11:04:14 -07:00
clocksource	Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus	2017-09-15 20:43:33 -07:00
connector
cpufreq	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
cpuidle	Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus	2017-09-15 20:43:33 -07:00
crypto	crypto: talitos - fix memory corruption on SEC2	2017-10-12 22:55:23 +08:00
dax	- Some request-based DM core and DM multipath fixes and cleanups	2017-09-14 13:43:16 -07:00
dca
devfreq
dio
dma	dmaengine updates for 4.14-rc1	2017-09-07 14:03:05 -07:00
dma-buf
edac
eisa
extcon
firewire
firmware	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
fmc
fpga
fsi
gpio	- New Drivers	2017-09-07 13:51:13 -07:00
gpu	amd fixes pull	2017-09-15 17:52:52 -07:00
hid	media updates for v4.14-rc1	2017-09-07 12:53:14 -07:00
hsi
hv	Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2017-09-07 09:25:15 -07:00
hwmon	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
hwspinlock
hwtracing
i2c	i2c: i2c-stm32f7: add driver	2017-09-14 17:34:43 +02:00
ide	Merge branch 'for-4.14/block' of git://git.kernel.dk/linux-block	2017-09-07 11:59:42 -07:00
idle	Power management updates for v4.14-rc1	2017-09-05 12:19:08 -07:00
iio	- New Drivers	2017-09-07 13:51:13 -07:00
infiniband	IB/mlx4: fix sprintf format warning	2017-09-13 18:53:15 -07:00
input	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input	2017-09-16 11:24:26 -07:00
iommu	IOMMU Updates for Linux v4.14	2017-09-09 15:03:24 -07:00
ipack
irqchip	Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus	2017-09-15 20:43:33 -07:00
isdn	isdn: isdnloop: fix logic error in isdnloop_sendbuf	2017-09-07 20:03:54 -07:00
leds	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
lightnvm
macintosh	powerpc/macintosh: constify wf_sensor_ops structures	2017-09-01 16:42:54 +10:00
mailbox	Just behavorial changes to a controller driver:	2017-09-07 13:23:37 -07:00
mcb	Char/Misc drivers for 4.14-rc1	2017-09-05 11:08:17 -07:00
md	- Some request-based DM core and DM multipath fixes and cleanups	2017-09-14 13:43:16 -07:00
media	Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2017-09-14 18:13:32 -07:00
memory	ARM: SoC driver updates for v4.14	2017-09-10 20:40:00 -07:00
memstick
message	scsi: scsi_transport_sas: switch to bsg-lib for SMP passthrough	2017-08-29 21:51:45 -04:00
mfd	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
misc	mm: treewide: remove GFP_TEMPORARY allocation flag	2017-09-13 18:53:16 -07:00
mmc	mmc: renesas_sdhi: Add r8a7743/5 support	2017-09-01 15:31:01 +02:00
mtd	This pull request contains updates for UBI:	2017-09-16 12:08:10 -07:00
mux
net	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2017-09-16 11:28:59 -07:00
nfc
ntb
nubus
nvdimm	- Some request-based DM core and DM multipath fixes and cleanups	2017-09-14 13:43:16 -07:00
nvme	nvme-pci: implement the HMB entry number and size limitations	2017-09-11 12:29:40 -04:00
nvmem
of	dma-mapping updates for 4.14:	2017-09-12 13:30:06 -07:00
oprofile
parisc
parport	Char/Misc drivers for 4.14-rc1	2017-09-05 11:08:17 -07:00
pci	Revert "PCI: Avoid race while enabling upstream bridges"	2017-09-15 01:33:51 -05:00
pcmcia
perf
phy	Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus	2017-09-15 20:43:33 -07:00
pinctrl	pinctrl/amd: save pin registers over suspend/resume	2017-09-12 15:58:45 +02:00
platform	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
pnp	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
power	power supply and reset changes for the v4.14 series	2017-09-09 14:44:39 -07:00
powercap
pps	drivers/pps: use surrounding "if PPS" to remove numerous dependency checks	2017-09-08 18:26:51 -07:00
ps3
ptp
pwm	pwm: Changes for v4.14-rc1	2017-09-11 13:04:32 -07:00
rapidio
ras
regulator	- New Drivers	2017-09-07 13:51:13 -07:00
remoteproc	rpmsg updates for v4.14	2017-09-09 14:34:38 -07:00
reset	Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus	2017-09-15 20:43:33 -07:00
rpmsg	rpmsg: glink: initialize ret to zero to ensure error status check is correct	2017-09-04 10:52:30 -07:00
rtc	RTC for 4.14	2017-09-13 10:56:00 -07:00
s390	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux	2017-09-12 06:01:59 -07:00
sbus
scsi	SCSI misc on 20170913	2017-09-13 10:47:14 -07:00
sfi
sh
sn
soc	Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus	2017-09-15 20:43:33 -07:00
spi	ACPI updates for v4.14-rc1	2017-09-05 12:45:03 -07:00
spmi
ssb
staging	Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2017-09-14 18:54:01 -07:00
target	Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2017-09-14 18:13:32 -07:00
tc
tee
thermal	Merge branches 'thermal-core', 'thermal-soc', 'thermal-intel' and 'const-thermal-zone-structure' into next	2017-09-08 11:20:04 +08:00
thunderbolt	ACPI updates for v4.14-rc1	2017-09-05 12:45:03 -07:00
tty	dmi: Mark all struct dmi_system_id instances const	2017-09-14 11:59:30 +02:00
uio
usb	Merge branch 'work.set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2017-09-14 18:13:32 -07:00
uwb
vfio	vfio: platform: constify amba_id	2017-08-30 14:03:42 -06:00
vhost	lib/interval_tree: fast overlap detection	2017-09-08 18:26:49 -07:00
video	fbdev changes for v4.14:	2017-09-14 13:33:33 -07:00
virt
virtio	SCSI misc on 20170907	2017-09-07 21:11:05 -07:00
vlynq
vme
w1	power supply and reset changes for the v4.14 series	2017-09-09 14:44:39 -07:00
watchdog	Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus	2017-09-15 20:43:33 -07:00
xen	mm: treewide: remove GFP_TEMPORARY allocation flag	2017-09-13 18:53:16 -07:00
zorro
Kconfig
Makefile