Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp9665pxa; Mon, 3 Aug 2020 20:52:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzOntravssc/qnJ5WfjhpRYvRRx1s4csy7CBFpZ/1gzkBs3K2vZ62zLrJ2HelZZKfTARlJl X-Received: by 2002:a17:907:7251:: with SMTP id ds17mr19492716ejc.289.1596513152549; Mon, 03 Aug 2020 20:52:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596513152; cv=none; d=google.com; s=arc-20160816; b=KKot7K1S/CFlao2TBjR9U0puLLGWnI8rZBbMZLlA/U2Ii13Iz4dPxBx6aRwCVag6fr Wjur1y6XLrFJnrn/NXINNxZSWNW+58aX84IrBiD4yVNGg7gN+N7ccnxTVCnzVgSMlWUo B0XW3SWGLAHlKrExlc3PH62B2ChHlK1h/ENfuyEXLOGZ7aiXA/cZ6RK2rbWPRZmYq0ek oe4Z3hv3yncilixYtJcDUQ61W7PYz/iteN3j+cr38wMxS7Zsu2K5BobRie9UiFb3jnrw BZp4YvOwOkCsNW7Nq43tFfyoo3Blg5PSWeWNCdOoTH313/B2F4rQ5stBxMnfv0Qsc4S4 x/+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=hZlq4QMCQeYY7bx28tcrLpsf6pDq16yXzFwZ08aYfEs=; b=NCAWpVrBaCVxaljtCVMv+caPLyyw3zQw/nqv9IV1/mnb7RtW7SDNbbBbAtmFoqvVPs YlnYhXBMreqlZWS+9CG975Dbvt1I3vHBSvyY1zERIy7M0JiJvf4nmN6VTkkWyfN2qFFN jLLSw7/p79rz7N4w/7U86P+P+ZgJGlhgiT+pELTkwcYwIm/4ZaPHvK3BfTVu3HNIp7V4 0Wxfhk1l2yJqy5LtpZH7eEM4TN2+CSgBCJZ9Q4NRVqsCSllC8J26y0sQg6F+3WNhbvZA h2m0/qKnXA/5bUlTiLwHo84HAs7131UTrpMmNGK0n+2BgvJNa0Byfua0fSdrahZevZvr uy3g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p8si11520631ejf.352.2020.08.03.20.52.08; Mon, 03 Aug 2020 20:52:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729659AbgHDDwE (ORCPT + 99 others); Mon, 3 Aug 2020 23:52:04 -0400 Received: from mail.windriver.com ([147.11.1.11]:53294 "EHLO mail.windriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728713AbgHDDwE (ORCPT ); Mon, 3 Aug 2020 23:52:04 -0400 Received: from ALA-HCA.corp.ad.wrs.com (ala-hca.corp.ad.wrs.com [147.11.189.40]) by mail.windriver.com (8.15.2/8.15.2) with ESMTPS id 0743poUu003488 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 3 Aug 2020 20:51:50 -0700 (PDT) Received: from [128.224.162.157] (128.224.162.157) by ALA-HCA.corp.ad.wrs.com (147.11.189.50) with Microsoft SMTP Server id 14.3.487.0; Mon, 3 Aug 2020 20:51:49 -0700 Subject: Re: [PATCH] crypto: ccp - zero the cmd data after use it To: Herbert Xu CC: Tom Lendacky , Gary Hook , David , , References: <20200803075858.3561-1-liwei.song@windriver.com> <20200803125242.GA7689@gondor.apana.org.au> From: Liwei Song Message-ID: <87ae939b-4983-4e96-cc3d-1aa1d1b3d3ae@windriver.com> Date: Tue, 4 Aug 2020 11:51:47 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 MIME-Version: 1.0 In-Reply-To: <20200803125242.GA7689@gondor.apana.org.au> Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/3/20 20:52, Herbert Xu wrote: > On Mon, Aug 03, 2020 at 03:58:58PM +0800, Liwei Song wrote: >> exist the following assignment in ccp(ignore the force >> convert of the struct) by list_del in ccp_dequeue_cmd(): >> req->__ctx->cmd->entry->next = LIST_POISON1; >> >> after use the req, kzfree(req) can not zero the entry >> entry->next = LIST_POISON1 of the ccp_cmd(cmd) struct >> when this address available as slub freelist pointer, this will cause >> the following "general protection fault" error if some process meet >> this LIST_POISON1 value address when request memory: > > Your description makes no sense. Please rewrite it and explain > the problem properly. The problem here is that the entry of struct ccp_cmd is not zeroed after we use it, If the other process got this address by kmalloc(), this illegal value "LIST_POISON1" will cause "general protection fault" error. Thanks, Liwei. > > Thanks, >