From: Andy Lutomirski Subject: Re: [PATCH] keys/encrypted: Fix two crypto-on-the-stack bugs Date: Tue, 13 Dec 2016 08:40:00 -0800 Message-ID: References: <8c273c9c41f51b34bb3115086f1d776895580637.1481575835.git.luto@kernel.org> <063D6719AE5E284EB5DD2968C1650D6DB023CA99@AcuExch.aculab.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: Andy Lutomirski , "linux-kernel@vger.kernel.org" , "linux-usb@vger.kernel.org" , "dhowells@redhat.com" , "keyrings@vger.kernel.org" , Eric Biggers , "linux-crypto@vger.kernel.org" , Herbert Xu , Stephan Mueller To: David Laight , Joerg Roedel , David Woodhouse , Linus Torvalds , Ingo Molnar Return-path: In-Reply-To: <063D6719AE5E284EB5DD2968C1650D6DB023CA99@AcuExch.aculab.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org [add some people who might know] On Tue, Dec 13, 2016 at 4:20 AM, David Laight wrote: > From: Andy Lutomirski >> Sent: 12 December 2016 20:53 >> The driver put a constant buffer of all zeros on the stack and >> pointed a scatterlist entry at it in two places. This doesn't work >> with virtual stacks. Use a static 16-byte buffer of zeros instead. > ... > > I didn't think you could dma from static data either. According to lib/dma-debug.c, you can't dma to or from kernel text or rodata, but you can dma to or from kernel bss or data. So empty_zero_page should be okay, because it's not rodata right now. But I think this is rather silly. Joerg, Linus, etc: would it be okay to change lib/dma-debug.c to allow DMA *from* rodata? After all, rodata is ordinary memory, is backed by struct page, etc. And DMA from the zero page had better be okay because I think it happens if you mmap some zeros, don't write to them, and then direct I/O them to a device. Then I could also move empty_zero_page to rodata. --Andy