Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_NEOMUTT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87BE0C282D8 for ; Fri, 1 Feb 2019 06:51:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 62ABB20B1F for ; Fri, 1 Feb 2019 06:51:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728378AbfBAGv4 (ORCPT ); Fri, 1 Feb 2019 01:51:56 -0500 Received: from orcrist.hmeau.com ([104.223.48.154]:57090 "EHLO deadmen.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725763AbfBAGvz (ORCPT ); Fri, 1 Feb 2019 01:51:55 -0500 Received: from gondobar.mordor.me.apana.org.au ([192.168.128.4] helo=gondobar) by deadmen.hmeau.com with esmtps (Exim 4.89 #2 (Debian)) id 1gpSg4-0000Gh-DD; Fri, 01 Feb 2019 14:51:52 +0800 Received: from herbert by gondobar with local (Exim 4.89) (envelope-from ) id 1gpSg4-0005p0-9X; Fri, 01 Feb 2019 14:51:52 +0800 Date: Fri, 1 Feb 2019 14:51:52 +0800 From: Herbert Xu To: Horia =?utf-8?Q?Geant=C4=83?= Cc: Roland Hieber , "David S. Miller" , Aymen Sghaier , linux-crypto@vger.kernel.org, Pengutronix Kernel Team Subject: Re: [PATCH v2 2/2] crypto: caam - fix DMA mapping of stack memory Message-ID: <20190201065152.lii5qhftm3dtgwbl@gondor.apana.org.au> References: <20190126180215.9842-1-horia.geanta@nxp.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20190126180215.9842-1-horia.geanta@nxp.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Sat, Jan 26, 2019 at 08:02:15PM +0200, Horia Geantă wrote: > Roland reports the following issue and provides a root cause analysis: > > "On a v4.19 i.MX6 system with IMA and CONFIG_DMA_API_DEBUG enabled, a > warning is generated when accessing files on a filesystem for which IMA > measurement is enabled: > > ------------[ cut here ]------------ > WARNING: CPU: 0 PID: 1 at kernel/dma/debug.c:1181 check_for_stack.part.9+0xd0/0x120 > caam_jr 2101000.jr0: DMA-API: device driver maps memory from stack [addr=b668049e] > Modules linked in: > CPU: 0 PID: 1 Comm: switch_root Not tainted 4.19.0-20181214-1 #2 > Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) > Backtrace: > [] (dump_backtrace) from [] (show_stack+0x20/0x24) > [] (show_stack) from [] (dump_stack+0xa0/0xcc) > [] (dump_stack) from [] (__warn+0xf0/0x108) > [] (__warn) from [] (warn_slowpath_fmt+0x58/0x74) > [] (warn_slowpath_fmt) from [] (check_for_stack.part.9+0xd0/0x120) > [] (check_for_stack.part.9) from [] (debug_dma_map_page+0x144/0x174) > [] (debug_dma_map_page) from [] (ahash_final_ctx+0x5b4/0xcf0) > [] (ahash_final_ctx) from [] (ahash_final+0x1c/0x20) > [] (ahash_final) from [] (crypto_ahash_op+0x38/0x80) > [] (crypto_ahash_op) from [] (crypto_ahash_final+0x20/0x24) > [] (crypto_ahash_final) from [] (ima_calc_file_hash+0x29c/0xa40) > [] (ima_calc_file_hash) from [] (ima_collect_measurement+0x1dc/0x240) > [] (ima_collect_measurement) from [] (process_measurement+0x4c4/0x6b8) > [] (process_measurement) from [] (ima_file_check+0x88/0xa4) > [] (ima_file_check) from [] (path_openat+0x5d8/0x1364) > [] (path_openat) from [] (do_filp_open+0x84/0xf0) > [] (do_filp_open) from [] (do_open_execat+0x84/0x1b0) > [] (do_open_execat) from [] (__do_execve_file+0x43c/0x890) > [] (__do_execve_file) from [] (sys_execve+0x44/0x4c) > [] (sys_execve) from [] (ret_fast_syscall+0x0/0x28) > ---[ end trace 3455789a10e3aefd ]--- > > The cause is that the struct ahash_request *req is created as a > stack-local variable up in the stack (presumably somewhere in the IMA > implementation), then passed down into the CAAM driver, which tries to > dma_single_map the req->result (indirectly via map_seq_out_ptr_result) > in order to make that buffer available for the CAAM to store the result > of the following hash operation. > > The calling code doesn't know how req will be used by the CAAM driver, > and there could be other such occurrences where stack memory is passed > down to the CAAM driver. Therefore we should rather fix this issue in > the CAAM driver where the requirements are known." > > Fix this problem by: > -instructing the crypto engine to write the final hash in state->caam_ctx > -subsequently memcpy-ing the final hash into req->result > > Cc: # v4.19+ > Reported-by: Roland Hieber > Signed-off-by: Horia Geantă > --- > drivers/crypto/caam/caamhash.c | 85 +++++++++++------------------------------- > 1 file changed, 21 insertions(+), 64 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt