From owner-svn-src-head@FreeBSD.ORG Sat May 23 13:23:47 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 71BA5106566B; Sat, 23 May 2009 13:23:47 +0000 (UTC) (envelope-from raj@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 2AB7F8FC12; Sat, 23 May 2009 13:23:47 +0000 (UTC) (envelope-from raj@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n4NDNlnD056682; Sat, 23 May 2009 13:23:47 GMT (envelope-from raj@svn.freebsd.org) Received: (from raj@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n4NDNl5Z056681; Sat, 23 May 2009 13:23:47 GMT (envelope-from raj@svn.freebsd.org) Message-Id: <200905231323.n4NDNl5Z056681@svn.freebsd.org> From: Rafal Jaworowski Date: Sat, 23 May 2009 13:23:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r192636 - head/sys/opencrypto X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2009 13:23:47 -0000 Author: raj Date: Sat May 23 13:23:46 2009 New Revision: 192636 URL: http://svn.freebsd.org/changeset/base/192636 Log: Fix cryptodev UIO creation. Cryptodev uses UIO structure do get data from userspace and pass it to cryptographic engines. Initially UIO size is equal to size of data passed to engine, but if UIO is prepared for hash calculation an additional small space is created to hold result of operation. While creating space for the result, UIO I/O vector size is correctly extended, but uio_resid field in UIO structure is not modified. As bus_dma code uses uio_resid field to determine size of UIO DMA mapping, resulting mapping hasn't correct size. This leads to a crash if all the following conditions are met: 1. Hardware cryptographic accelerator writes result of hash operation using DMA. 2. Size of input data is less or equal than (n * PAGE_SIZE), 3. Size of input data plus size of hash result is grather than (n * PAGE_SIZE, where n is the same as in point 2. This patch fixes this problem by adding size of the extenstion to uio_resid field in UIO structure. Submitted by: Piotr Ziecik kosmo ! semihalf dot com Reviewed by: philip Obtained from: Semihalf Modified: head/sys/opencrypto/cryptodev.c Modified: head/sys/opencrypto/cryptodev.c ============================================================================== --- head/sys/opencrypto/cryptodev.c Sat May 23 12:44:26 2009 (r192635) +++ head/sys/opencrypto/cryptodev.c Sat May 23 13:23:46 2009 (r192636) @@ -409,8 +409,10 @@ cryptodev_op( cse->uio.uio_rw = UIO_WRITE; cse->uio.uio_td = td; cse->uio.uio_iov[0].iov_len = cop->len; - if (cse->thash) + if (cse->thash) { cse->uio.uio_iov[0].iov_len += cse->thash->hashsize; + cse->uio.uio_resid += cse->thash->hashsize; + } cse->uio.uio_iov[0].iov_base = malloc(cse->uio.uio_iov[0].iov_len, M_XDATA, M_WAITOK);