Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 May 2009 13:23:47 +0000 (UTC)
From:      Rafal Jaworowski <raj@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r192636 - head/sys/opencrypto
Message-ID:  <200905231323.n4NDNl5Z056681@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: raj
Date: Sat May 23 13:23:46 2009
New Revision: 192636
URL: http://svn.freebsd.org/changeset/base/192636

Log:
  Fix cryptodev UIO creation.
  
  Cryptodev uses UIO structure do get data from userspace and pass it to
  cryptographic engines. Initially UIO size is equal to size of data passed to
  engine, but if UIO is prepared for hash calculation an additional small space
  is created to hold result of operation.
  
  While creating space for the result, UIO I/O vector size is correctly
  extended, but uio_resid field in UIO structure is not modified.
  
  As bus_dma code uses uio_resid field to determine size of UIO DMA mapping,
  resulting mapping hasn't correct size. This leads to a crash if all the
  following conditions are met:
  
       1. Hardware cryptographic accelerator writes result of hash operation
          using DMA.
       2. Size of input data is less or equal than (n * PAGE_SIZE),
       3. Size of input data plus size of hash result is grather than
          (n * PAGE_SIZE, where n is the same as in point 2.
  
  This patch fixes this problem by adding size of the extenstion to uio_resid
  field in UIO structure.
  
  Submitted by:	Piotr Ziecik kosmo ! semihalf dot com
  Reviewed by:	philip
  Obtained from:	Semihalf

Modified:
  head/sys/opencrypto/cryptodev.c

Modified: head/sys/opencrypto/cryptodev.c
==============================================================================
--- head/sys/opencrypto/cryptodev.c	Sat May 23 12:44:26 2009	(r192635)
+++ head/sys/opencrypto/cryptodev.c	Sat May 23 13:23:46 2009	(r192636)
@@ -409,8 +409,10 @@ cryptodev_op(
 	cse->uio.uio_rw = UIO_WRITE;
 	cse->uio.uio_td = td;
 	cse->uio.uio_iov[0].iov_len = cop->len;
-	if (cse->thash)
+	if (cse->thash) {
 		cse->uio.uio_iov[0].iov_len += cse->thash->hashsize;
+		cse->uio.uio_resid += cse->thash->hashsize;
+	}
 	cse->uio.uio_iov[0].iov_base = malloc(cse->uio.uio_iov[0].iov_len,
 	    M_XDATA, M_WAITOK);
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905231323.n4NDNl5Z056681>