Date: Sat, 23 May 2009 13:23:47 +0000 (UTC) From: Rafal Jaworowski <raj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r192636 - head/sys/opencrypto Message-ID: <200905231323.n4NDNl5Z056681@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: raj Date: Sat May 23 13:23:46 2009 New Revision: 192636 URL: http://svn.freebsd.org/changeset/base/192636 Log: Fix cryptodev UIO creation. Cryptodev uses UIO structure do get data from userspace and pass it to cryptographic engines. Initially UIO size is equal to size of data passed to engine, but if UIO is prepared for hash calculation an additional small space is created to hold result of operation. While creating space for the result, UIO I/O vector size is correctly extended, but uio_resid field in UIO structure is not modified. As bus_dma code uses uio_resid field to determine size of UIO DMA mapping, resulting mapping hasn't correct size. This leads to a crash if all the following conditions are met: 1. Hardware cryptographic accelerator writes result of hash operation using DMA. 2. Size of input data is less or equal than (n * PAGE_SIZE), 3. Size of input data plus size of hash result is grather than (n * PAGE_SIZE, where n is the same as in point 2. This patch fixes this problem by adding size of the extenstion to uio_resid field in UIO structure. Submitted by: Piotr Ziecik kosmo ! semihalf dot com Reviewed by: philip Obtained from: Semihalf Modified: head/sys/opencrypto/cryptodev.c Modified: head/sys/opencrypto/cryptodev.c ============================================================================== --- head/sys/opencrypto/cryptodev.c Sat May 23 12:44:26 2009 (r192635) +++ head/sys/opencrypto/cryptodev.c Sat May 23 13:23:46 2009 (r192636) @@ -409,8 +409,10 @@ cryptodev_op( cse->uio.uio_rw = UIO_WRITE; cse->uio.uio_td = td; cse->uio.uio_iov[0].iov_len = cop->len; - if (cse->thash) + if (cse->thash) { cse->uio.uio_iov[0].iov_len += cse->thash->hashsize; + cse->uio.uio_resid += cse->thash->hashsize; + } cse->uio.uio_iov[0].iov_base = malloc(cse->uio.uio_iov[0].iov_len, M_XDATA, M_WAITOK);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905231323.n4NDNl5Z056681>