lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Aug 2018 20:45:28 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org, Tom Lendacky <thomas.lendacky@....com>,
        Brijesh Singh <brijesh.singh@....com>,
        Gary R Hook <gary.hook@....com>,
        Herbert Xu <herbert@...dor.apana.org.au>
Subject: [PATCH 4.18 12/22] crypto: ccp - Fix command completion detection race

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Tom Lendacky <thomas.lendacky@....com>

commit f426d2b20f1cd63818873593031593e15c3db20b upstream.

The wait_event() function is used to detect command completion.  The
interrupt handler will set the wait condition variable when the interrupt
is triggered.  However, the variable used for wait_event() is initialized
after the command has been submitted, which can create a race condition
with the interrupt handler and result in the wait_event() never returning.
Move the initialization of the wait condition variable to just before
command submission.

Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support")
Cc: <stable@...r.kernel.org> # 4.16.x-
Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
Reviewed-by: Brijesh Singh <brijesh.singh@....com>
Acked-by: Gary R Hook <gary.hook@....com>
Acked-by: Gary R Hook <gary.hook@....com>
Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

---
 drivers/crypto/ccp/psp-dev.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -84,8 +84,6 @@ done:
 
 static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg)
 {
-	psp->sev_int_rcvd = 0;
-
 	wait_event(psp->sev_int_queue, psp->sev_int_rcvd);
 	*reg = ioread32(psp->io_regs + PSP_CMDRESP);
 }
@@ -148,6 +146,8 @@ static int __sev_do_cmd_locked(int cmd,
 	iowrite32(phys_lsb, psp->io_regs + PSP_CMDBUFF_ADDR_LO);
 	iowrite32(phys_msb, psp->io_regs + PSP_CMDBUFF_ADDR_HI);
 
+	psp->sev_int_rcvd = 0;
+
 	reg = cmd;
 	reg <<= PSP_CMDRESP_CMD_SHIFT;
 	reg |= PSP_CMDRESP_IOC;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ