lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20160505.232239.927667859977554070.davem@davemloft.net>
Date:	Thu, 05 May 2016 23:22:39 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	hagaya@...lanox.com
Cc:	dledford@...hat.com, linux-rdma@...r.kernel.org,
	netdev@...r.kernel.org, okaya@...eaurora.org, timur@...eaurora.org,
	eli@...lanox.com, ogerlitz@...lanox.com, eranbe@...lanox.com,
	yishaih@...lanox.com, talal@...lanox.com, saeedm@...lanox.com
Subject: Re: [PATCH v2 net-next] net/mlx4: Avoid wrong virtual mappings

From: Haggai Abramovsky <hagaya@...lanox.com>
Date: Wed,  4 May 2016 14:50:15 +0300

> The dma_alloc_coherent() function returns a virtual address which can
> be used for coherent access to the underlying memory.  On some
> architectures, like arm64, undefined behavior results if this memory is
> also accessed via virtual mappings that are not coherent.  Because of
> their undefined nature, operations like virt_to_page() return garbage
> when passed virtual addresses obtained from dma_alloc_coherent().  Any
> subsequent mappings via vmap() of the garbage page values are unusable
> and result in bad things like bus errors (synchronous aborts in ARM64
> speak).
> 
> The mlx4 driver contains code that does the equivalent of:
> vmap(virt_to_page(dma_alloc_coherent)), this results in an OOPs when the
> device is opened.
> 
> Prevent Ethernet driver to run this problematic code by forcing it to
> allocate contiguous memory. As for the Infiniband driver, at first we
> are trying to allocate contiguous memory, but in case of failure roll
> back to work with fragmented memory.
> 
> Signed-off-by: Haggai Abramovsky <hagaya@...lanox.com>
> Signed-off-by: Yishai Hadas <yishaih@...lanox.com>
> Reported-by: David Daney <david.daney@...ium.com>
> Tested-by: Sinan Kaya <okaya@...eaurora.org>

Applied, thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ