Message ID | 20210618211411.1167726-2-sean.anderson@seco.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [1/2] crypto: mxs-dcp: Check for DMA mapping errors | expand |
On Fri, Jun 18, 2021 at 05:14:11PM -0400, Sean Anderson wrote: > This uses the sg_miter_*() functions to copy data, instead of doing it > ourselves. Using sg_copy_buffer() would be better, but this way we don't > have to keep traversing the beginning of the scatterlist every time we > do another copy. > > In addition to reducing code size, this fixes the following oops > resulting from failing to kmap the page: Thanks for the patch. Just a minor nit: > @@ -365,25 +364,13 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) > > out_tmp = out_buf; > last_out_len = actx->fill; > - while (dst && actx->fill) { > - if (!split) { > - dst_buf = sg_virt(dst); > - dst_off = 0; > - } > - rem = min(sg_dma_len(dst) - dst_off, > - actx->fill); > - > - memcpy(dst_buf + dst_off, out_tmp, rem); > + > + while (sg_miter_next(&dst_iter) && actx->fill) { > + rem = min(dst_iter.length, actx->fill); This comparison generates a sparse warning due to conflicting types, please fix this and resubmit. Cheers,
On 6/24/21 2:56 AM, Herbert Xu wrote: > On Fri, Jun 18, 2021 at 05:14:11PM -0400, Sean Anderson wrote: >> This uses the sg_miter_*() functions to copy data, instead of doing it >> ourselves. Using sg_copy_buffer() would be better, but this way we don't >> have to keep traversing the beginning of the scatterlist every time we >> do another copy. >> >> In addition to reducing code size, this fixes the following oops >> resulting from failing to kmap the page: > > Thanks for the patch. Just a minor nit: > >> @@ -365,25 +364,13 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) >> >> out_tmp = out_buf; >> last_out_len = actx->fill; >> - while (dst && actx->fill) { >> - if (!split) { >> - dst_buf = sg_virt(dst); >> - dst_off = 0; >> - } >> - rem = min(sg_dma_len(dst) - dst_off, >> - actx->fill); >> - >> - memcpy(dst_buf + dst_off, out_tmp, rem); >> + >> + while (sg_miter_next(&dst_iter) && actx->fill) { >> + rem = min(dst_iter.length, actx->fill); > > This comparison generates a sparse warning due to conflicting types, > please fix this and resubmit. What exactly is the warning here? dst_iter.length is a size_t, and actx->fill is a u32. So fill will be converted to a size_t before the comparison, which is lossless. --Sean
On Thu, Jun 24, 2021 at 10:58:48AM -0400, Sean Anderson wrote: > > What exactly is the warning here? dst_iter.length is a size_t, and > actx->fill is a u32. So fill will be converted to a size_t before the > comparison, which is lossless. It's just the way min works. If you want to shut it up, you can either use a cast or min_t. Thanks,
On 6/24/21 8:16 PM, Herbert Xu wrote: > On Thu, Jun 24, 2021 at 10:58:48AM -0400, Sean Anderson wrote: >> >> What exactly is the warning here? dst_iter.length is a size_t, and >> actx->fill is a u32. So fill will be converted to a size_t before the >> comparison, which is lossless. > > It's just the way min works. If you want to shut it up, you can > either use a cast or min_t. What version of sparse are you using? With sparse 0.6.2, gcc 9.3.0, and with C=1 and W=2 I don't see this warning. --Sean
On Fri, Jun 25, 2021 at 10:49:08AM -0400, Sean Anderson wrote: > > What version of sparse are you using? With sparse 0.6.2, gcc 9.3.0, and > with C=1 and W=2 I don't see this warning. Oh it could be my sparse being out-of-date, I'll get it another go. Thanks,
On Fri, Jun 25, 2021 at 10:49:08AM -0400, Sean Anderson wrote: > > What version of sparse are you using? With sparse 0.6.2, gcc 9.3.0, and > with C=1 and W=2 I don't see this warning. OK I've upgraded my sparse to the latest git tree, but it still gives the same warning, because the two types are of different sizes: $ make C=1 W=1 O=build-compile drivers/crypto/ make[1]: Entering directory '/home/herbert/src/build/kernel/test/build-compile' GEN Makefile CALL ../scripts/checksyscalls.sh CALL ../scripts/atomic/check-atomics.sh CC [M] drivers/crypto/mxs-dcp.o In file included from ../include/linux/kernel.h:15, from ../arch/x86/include/asm/percpu.h:27, from ../arch/x86/include/asm/current.h:6, from ../include/linux/sched.h:12, from ../include/linux/ratelimit.h:6, from ../include/linux/dev_printk.h:16, from ../include/linux/device.h:15, from ../include/linux/dma-mapping.h:7, from ../drivers/crypto/mxs-dcp.c:8: ../drivers/crypto/mxs-dcp.c: In function \u2018mxs_dcp_aes_block_crypt\u2019: ../include/linux/minmax.h:18:28: warning: comparison of distinct pointer types lacks a cast (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) ^~ ../include/linux/minmax.h:32:4: note: in expansion of macro \u2018__typecheck\u2019 (__typecheck(x, y) && __no_side_effects(x, y)) ^~~~~~~~~~~ ../include/linux/minmax.h:42:24: note: in expansion of macro \u2018__safe_cmp\u2019 __builtin_choose_expr(__safe_cmp(x, y), \ ^~~~~~~~~~ ../include/linux/minmax.h:51:19: note: in expansion of macro \u2018__careful_cmp\u2019 #define min(x, y) __careful_cmp(x, y, <) ^~~~~~~~~~~~~ ../drivers/crypto/mxs-dcp.c:369:12: note: in expansion of macro \u2018min\u2019 rem = min(dst_iter.length, actx->fill); ^~~ CHECK ../drivers/crypto/mxs-dcp.c ../drivers/crypto/mxs-dcp.c:369:47: error: incompatible types in comparison expression (different type sizes): ../drivers/crypto/mxs-dcp.c:369:47: unsigned long * ../drivers/crypto/mxs-dcp.c:369:47: unsigned int * make[1]: Leaving directory '/home/herbert/src/build/kernel/test/build-compile' $ In fact as you can see that gcc is warning too. Perhaps you're building on 32-bit? Thanks,
On 6/27/21 11:25 PM, Herbert Xu wrote: > On Fri, Jun 25, 2021 at 10:49:08AM -0400, Sean Anderson wrote: >> >> What version of sparse are you using? With sparse 0.6.2, gcc 9.3.0, and >> with C=1 and W=2 I don't see this warning. > > OK I've upgraded my sparse to the latest git tree, but it still > gives the same warning, because the two types are of different > sizes: > > $ make C=1 W=1 O=build-compile drivers/crypto/ > make[1]: Entering directory '/home/herbert/src/build/kernel/test/build-compile' > GEN Makefile > CALL ../scripts/checksyscalls.sh > CALL ../scripts/atomic/check-atomics.sh > CC [M] drivers/crypto/mxs-dcp.o > In file included from ../include/linux/kernel.h:15, > from ../arch/x86/include/asm/percpu.h:27, > from ../arch/x86/include/asm/current.h:6, > from ../include/linux/sched.h:12, > from ../include/linux/ratelimit.h:6, > from ../include/linux/dev_printk.h:16, > from ../include/linux/device.h:15, > from ../include/linux/dma-mapping.h:7, > from ../drivers/crypto/mxs-dcp.c:8: > ../drivers/crypto/mxs-dcp.c: In function \u2018mxs_dcp_aes_block_crypt\u2019: > ../include/linux/minmax.h:18:28: warning: comparison of distinct pointer types lacks a cast > (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) > ^~ > ../include/linux/minmax.h:32:4: note: in expansion of macro \u2018__typecheck\u2019 > (__typecheck(x, y) && __no_side_effects(x, y)) > ^~~~~~~~~~~ > ../include/linux/minmax.h:42:24: note: in expansion of macro \u2018__safe_cmp\u2019 > __builtin_choose_expr(__safe_cmp(x, y), \ > ^~~~~~~~~~ > ../include/linux/minmax.h:51:19: note: in expansion of macro \u2018__careful_cmp\u2019 > #define min(x, y) __careful_cmp(x, y, <) > ^~~~~~~~~~~~~ > ../drivers/crypto/mxs-dcp.c:369:12: note: in expansion of macro \u2018min\u2019 > rem = min(dst_iter.length, actx->fill); > ^~~ > CHECK ../drivers/crypto/mxs-dcp.c > ../drivers/crypto/mxs-dcp.c:369:47: error: incompatible types in comparison expression (different type sizes): > ../drivers/crypto/mxs-dcp.c:369:47: unsigned long * > ../drivers/crypto/mxs-dcp.c:369:47: unsigned int * > make[1]: Leaving directory '/home/herbert/src/build/kernel/test/build-compile' > $ > > In fact as you can see that gcc is warning too. Perhaps you're > building on 32-bit? Ah, that would be it. Although this module depends on ARCH_MXS || ARCH_MXC and does not (yet) have COMPILE_TEST as an option, so I wonder how you ran into this :) Either way, I will send a v2 with this fixed. > > Thanks, >
diff --git a/drivers/crypto/mxs-dcp.c b/drivers/crypto/mxs-dcp.c index f397cc5bf102..5d2670a70e46 100644 --- a/drivers/crypto/mxs-dcp.c +++ b/drivers/crypto/mxs-dcp.c @@ -300,20 +300,18 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) struct scatterlist *dst = req->dst; struct scatterlist *src = req->src; - const int nents = sg_nents(req->src); + struct sg_mapping_iter dst_iter; const int out_off = DCP_BUF_SZ; uint8_t *in_buf = sdcp->coh->aes_in_buf; uint8_t *out_buf = sdcp->coh->aes_out_buf; - uint8_t *out_tmp, *src_buf, *dst_buf = NULL; - uint32_t dst_off = 0; + uint8_t *out_tmp, *src_buf = NULL; uint32_t last_out_len = 0; uint8_t *key = sdcp->coh->aes_key; int ret = 0; - int split = 0; unsigned int i, len, clen, rem = 0, tlen = 0; int init = 0; bool limit_hit = false; @@ -332,7 +330,8 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) memset(key + AES_KEYSIZE_128, 0, AES_KEYSIZE_128); } - for_each_sg(req->src, src, nents, i) { + sg_miter_start(&dst_iter, dst, sg_nents(dst), SG_MITER_TO_SG); + for_each_sg(req->src, src, sg_nents(src), i) { src_buf = sg_virt(src); len = sg_dma_len(src); tlen += len; @@ -357,7 +356,7 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) * submit the buffer. */ if (actx->fill == out_off || sg_is_last(src) || - limit_hit) { + limit_hit) { ret = mxs_dcp_run_aes(actx, req, init); if (ret) return ret; @@ -365,25 +364,13 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) out_tmp = out_buf; last_out_len = actx->fill; - while (dst && actx->fill) { - if (!split) { - dst_buf = sg_virt(dst); - dst_off = 0; - } - rem = min(sg_dma_len(dst) - dst_off, - actx->fill); - - memcpy(dst_buf + dst_off, out_tmp, rem); + + while (sg_miter_next(&dst_iter) && actx->fill) { + rem = min(dst_iter.length, actx->fill); + + memcpy(dst_iter.addr, out_tmp, rem); out_tmp += rem; - dst_off += rem; actx->fill -= rem; - - if (dst_off == sg_dma_len(dst)) { - dst = sg_next(dst); - split = 0; - } else { - split = 1; - } } } } while (len); @@ -391,6 +378,7 @@ static int mxs_dcp_aes_block_crypt(struct crypto_async_request *arq) if (limit_hit) break; } + sg_miter_stop(&dst_iter); /* Copy the IV for CBC for chaining */ if (!rctx->ecb) {
This uses the sg_miter_*() functions to copy data, instead of doing it ourselves. Using sg_copy_buffer() would be better, but this way we don't have to keep traversing the beginning of the scatterlist every time we do another copy. In addition to reducing code size, this fixes the following oops resulting from failing to kmap the page: [ 68.896381] Unable to handle kernel NULL pointer dereference at virtual address 00000ab8 [ 68.904539] pgd = 3561adb3 [ 68.907475] [00000ab8] *pgd=00000000 [ 68.911153] Internal error: Oops: 805 [#1] ARM [ 68.915618] Modules linked in: cfg80211 rfkill des_generic libdes arc4 libarc4 cbc ecb algif_skcipher sha256_generic libsha256 sha1_generic hmac aes_generic libaes cmac sha512_generic md5 md4 algif_hash af_alg i2c_imx i2c_core ci_hdrc_imx ci_hdrc mxs_dcp ulpi roles udc_core imx_sdma usbmisc_imx usb_common firmware_class virt_dma phy_mxs_usb nf_tables nfnetlink ip_tables x_tables ipv6 autofs4 [ 68.950741] CPU: 0 PID: 139 Comm: mxs_dcp_chan/ae Not tainted 5.10.34 #296 [ 68.958501] Hardware name: Freescale i.MX6 Ultralite (Device Tree) [ 68.964710] PC is at memcpy+0xa8/0x330 [ 68.968479] LR is at 0xd7b2bc9d [ 68.971638] pc : [<c053e7c8>] lr : [<d7b2bc9d>] psr: 000f0013 [ 68.977920] sp : c2cbbee4 ip : 00000010 fp : 00000010 [ 68.983159] r10: 00000000 r9 : c3283a40 r8 : 1a5a6f08 [ 68.988402] r7 : 4bfe0ecc r6 : 76d8a220 r5 : c32f9050 r4 : 00000001 [ 68.994945] r3 : 00000ab8 r2 : fffffff0 r1 : c32f9050 r0 : 00000ab8 [ 69.001492] Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 69.008646] Control: 10c53c7d Table: 83664059 DAC: 00000051 [ 69.014414] Process mxs_dcp_chan/ae (pid: 139, stack limit = 0x667b57ab) [ 69.021133] Stack: (0xc2cbbee4 to 0xc2cbc000) [ 69.025519] bee0: c32f9050 c3235408 00000010 00000010 00000ab8 00000001 bf10406c [ 69.033720] bf00: 00000000 00000000 00000010 00000000 c32355d0 832fb080 00000000 c13de2fc [ 69.041921] bf20: c3628010 00000010 c33d5780 00000ab8 bf1067e8 00000002 c21e5010 c2cba000 [ 69.050125] bf40: c32f8040 00000000 bf106a40 c32f9040 c3283a80 00000001 bf105240 c3234040 [ 69.058327] bf60: ffffe000 c3204100 c2c69800 c2cba000 00000000 bf103b84 00000000 c2eddc54 [ 69.066530] bf80: c3204144 c0140d1c c2cba000 c2c69800 c0140be8 00000000 00000000 00000000 [ 69.074730] bfa0: 00000000 00000000 00000000 c0100114 00000000 00000000 00000000 00000000 [ 69.082932] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 69.091131] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000 [ 69.099364] [<c053e7c8>] (memcpy) from [<bf10406c>] (dcp_chan_thread_aes+0x4e8/0x840 [mxs_dcp]) [ 69.108117] [<bf10406c>] (dcp_chan_thread_aes [mxs_dcp]) from [<c0140d1c>] (kthread+0x134/0x160) [ 69.116941] [<c0140d1c>] (kthread) from [<c0100114>] (ret_from_fork+0x14/0x20) [ 69.124178] Exception stack(0xc2cbbfb0 to 0xc2cbbff8) [ 69.129250] bfa0: 00000000 00000000 00000000 00000000 [ 69.137450] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 69.145648] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 69.152289] Code: e320f000 e4803004 e4804004 e4805004 (e4806004) Signed-off-by: Sean Anderson <sean.anderson@seco.com> --- drivers/crypto/mxs-dcp.c | 34 +++++++++++----------------------- 1 file changed, 11 insertions(+), 23 deletions(-)