mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-28 07:13:34 +00:00
Code Issues Releases Wiki Activity
linux-stable/lib
History
Halil Pasic 971e5dadff swiotlb: fix info leak with DMA_FROM_DEVICE 
commit ddbd89deb7 upstream.

The problem I'm addressing was discovered by the LTP test covering
cve-2018-1000204.

A short description of what happens follows:
1) The test case issues a command code 00 (TEST UNIT READY) via the SG_IO
   interface with: dxfer_len == 524288, dxdfer_dir == SG_DXFER_FROM_DEV
   and a corresponding dxferp. The peculiar thing about this is that TUR
   is not reading from the device.
2) In sg_start_req() the invocation of blk_rq_map_user() effectively
   bounces the user-space buffer. As if the device was to transfer into
   it. Since commit a45b599ad8 ("scsi: sg: allocate with __GFP_ZERO in
   sg_build_indirect()") we make sure this first bounce buffer is
   allocated with GFP_ZERO.
3) For the rest of the story we keep ignoring that we have a TUR, so the
   device won't touch the buffer we prepare as if the we had a
   DMA_FROM_DEVICE type of situation. My setup uses a virtio-scsi device
   and the  buffer allocated by SG is mapped by the function
   virtqueue_add_split() which uses DMA_FROM_DEVICE for the "in" sgs (here
   scatter-gather and not scsi generics). This mapping involves bouncing
   via the swiotlb (we need swiotlb to do virtio in protected guest like
   s390 Secure Execution, or AMD SEV).
4) When the SCSI TUR is done, we first copy back the content of the second
   (that is swiotlb) bounce buffer (which most likely contains some
   previous IO data), to the first bounce buffer, which contains all
   zeros.  Then we copy back the content of the first bounce buffer to
   the user-space buffer.
5) The test case detects that the buffer, which it zero-initialized,
  ain't all zeros and fails.

One can argue that this is an swiotlb problem, because without swiotlb
we leak all zeros, and the swiotlb should be transparent in a sense that
it does not affect the outcome (if all other participants are well
behaved).

Copying the content of the original buffer into the swiotlb buffer is
the only way I can think of to make swiotlb transparent in such
scenarios. So let's do just that if in doubt, but allow the driver
to tell us that the whole mapped buffer is going to be overwritten,
in which case we can preserve the old behavior and avoid the performance
impact of the extra bounce.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
[OP: backport to 4.14: apply swiotlb_tbl_map_single() changes in lib/swiotlb.c]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-05-25 08:41:22 +02:00
..
842 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fonts Fonts: Replace discarded const qualifier 2020-11-10 10:29:03 +01:00
lz4 lib/lz4: make arrays static const, reduces object code size 2017-10-03 17:54:25 -07:00
lzo License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mpi lib/mpi: Fix 64-bit MIPS build with Clang 2020-06-20 10:25:10 +02:00
raid6 lib/raid6/test: fix multiple definition linking error 2022-04-20 09:08:12 +02:00
reed_solomon rslib: Fix handling of of caller provided syndrome 2019-07-31 07:28:30 +02:00
xz lib/xz: Validate the value before assigning it to an enum variable 2021-11-26 11:40:28 +01:00
zlib_deflate
zlib_inflate lib/zlib: remove outdated and incorrect pre-increment optimization 2020-06-25 15:41:57 +02:00
zstd lib: Add zstd modules 2017-08-15 09:02:08 -07:00
.gitignore
argv_split.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
asn1_decoder.c ASN.1: check for error from ASN1_OP_END__ACT actions 2017-12-14 09:52:52 +01:00
assoc_array.c assoc_array: Fix shortcut creation 2019-03-23 14:35:14 +01:00
atomic64.c
atomic64_test.c lib/atomic64_test.c: add a test that atomic64_inc_not_zero() returns an int 2017-07-14 15:05:13 -07:00
audit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bcd.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bch.c
bitmap.c bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free() 2020-01-29 15:02:39 +01:00
bitrev.c
bsearch.c kprobes: Prohibit probing on bsearch() 2019-04-05 22:31:33 +02:00
btree.c
bug.c bug: Remove redundant condition check in report_bug 2021-05-22 10:57:32 +02:00
build_OID_registry
bust_spinlocks.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
chacha20.c
check_signature.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
checksum.c
clz_ctz.c
clz_tab.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cmdline.c lib/cmdline.c: remove meaningless comment 2017-09-08 18:26:49 -07:00
compat_audit.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cordic.c
cpu_rmap.c
cpumask.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
crc-ccitt.c
crc-itu-t.c
crc-t10dif.c
crc4.c lib: Add crc4 module 2017-06-09 11:52:07 +02:00
crc7.c
crc8.c
crc16.c
crc32.c lib/crc32.c: fix trivial typo in preprocessor condition 2020-10-29 09:07:10 +01:00
crc32defs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
crc32test.c lib/crc32test: remove extra local_irq_disable/enable 2020-11-10 10:29:04 +01:00
ctype.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debug_info.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debug_locks.c locking/lockdep: Fix debug_locks off performance problem 2018-11-13 11:14:51 -08:00
debugobjects.c debugobjects: avoid recursive calls with kmemleak 2018-12-17 09:28:54 +01:00
dec_and_lock.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
decompress.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
decompress_bunzip2.c
decompress_inflate.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
decompress_unlz4.c lib/decompress_unlz4.c: correctly handle zero-padding around initrds. 2021-07-20 16:17:51 +02:00
decompress_unlzma.c
decompress_unlzo.c
decompress_unxz.c lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression 2021-11-26 11:40:28 +01:00
devres.c devres: allow const resource arguments 2020-01-27 14:46:39 +01:00
digsig.c lib/digsig: fix dereference of NULL user_key_payload 2017-10-12 17:16:40 +01:00
div64.c lib/div64.c: off by one in shift 2019-04-20 09:15:07 +02:00
dma-debug.c dma-debug: add a schedule point in debug_dma_dump_mappings() 2020-01-04 13:59:39 +01:00
dma-noop.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dma-virt.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dump_stack.c dump_stack: avoid the livelock of the dump_lock 2019-11-12 19:18:01 +01:00
dynamic_debug.c dyndbg: fix a BUG_ON in ddebug_describe_flags 2020-08-21 09:48:06 +02:00
dynamic_queue_limits.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
earlycpio.c
errseq.c errseq: Always report a writeback error once 2018-05-09 09:51:54 +02:00
extable.c lib/extable.c: use bsearch() library function in search_extable() 2017-07-10 16:32:35 -07:00
fault-inject.c fault-inject: fix wrong should_fail() decision in task context 2017-08-10 15:54:06 -07:00
fdt.c
fdt_empty_tree.c
fdt_ro.c
fdt_rw.c
fdt_strerror.c
fdt_sw.c
fdt_wip.c
find_bit.c uapi: rename ext2_swab() to swab() and share globally in swab.h 2020-04-24 08:00:31 +02:00
flex_array.c
flex_proportions.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gcd.c
gen_crc32table.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
genalloc.c lib/genalloc: fix the overflow when size is too big 2021-01-12 20:09:06 +01:00
glob.c lib: add module support to glob tests 2017-02-24 17:46:57 -08:00
globtest.c lib: add module support to glob tests 2017-02-24 17:46:57 -08:00
hexdump.c hex2bin: fix access beyond string end 2022-05-12 12:17:06 +02:00
hweight.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
idr.c idr: Fix idr_get_next race with idr_remove 2019-11-24 08:22:46 +01:00
inflate.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
int_sqrt.c lib/int_sqrt: optimize initial value compute 2019-04-05 22:31:24 +02:00
interval_tree.c
interval_tree_test.c lib/rbtree-test: lower default params 2018-12-17 09:28:55 +01:00
iomap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iomap_copy.c
iommu-common.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
iommu-helper.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ioremap.c ioremap: Update pgtable free interfaces with addr 2018-08-17 21:01:11 +02:00
iov_iter.c lib/iov_iter: initialize "flags" in new pipe_buffer 2022-02-23 11:57:35 +01:00
irq_poll.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
irq_regs.c
is_single_threaded.c sched/headers: Prepare to move 'init_task' and 'init_thread_union' from <linux/sched.h> to <linux/sched/task.h> 2017-03-02 08:42:38 +01:00
jedec_ddr_data.c
kasprintf.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE 2022-03-23 09:01:34 +01:00
Kconfig.debug ARM: 8800/1: use choice for kernel unwinders 2021-12-22 09:18:01 +01:00
Kconfig.kasan kasan: rework Kconfig settings 2018-02-16 20:23:04 +01:00
Kconfig.kgdb lib: update location of kgdb documentation 2017-05-16 08:44:22 -03:00
Kconfig.ubsan
kfifo.c Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" 2020-01-27 14:46:44 +01:00
klist.c scsi: klist: Make it safe to use klists in atomic context 2018-10-03 17:00:48 -07:00
kobject.c kobject: Replace strncpy with memcpy 2018-12-08 13:03:35 +01:00
kobject_uevent.c kobject_uevent: remove warning in init_uevent_argv() 2021-05-22 10:57:41 +02:00
kstrtox.c lib: vsprintf: Fix handling of number field widths in vsscanf 2021-07-20 16:17:33 +02:00
kstrtox.h lib: vsprintf: Fix handling of number field widths in vsscanf 2021-07-20 16:17:33 +02:00
lcm.c
libcrc32c.c crypto: Work around deallocated stack frame reference gcc bug on sparc. 2017-06-08 17:36:03 +08:00
list_debug.c bug: switch data corruption check to __must_check 2017-02-24 17:46:56 -08:00
list_sort.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
llist.c
locking-selftest-hardirq.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest-mutex.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest-rlock-hardirq.h
locking-selftest-rlock-softirq.h
locking-selftest-rlock.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest-rsem.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest-rtmutex.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest-softirq.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest-spin-hardirq.h
locking-selftest-spin-softirq.h
locking-selftest-spin.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest-wlock-hardirq.h
locking-selftest-wlock-softirq.h
locking-selftest-wlock.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest-wsem.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
locking-selftest.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
lockref.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
lru_cache.c
Makefile ubsan: build ubsan.c more conservatively 2020-05-27 16:43:08 +02:00
memory-notifier-error-inject.c
memweight.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
net_utils.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netdev-notifier-error-inject.c
nlattr.c net: fix nla_strcmp to handle more then one trailing null character 2021-05-22 10:57:39 +02:00
nmi_backtrace.c printk/nmi: Prevent deadlock when accessing the main log buffer in NMI 2018-09-05 09:26:35 +02:00
nodemask.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
notifier-error-inject.c
notifier-error-inject.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
of-reconfig-notifier-error-inject.c
oid_registry.c 509: fix printing uninitialized stack memory when OID is empty 2018-02-25 11:08:01 +01:00
once.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
parman.c lib: Introduce priority array area manager 2017-02-03 16:35:42 -05:00
parser.c
pci_iomap.c
percpu-refcount.c percpu-refcount: support synchronous switch to atomic mode. 2017-03-22 19:18:43 -07:00
percpu_counter.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
percpu_ida.c sched/headers: Prepare to remove the <linux/gfp.h> include from <linux/sched.h> 2017-03-02 08:42:34 +01:00
percpu_test.c
plist.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/clock.h> 2017-03-02 08:42:27 +01:00
pm-notifier-error-inject.c
prime_numbers.c
radix-tree.c idr: Fix idr_alloc_u32 on 32-bit systems 2019-12-05 15:36:53 +01:00
random32.c random32: make prandom_u32() output unpredictable 2020-11-18 18:28:00 +01:00
ratelimit.c lib/ratelimit.c: use deferred printk() version 2017-10-03 17:54:26 -07:00
rational.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rbtree.c rbtree: add some additional comments for rebalancing cases 2017-09-08 18:26:48 -07:00
rbtree_test.c lib/rbtree-test: lower default params 2018-12-17 09:28:55 +01:00
reciprocal_div.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
refcount.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rhashtable.c rhashtable: Still do rehash when we get EEXIST 2019-04-03 06:25:09 +02:00
sbitmap.c sbitmap: fix improper use of smp_mb__before_atomic() 2019-05-31 06:47:10 -07:00
scatterlist.c sgl_alloc_order: fix memory leak 2020-11-05 11:06:58 +01:00
seq_buf.c seq_buf: Fix overflow in seq_buf_putmem_hex() 2021-07-20 16:17:47 +02:00
sg_pool.c
sg_split.c
sha1.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
show_mem.c lib/show_mem.c: teach show_mem to work with the given nodemask 2017-02-22 16:41:30 -08:00
siphash.c siphash: use _unaligned version by default 2021-12-08 08:46:55 +01:00
smp_processor_id.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sort.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stackdepot.c lib: stackdepot: turn depot_lock spinlock to raw_spinlock 2021-05-22 10:57:43 +02:00
stmp_device.c
string.c lib/string: Add strscpy_pad() function 2021-02-23 14:00:30 +01:00
string_helpers.c mm: treewide: remove GFP_TEMPORARY allocation flag 2017-09-13 18:53:16 -07:00
strncpy_from_user.c lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() 2020-06-20 10:24:58 +02:00
strnlen_user.c lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() 2020-06-20 10:24:58 +02:00
swiotlb.c swiotlb: fix info leak with DMA_FROM_DEVICE 2022-05-25 08:41:22 +02:00
syscall.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
test-kstrtox.c
test-string_helpers.c
test_bitmap.c lib/test_bitmap.c: fix bitmap optimisation tests to report errors correctly 2018-05-22 18:53:58 +02:00
test_bpf.c bpf: add also cbpf long jump test cases with heavy expansion 2021-10-17 10:08:32 +02:00
test_debug_virtual.c lib: fix build failure in CONFIG_DEBUG_VIRTUAL test 2019-01-13 10:01:07 +01:00
test_firmware.c test_firmware: fix a memory leak bug 2019-08-16 10:13:55 +02:00
test_hash.c
test_hexdump.c test_hexdump: use memcpy instead of strncpy 2018-12-08 13:03:35 +01:00
test_kasan.c lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() 2020-02-14 16:32:08 -05:00
test_kmod.c lib/test: use after free in register_test_dev_kmod() 2022-04-20 09:08:21 +02:00
test_list_sort.c lib: add module support to linked list sorting tests 2017-05-08 17:15:10 -07:00
test_module.c
test_parman.c lib: fix spelling mistake: "actualy" -> "actually" 2017-02-26 11:03:38 -05:00
test_printf.c
test_rhashtable.c lib: test_rhashtable: Fix KASAN warning 2017-07-25 12:35:23 -07:00
test_siphash.c
test_sort.c Revert "lib/test_sort.c: make it explicitly non-modular" 2017-05-08 17:15:10 -07:00
test_static_key_base.c
test_static_keys.c
test_sysctl.c test_sysctl: test against int proc_dointvec() array support 2017-07-12 16:26:00 -07:00
test_user_copy.c lib: remove check for AVR32 arch in test_user_copy 2017-05-01 09:36:30 +02:00
test_uuid.c uuid: fix incorrect uuid_equal conversion in test_uuid_test 2017-07-21 09:38:30 +02:00
textsearch.c
timerqueue.c lib/timerqueue: Rely on rbtree semantics for next timer 2021-10-09 14:09:46 +02:00
ts_bm.c
ts_fsm.c textsearch: fix typos in library helpers 2017-10-22 03:14:07 +01:00
ts_kmp.c textsearch: fix typos in library helpers 2017-10-22 03:14:07 +01:00
ubsan.c ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings 2019-05-10 17:53:08 +02:00
ubsan.h lib/ubsan: add type mismatch handler for new GCC/Clang 2018-02-16 20:23:09 +01:00
ucs2_string.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
usercopy.c Fix misannotated out-of-line _copy_to_user() 2018-03-19 08:42:56 +01:00
uuid.c uuid: hoist uuid_is_null() helper from libnvdimm 2017-06-05 16:59:05 +02:00
vsprintf.c lib: vsprintf: Fix handling of number field widths in vsscanf 2021-07-20 16:17:33 +02:00
win_minmax.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xxhash.c lib: Add xxhash module 2017-08-15 09:02:07 -07:00