- 27 Jan, 2009 2 commits
-
-
Jarod Wilson authored
Its a valid use case to have null associated data in a ccm vector, but this case isn't being handled properly right now. The following ccm decryption/verification test vector, using the rfc4309 implementation regularly triggers a panic, as will any other vector with null assoc data: * key: ab2f8a74b71cd2b1ff802e487d82f8b9 * iv: c6fb7d800d13abd8a6b2d8 * Associated Data: [NULL] * Tag Length: 8 * input: d5e8939fc7892e2b The resulting panic looks like so: Unable to handle kernel paging request at ffff810064ddaec0 RIP: [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6 PGD 8063 PUD 0 Oops: 0002 [1] SMP last sysfs file: /module/libata/version CPU 0 Modules linked in: crypto_tester_kmod(U) seqiv krng ansi_cprng chainiv rng ctr aes_generic aes_x86_64 ccm cryptomgr testmgr_cipher testmgr aead crypto_blkcipher crypto_a lgapi des ipv6 xfrm_nalgo crypto_api autofs4 hidp l2cap bluetooth nfs lockd fscache nfs_acl sunrpc ip_conntrack_netbios_ns ipt_REJECT xt_state ip_conntrack nfnetlink xt_ tcpudp iptable_filter ip_tables x_tables dm_mirror dm_log dm_multipath scsi_dh dm_mod video hwmon backlight sbs i2c_ec button battery asus_acpi acpi_memhotplug ac lp sg snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss joydev snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss ide_cd snd_pcm floppy parport_p c shpchp e752x_edac snd_timer e1000 i2c_i801 edac_mc snd soundcore snd_page_alloc i2c_core cdrom parport serio_raw pcspkr ata_piix libata sd_mod scsi_mod ext3 jbd uhci_h cd ohci_hcd ehci_hcd Pid: 12844, comm: crypto-tester Tainted: G 2.6.18-128.el5.fips1 #1 RIP: 0010:[<ffffffff8864c4d7>] [<ffffffff8864c4d7>] :ccm:get_data_to_compute+0x1a6/0x1d6 RSP: 0018:ffff8100134434e8 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8100104898b0 RCX: ffffffffab6aea10 RDX: 0000000000000010 RSI: ffff8100104898c0 RDI: ffff810064ddaec0 RBP: 0000000000000000 R08: ffff8100104898b0 R09: 0000000000000000 R10: ffff8100103bac84 R11: ffff8100104898b0 R12: ffff810010489858 R13: ffff8100104898b0 R14: ffff8100103bac00 R15: 0000000000000000 FS: 00002ab881adfd30(0000) GS:ffffffff803ac000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: ffff810064ddaec0 CR3: 0000000012a88000 CR4: 00000000000006e0 Process crypto-tester (pid: 12844, threadinfo ffff810013442000, task ffff81003d165860) Stack: ffff8100103bac00 ffff8100104898e8 ffff8100134436f8 ffffffff00000000 0000000000000000 ffff8100104898b0 0000000000000000 ffff810010489858 0000000000000000 ffff8100103bac00 ffff8100134436f8 ffffffff8864c634 Call Trace: [<ffffffff8864c634>] :ccm:crypto_ccm_auth+0x12d/0x140 [<ffffffff8864cf73>] :ccm:crypto_ccm_decrypt+0x161/0x23a [<ffffffff88633643>] :crypto_tester_kmod:cavs_test_rfc4309_ccm+0x4a5/0x559 [...] The above is from a RHEL5-based kernel, but upstream is susceptible too. The fix is trivial: in crypto/ccm.c:crypto_ccm_auth(), pctx->ilen contains whatever was in memory when pctx was allocated if assoclen is 0. The tested fix is to simply add an else clause setting pctx->ilen to 0 for the assoclen == 0 case, so that get_data_to_compute() doesn't try doing things its not supposed to. Signed-off-by:
Jarod Wilson <jarod@redhat.com> Acked-by:
Neil Horman <nhorman@tuxdriver.com> Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Herbert Xu authored
When we get left-over bits from a slow walk, it means that the underlying cipher has gone troppo. However, as we're handling that case we should ensure that the caller terminates the walk. This patch does this by setting walk->nbytes to zero. Reported-by:
Roel Kluin <roel.kluin@gmail.com> Reported-by:
Huang Ying <ying.huang@intel.com> Signed-off-by:
-
- 15 Jan, 2009 7 commits
-
-
Herbert Xu authored
As it is if an algorithm with a zero-length IV is used (e.g., NULL encryption) with authenc, authenc may generate an SG entry of length zero, which will trigger a BUG check in the hash layer. This patch fixes it by skipping the IV SG generation if the IV size is zero. Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpcLinus Torvalds authored
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: (29 commits) powerpc/83xx: Move mcu_mpc8349emitx driver out of drivers/i2c/chips/ powerpc/83xx: Make serial ports work on MPC8315E-RDB w/ FSL U-Boots powerpc/e500mc: Doorbells need to be taken w/exceptions disabled powerpc: Enable PS3 options and QPACE in ppc64_defconfig powerpc/powermac: Fix occasional SMP boot failure powerpc/cacheinfo: Rename cache_dir per-cpu variable hvc_console: Use kzalloc() instead of kmalloc() + memset() hvc_console: Do not set low_latency when using interrupts hvc_console: Call free_irq() only if request_irq() was successful hvc_console: Change an mb() to smp_mb() and add some comments powerpc: Cleanup from l64 to ll64 change: drivers/net powerpc: Cleanup from l64 to ll64 change: drivers/char powerpc: Cleanup from l64 to ll64 change: arch code powerpc: Change u64/s64 to a long long integer type powerpc/kexec: Check crash_base for relocatable kernel powerpc: Make dummy section a valid note header Xilinx: SPI: updated driver for device tree drivers/of: Add the of_find_i2c_device_by_node function. powerpc/xsysace: add compatible string for non-ipcore instance powerpc/mpc52xx: remove dead code from GPIO driver ...
-
git://git390.osdl.marist.edu/pub/scm/linux-2.6Linus Torvalds authored
* 'syscalls' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: (44 commits) [CVE-2009-0029] s390 specific system call wrappers [CVE-2009-0029] System call wrappers part 33 [CVE-2009-0029] System call wrappers part 32 [CVE-2009-0029] System call wrappers part 31 [CVE-2009-0029] System call wrappers part 30 [CVE-2009-0029] System call wrappers part 29 [CVE-2009-0029] System call wrappers part 28 [CVE-2009-0029] System call wrappers part 27 [CVE-2009-0029] System call wrappers part 26 [CVE-2009-0029] System call wrappers part 25 [CVE-2009-0029] System call wrappers part 24 [CVE-2009-0029] System call wrappers part 23 [CVE-2009-0029] System call wrappers part 22 [CVE-2009-0029] System call wrappers part 21 [CVE-2009-0029] System call wrappers part 20 [CVE-2009-0029] System call wrappers part 19 [CVE-2009-0029] System call wrappers part 18 [CVE-2009-0029] System call wrappers part 17 [CVE-2009-0029] System call wrappers part 16 [CVE-2009-0029] System call wrappers part 15 ...
-
Harvey Harrison authored
Add swab.h to kbuild.asm and remove the individual entries from each arch, mark as unifdef as some arches have some kernel-only bits inside. Signed-off-by:
Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Harvey Harrison authored
Adjust the arch overrides to the new names as well. Signed-off-by:
-
git://oss.sgi.com/xfs/xfsLinus Torvalds authored
* 'for-linus' of git://oss.sgi.com/xfs/xfs: [XFS] Update maintainers [XFS] use scalable vmap API [XFS] remove old vmap cache [XFS] make xfs_ino_t an unsigned long long [XFS] truncate readdir offsets to signed 32 bit values [XFS] fix compile of xfs_btree_readahead_lblock on m68k [XFS] Remove macro-to-function indirections in the mask code [XFS] Remove macro-to-function indirections in attr code [XFS] Remove several unused typedefs. [XFS] pass XFS_IGET_BULKSTAT to xfs_iget for handle operations
-
git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6: IDE: fix sparse signed-ness errors with host->host_busy ide: fix suspend regression tx4938ide: Fix build error due to read_sff_dma_status moving ide: remove unused CONFIG_BLK_DEV_IDE_AU1XXX_SEQTS_PER_RQ sl82c105: remove dead code via82cxxx: fix cable warning message ide: can't use SSD/non-rotational queue flag for all CFA devices it821x.c: use dev->revision instead of pci_read_config_byte it821x: Add ultra_mask quirk for Vortex86SX ide: fix accidental LOCKDEP breakage caused by local_irq_set() removal
-
- 14 Jan, 2009 31 commits
-
-
Ben Dooks authored
The host_busy field in struct ide_host defaults to a signed-long, where most arch's test_and_set_bit_* macros use an unsigned long. Change to using an unsigned long, which on ARM removes the following sparse errors: drivers/ide/ide-io.c:681:8: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:681:8: expected unsigned long volatile *p drivers/ide/ide-io.c:681:8: got long volatile *<noident> drivers/ide/ide-io.c:681:8: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:681:8: expected unsigned long volatile *p drivers/ide/ide-io.c:681:8: got long volatile *<noident> drivers/ide/ide-io.c:695:3: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:695:3: expected unsigned long volatile *p drivers/ide/ide-io.c:695:3: got long volatile *<noident> drivers/ide/ide-io.c:695:3: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:695:3: expected unsigned long volatile *p drivers/ide/ide-io.c:695:3: got long volatile *<noident> drivers/ide/ide-io.c:695:3: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:695:3: expected unsigned long volatile *p drivers/ide/ide-io.c:695:3: got long volatile *<noident> drivers/ide/ide-io.c:695:3: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:695:3: expected unsigned long volatile *p drivers/ide/ide-io.c:695:3: got long volatile *<noident> drivers/ide/ide-io.c:695:3: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:695:3: expected unsigned long volatile *p drivers/ide/ide-io.c:695:3: got long volatile *<noident> drivers/ide/ide-io.c:695:3: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:695:3: expected unsigned long volatile *p drivers/ide/ide-io.c:695:3: got long volatile *<noident> drivers/ide/ide-io.c:695:3: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:695:3: expected unsigned long volatile *p drivers/ide/ide-io.c:695:3: got long volatile *<noident> drivers/ide/ide-io.c:695:3: warning: incorrect type in argument 2 (different signedness) drivers/ide/ide-io.c:695:3: expected unsigned long volatile *p drivers/ide/ide-io.c:695:3: got long volatile *<noident> Signed-off-by:
Ben Dooks <ben-linux@fluff.org> Signed-off-by:
Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
Bartlomiej Zolnierkiewicz authored
On Monday 12 January 2009, Simon Holm Thøgersen wrote: > commit 295f0004 ("ide: don't execute the next queued command from the > hard-IRQ context (v2)") breaks suspend to disk for me. On > 'echo disk > /sys/power/state' the systems hangs, letting me switch > virtual consoles, but not responding to Alt+SysRq Restart the request queue early for REQ_TYPE_PM_RESUME requests (though there is only one resume request for the whole resume sequence it stays in the queue until is fully completed and now depends on kblockd for processing consequential resume states). Reported-and-bisected-by:
Simon Holm Thøgersen <odie@cs.aau.dk> Tested-by:
-
Atsushi Nemoto authored
Signed-off-by:
Atsushi Nemoto <anemo@mba.ocn.ne.jp> Acked-by:
Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by:
-
Bartlomiej Zolnierkiewicz authored
Acked-by:
-
Bartlomiej Zolnierkiewicz authored
CONFIG_LOPEC and CONFIG_SANDPOINT config options are gone. Acked-by:
-
Bartlomiej Zolnierkiewicz authored
Remove reference to the removed old-style kernel parameter. Acked-by:
-
Bartlomiej Zolnierkiewicz authored
Some rotating disks also present themselves as CFA devices. Reported-by:
Alan Cox <alan@lxorguk.ukuu.org.uk> Acked-by:
-
Brandon Philips authored
Minor cleanup. Signed-off-by:
Brandon Philips <bphilips@suse.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Shawn Lin <shawn@dmp.com.tw> Signed-off-by:
-
Brandon Philips authored
On Vortex86SX with IDE controller revision 0x11 ultra DMA must be disabled. This patch was tested by DMP and seems to work. It is a cleaned up version of their older Kernel patch: http://www.dmp.com.tw/tech/vortex86sx/patch-2.6.24-DMP.gzTested-by:
Shawn Lin <shawn@dmp.com.tw> Signed-off-by:
-
Bartlomiej Zolnierkiewicz authored
commit 54cc1428 ("ide: remove local_irq_set() macro") accidentally replaced local_save_flags() by local_irq_set() in ide_probe_port() and __ide_wait_stat() which resulted in LOCKDEP breakage. Reported-by:
Larry Finger <Larry.Finger@lwfinger.net> Tested-by:
-
Andrew Morton authored
Fix the sparc build - we were including `up.o' on SMP builds, when CONFIG_USE_GENERIC_SMP_HELPERS=n. Tested-by:
Robert Reif <reif@earthlink.net> Fixed-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
-
Nick Piggin authored
This assertion is incorrect for lockless pagecache. By definition if we have an unpinned page that we are trying to take a speculative reference to, it may become the tail of a compound page at any time (if it is freed, then reallocated as a compound page). It was still a valid assertion for the vmscan.c LRU isolation case, but it doesn't seem incredibly helpful... if somebody wants it, they can put it back directly where it applies in the vmscan code. Signed-off-by:
Nick Piggin <npiggin@suse.de> Signed-off-by:
-
Heiko Carstens authored
Signed-off-by:Heiko Carstens <heiko.carstens@de.ibm.com>
-
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by: -
Heiko Carstens authored
Signed-off-by:
-
