summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorDavid Miller <davem@davemloft.net>2017-06-02 11:28:54 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2017-06-08 17:36:03 +0800
commitd41519a69b35b10af7fda867fb9100df24fdf403 (patch)
treed71a478fac542c5415282463a1d3428adb26aeca /crypto
parentf3ad587070d6bd961ab942b3fd7a85d00dfc934b (diff)
downloadop-kernel-dev-d41519a69b35b10af7fda867fb9100df24fdf403.zip
op-kernel-dev-d41519a69b35b10af7fda867fb9100df24fdf403.tar.gz
crypto: Work around deallocated stack frame reference gcc bug on sparc.
On sparc, if we have an alloca() like situation, as is the case with SHASH_DESC_ON_STACK(), we can end up referencing deallocated stack memory. The result can be that the value is clobbered if a trap or interrupt arrives at just the right instruction. It only occurs if the function ends returning a value from that alloca() area and that value can be placed into the return value register using a single instruction. For example, in lib/libcrc32c.c:crc32c() we end up with a return sequence like: return %i7+8 lduw [%o5+16], %o0 ! MEM[(u32 *)__shash_desc.1_10 + 16B], %o5 holds the base of the on-stack area allocated for the shash descriptor. But the return released the stack frame and the register window. So if an intererupt arrives between 'return' and 'lduw', then the value read at %o5+16 can be corrupted. Add a data compiler barrier to work around this problem. This is exactly what the gcc fix will end up doing as well, and it absolutely should not change the code generated for other cpus (unless gcc on them has the same bug :-) With crucial insight from Eric Sandeen. Cc: <stable@vger.kernel.org> Reported-by: Anatoly Pugachev <matorola@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
0 files changed, 0 insertions, 0 deletions
OpenPOWER on IntegriCloud