Commit 313e7b4d authored by Vlad Yasevich's avatar Vlad Yasevich Committed by Sridhar Samudrala

[SCTP]: Fix machine check/connection hang on IA64.

sctp_unpack_cookie used an on-stack array called digest as a result/out
parameter in the call to crypto_hmac. However, hmac code
(crypto_hmac_final)
assumes that the 'out' argument is in virtual memory (identity mapped
region)
and can use virt_to_page call on it.  This does not work with the on-stack
declared digest.  The problems observed so far have been:
 a) incorrect hmac digest
 b) machine check and hardware reset.

Solution is to define the digest in an identity mapped region by
kmalloc'ing
it.  We can do this once as part of the endpoint structure and re-use it
when
verifying the SCTP cookie.
Signed-off-by: default avatarVlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: default avatarSridhar Samudrala <sri@us.ibm.com>
parent 8116ffad
...@@ -1250,6 +1250,14 @@ struct sctp_endpoint { ...@@ -1250,6 +1250,14 @@ struct sctp_endpoint {
int last_key; int last_key;
int key_changed_at; int key_changed_at;
/* digest: This is a digest of the sctp cookie. This field is
* only used on the receive path when we try to validate
* that the cookie has not been tampered with. We put
* this here so we pre-allocate this once and can re-use
* on every receive.
*/
__u8 digest[SCTP_SIGNATURE_SIZE];
/* sendbuf acct. policy. */ /* sendbuf acct. policy. */
__u32 sndbuf_policy; __u32 sndbuf_policy;
......
...@@ -1359,7 +1359,7 @@ struct sctp_association *sctp_unpack_cookie( ...@@ -1359,7 +1359,7 @@ struct sctp_association *sctp_unpack_cookie(
struct sctp_signed_cookie *cookie; struct sctp_signed_cookie *cookie;
struct sctp_cookie *bear_cookie; struct sctp_cookie *bear_cookie;
int headersize, bodysize, fixed_size; int headersize, bodysize, fixed_size;
__u8 digest[SCTP_SIGNATURE_SIZE]; __u8 *digest = ep->digest;
struct scatterlist sg; struct scatterlist sg;
unsigned int keylen, len; unsigned int keylen, len;
char *key; char *key;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment