tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
"This fixes a bunch of bugs detected by KASAN in the caam driver"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: caam - fix the address of the last entry of S/G
crypto: caam - fix use-after-free KASAN issue for RSA algorithms
crypto: caam - fix use-after-free KASAN issue for HASH algorithms
crypto: caam - fix use-after-free KASAN issue for AEAD algorithms
crypto: caam - fix use-after-free KASAN issue for SKCIPHER algorithms

Linus Torvalds 6c3efdc9 96c9a780

+19 -7
+7 -3
drivers/crypto/caam/caamalg.c
··· 963 963 struct caam_drv_private_jr *jrp = dev_get_drvdata(jrdev); 964 964 struct aead_edesc *edesc; 965 965 int ecode = 0; 966 + bool has_bklog; 966 967 967 968 dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); 968 969 969 970 edesc = rctx->edesc; 971 + has_bklog = edesc->bklog; 970 972 971 973 if (err) 972 974 ecode = caam_jr_strstatus(jrdev, err); ··· 981 979 * If no backlog flag, the completion of the request is done 982 980 * by CAAM, not crypto engine. 983 981 */ 984 - if (!edesc->bklog) 982 + if (!has_bklog) 985 983 aead_request_complete(req, ecode); 986 984 else 987 985 crypto_finalize_aead_request(jrp->engine, req, ecode); ··· 997 995 struct caam_drv_private_jr *jrp = dev_get_drvdata(jrdev); 998 996 int ivsize = crypto_skcipher_ivsize(skcipher); 999 997 int ecode = 0; 998 + bool has_bklog; 1000 999 1001 1000 dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); 1002 1001 1003 1002 edesc = rctx->edesc; 1003 + has_bklog = edesc->bklog; 1004 1004 if (err) 1005 1005 ecode = caam_jr_strstatus(jrdev, err); 1006 1006 ··· 1032 1028 * If no backlog flag, the completion of the request is done 1033 1029 * by CAAM, not crypto engine. 1034 1030 */ 1035 - if (!edesc->bklog) 1031 + if (!has_bklog) 1036 1032 skcipher_request_complete(req, ecode); 1037 1033 else 1038 1034 crypto_finalize_skcipher_request(jrp->engine, req, ecode); ··· 1715 1711 1716 1712 if (ivsize || mapped_dst_nents > 1) 1717 1713 sg_to_sec4_set_last(edesc->sec4_sg + dst_sg_idx + 1718 - mapped_dst_nents); 1714 + mapped_dst_nents - 1 + !!ivsize); 1719 1715 1720 1716 if (sec4_sg_bytes) { 1721 1717 edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg,
+6 -2
drivers/crypto/caam/caamhash.c
··· 583 583 struct caam_hash_state *state = ahash_request_ctx(req); 584 584 struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); 585 585 int ecode = 0; 586 + bool has_bklog; 586 587 587 588 dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); 588 589 589 590 edesc = state->edesc; 591 + has_bklog = edesc->bklog; 590 592 591 593 if (err) 592 594 ecode = caam_jr_strstatus(jrdev, err); ··· 605 603 * If no backlog flag, the completion of the request is done 606 604 * by CAAM, not crypto engine. 607 605 */ 608 - if (!edesc->bklog) 606 + if (!has_bklog) 609 607 req->base.complete(&req->base, ecode); 610 608 else 611 609 crypto_finalize_hash_request(jrp->engine, req, ecode); ··· 634 632 struct caam_hash_state *state = ahash_request_ctx(req); 635 633 int digestsize = crypto_ahash_digestsize(ahash); 636 634 int ecode = 0; 635 + bool has_bklog; 637 636 638 637 dev_dbg(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); 639 638 640 639 edesc = state->edesc; 640 + has_bklog = edesc->bklog; 641 641 if (err) 642 642 ecode = caam_jr_strstatus(jrdev, err); 643 643 ··· 667 663 * If no backlog flag, the completion of the request is done 668 664 * by CAAM, not crypto engine. 669 665 */ 670 - if (!edesc->bklog) 666 + if (!has_bklog) 671 667 req->base.complete(&req->base, ecode); 672 668 else 673 669 crypto_finalize_hash_request(jrp->engine, req, ecode);
+6 -2
drivers/crypto/caam/caampkc.c
··· 121 121 struct caam_drv_private_jr *jrp = dev_get_drvdata(dev); 122 122 struct rsa_edesc *edesc; 123 123 int ecode = 0; 124 + bool has_bklog; 124 125 125 126 if (err) 126 127 ecode = caam_jr_strstatus(dev, err); 127 128 128 129 edesc = req_ctx->edesc; 130 + has_bklog = edesc->bklog; 129 131 130 132 rsa_pub_unmap(dev, edesc, req); 131 133 rsa_io_unmap(dev, edesc, req); ··· 137 135 * If no backlog flag, the completion of the request is done 138 136 * by CAAM, not crypto engine. 139 137 */ 140 - if (!edesc->bklog) 138 + if (!has_bklog) 141 139 akcipher_request_complete(req, ecode); 142 140 else 143 141 crypto_finalize_akcipher_request(jrp->engine, req, ecode); ··· 154 152 struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req); 155 153 struct rsa_edesc *edesc; 156 154 int ecode = 0; 155 + bool has_bklog; 157 156 158 157 if (err) 159 158 ecode = caam_jr_strstatus(dev, err); 160 159 161 160 edesc = req_ctx->edesc; 161 + has_bklog = edesc->bklog; 162 162 163 163 switch (key->priv_form) { 164 164 case FORM1: ··· 180 176 * If no backlog flag, the completion of the request is done 181 177 * by CAAM, not crypto engine. 182 178 */ 183 - if (!edesc->bklog) 179 + if (!has_bklog) 184 180 akcipher_request_complete(req, ecode); 185 181 else 186 182 crypto_finalize_akcipher_request(jrp->engine, req, ecode);