tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: qat - optimize allocations for fw authentication

The memory requested to hold the image data for authentication will
never exceed `ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN`. Therefore, we can
simplify the allocation by always requesting the maximum size needed for
any image.

Also introduce the following checks:
* Ensure the allocated memory is 8-byte aligned to meet the
requirements of the authentication firmware.
* Prevent overflow when constructing the authentication descriptor.

Signed-off-by: Jack Xu <jack.xu@intel.com>
Reviewed-by: Ahsan Atta <ahsan.atta@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Jack Xu and committed by
Herbert Xu 987fd1a4 0d5cb730

+19 -14
-8
drivers/crypto/intel/qat/qat_common/icp_qat_uclo.h
··· 43 43 #define ICP_QAT_SUOF_OBJS "SUF_OBJS" 44 44 #define ICP_QAT_SUOF_IMAG "SUF_IMAG" 45 45 #define ICP_QAT_SIMG_AE_INIT_SEQ_LEN (50 * sizeof(unsigned long long)) 46 - #define ICP_QAT_SIMG_AE_INSTS_LEN (0x4000 * sizeof(unsigned long long)) 47 46 48 47 #define DSS_FWSK_MODULUS_LEN 384 /* RSA3K */ 49 48 #define DSS_FWSK_EXPONENT_LEN 4 ··· 74 75 DSS_SIGNATURE_LEN : \ 75 76 CSS_SIGNATURE_LEN) 76 77 77 - #define ICP_QAT_CSS_AE_IMG_LEN (sizeof(struct icp_qat_simg_ae_mode) + \ 78 - ICP_QAT_SIMG_AE_INIT_SEQ_LEN + \ 79 - ICP_QAT_SIMG_AE_INSTS_LEN) 80 - #define ICP_QAT_CSS_AE_SIMG_LEN(handle) (sizeof(struct icp_qat_css_hdr) + \ 81 - ICP_QAT_CSS_FWSK_PUB_LEN(handle) + \ 82 - ICP_QAT_CSS_SIGNATURE_LEN(handle) + \ 83 - ICP_QAT_CSS_AE_IMG_LEN) 84 78 #define ICP_QAT_AE_IMG_OFFSET(handle) (sizeof(struct icp_qat_css_hdr) + \ 85 79 ICP_QAT_CSS_FWSK_MODULUS_LEN(handle) + \ 86 80 ICP_QAT_CSS_FWSK_EXPONENT_LEN(handle) + \
+19 -6
drivers/crypto/intel/qat/qat_common/qat_uclo.c
··· 1 1 // SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0-only) 2 2 /* Copyright(c) 2014 - 2020 Intel Corporation */ 3 + #include <linux/align.h> 3 4 #include <linux/slab.h> 4 5 #include <linux/ctype.h> 5 6 #include <linux/kernel.h> ··· 1415 1414 struct icp_qat_fw_auth_desc *auth_desc; 1416 1415 struct icp_qat_auth_chunk *auth_chunk; 1417 1416 u64 virt_addr, bus_addr, virt_base; 1418 - unsigned int length, simg_offset = sizeof(*auth_chunk); 1417 + unsigned int simg_offset = sizeof(*auth_chunk); 1419 1418 struct icp_qat_simg_ae_mode *simg_ae_mode; 1420 1419 struct icp_firml_dram_desc img_desc; 1420 + int ret; 1421 1421 1422 - length = (css_hdr->fw_type == CSS_AE_FIRMWARE) ? 1423 - ICP_QAT_CSS_AE_SIMG_LEN(handle) + simg_offset : 1424 - size + ICP_QAT_CSS_FWSK_PAD_LEN(handle) + simg_offset; 1425 - if (qat_uclo_simg_alloc(handle, &img_desc, length)) { 1422 + ret = qat_uclo_simg_alloc(handle, &img_desc, ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN); 1423 + if (ret) { 1426 1424 pr_err("QAT: error, allocate continuous dram fail\n"); 1427 - return -ENOMEM; 1425 + return ret; 1426 + } 1427 + 1428 + if (!IS_ALIGNED(img_desc.dram_size, 8) || !img_desc.dram_bus_addr) { 1429 + pr_debug("QAT: invalid address\n"); 1430 + qat_uclo_simg_free(handle, &img_desc); 1431 + return -EINVAL; 1428 1432 } 1429 1433 1430 1434 auth_chunk = img_desc.dram_base_addr_v; ··· 1487 1481 auth_desc->img_high = (unsigned int)(bus_addr >> BITS_IN_DWORD); 1488 1482 auth_desc->img_low = (unsigned int)bus_addr; 1489 1483 auth_desc->img_len = size - ICP_QAT_AE_IMG_OFFSET(handle); 1484 + if (bus_addr + auth_desc->img_len > img_desc.dram_bus_addr + 1485 + ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN) { 1486 + pr_err("QAT: insufficient memory size for authentication data\n"); 1487 + qat_uclo_simg_free(handle, &img_desc); 1488 + return -ENOMEM; 1489 + } 1490 + 1490 1491 memcpy((void *)(uintptr_t)virt_addr, 1491 1492 (void *)(image + ICP_QAT_AE_IMG_OFFSET(handle)), 1492 1493 auth_desc->img_len);