* [PATCH v2] crypto: qat - add limit to linked list parsing
@ 2022-09-21 9:09 Adam Guerin
2022-09-21 9:38 ` Giovanni Cabiddu
2022-09-30 6:15 ` Herbert Xu
0 siblings, 2 replies; 3+ messages in thread
From: Adam Guerin @ 2022-09-21 9:09 UTC (permalink / raw)
To: herbert
Cc: linux-crypto, qat-linux, Adam Guerin, Ciunas Bennett, Giovanni Cabiddu
adf_copy_key_value_data() copies data from userland to kernel, based on
a linked link provided by userland. If userland provides a circular
list (or just a very long one) then it would drive a long loop where
allocation occurs in every loop. This could lead to low memory conditions.
Adding a limit to stop endless loop.
Signed-off-by: Adam Guerin <adam.guerin@intel.com>
Co-developed-by: Ciunas Bennett <ciunas.bennett@intel.com>
Signed-off-by: Ciunas Bennett <ciunas.bennett@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
---
v2: improved patch based off feedback from ML
drivers/crypto/qat/qat_common/adf_ctl_drv.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
index 508c18edd692..82b69e1f725b 100644
--- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c
+++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
@@ -16,6 +16,9 @@
#include "adf_cfg_common.h"
#include "adf_cfg_user.h"
+#define ADF_CFG_MAX_SECTION 512
+#define ADF_CFG_MAX_KEY_VAL 256
+
#define DEVICE_NAME "qat_adf_ctl"
static DEFINE_MUTEX(adf_ctl_lock);
@@ -137,10 +140,11 @@ static int adf_copy_key_value_data(struct adf_accel_dev *accel_dev,
struct adf_user_cfg_key_val key_val;
struct adf_user_cfg_key_val *params_head;
struct adf_user_cfg_section section, *section_head;
+ int i, j;
section_head = ctl_data->config_section;
- while (section_head) {
+ for (i = 0; section_head && i < ADF_CFG_MAX_SECTION; i++) {
if (copy_from_user(§ion, (void __user *)section_head,
sizeof(*section_head))) {
dev_err(&GET_DEV(accel_dev),
@@ -156,7 +160,7 @@ static int adf_copy_key_value_data(struct adf_accel_dev *accel_dev,
params_head = section.params;
- while (params_head) {
+ for (j = 0; params_head && j < ADF_CFG_MAX_KEY_VAL; j++) {
if (copy_from_user(&key_val, (void __user *)params_head,
sizeof(key_val))) {
dev_err(&GET_DEV(accel_dev),
base-commit: 8aee6d5494bfb2e535307eb3e80e38cc5cc1c7a6
--
2.37.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] crypto: qat - add limit to linked list parsing
2022-09-21 9:09 [PATCH v2] crypto: qat - add limit to linked list parsing Adam Guerin
@ 2022-09-21 9:38 ` Giovanni Cabiddu
2022-09-30 6:15 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Giovanni Cabiddu @ 2022-09-21 9:38 UTC (permalink / raw)
To: herbert, Adam Guerin; +Cc: linux-crypto, qat-linux, Ciunas Bennett
Hi Herbert,
This patch was accidentally sent starting from V2. Adam is going to
resend.
Regards,
--
Giovanni
On Wed, Sep 21, 2022 at 10:09:24AM +0100, Adam Guerin wrote:
> adf_copy_key_value_data() copies data from userland to kernel, based on
> a linked link provided by userland. If userland provides a circular
> list (or just a very long one) then it would drive a long loop where
> allocation occurs in every loop. This could lead to low memory conditions.
> Adding a limit to stop endless loop.
>
> Signed-off-by: Adam Guerin <adam.guerin@intel.com>
> Co-developed-by: Ciunas Bennett <ciunas.bennett@intel.com>
> Signed-off-by: Ciunas Bennett <ciunas.bennett@intel.com>
> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> ---
> v2: improved patch based off feedback from ML
> drivers/crypto/qat/qat_common/adf_ctl_drv.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/qat/qat_common/adf_ctl_drv.c b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
> index 508c18edd692..82b69e1f725b 100644
> --- a/drivers/crypto/qat/qat_common/adf_ctl_drv.c
> +++ b/drivers/crypto/qat/qat_common/adf_ctl_drv.c
> @@ -16,6 +16,9 @@
> #include "adf_cfg_common.h"
> #include "adf_cfg_user.h"
>
> +#define ADF_CFG_MAX_SECTION 512
> +#define ADF_CFG_MAX_KEY_VAL 256
> +
> #define DEVICE_NAME "qat_adf_ctl"
>
> static DEFINE_MUTEX(adf_ctl_lock);
> @@ -137,10 +140,11 @@ static int adf_copy_key_value_data(struct adf_accel_dev *accel_dev,
> struct adf_user_cfg_key_val key_val;
> struct adf_user_cfg_key_val *params_head;
> struct adf_user_cfg_section section, *section_head;
> + int i, j;
>
> section_head = ctl_data->config_section;
>
> - while (section_head) {
> + for (i = 0; section_head && i < ADF_CFG_MAX_SECTION; i++) {
> if (copy_from_user(§ion, (void __user *)section_head,
> sizeof(*section_head))) {
> dev_err(&GET_DEV(accel_dev),
> @@ -156,7 +160,7 @@ static int adf_copy_key_value_data(struct adf_accel_dev *accel_dev,
>
> params_head = section.params;
>
> - while (params_head) {
> + for (j = 0; params_head && j < ADF_CFG_MAX_KEY_VAL; j++) {
> if (copy_from_user(&key_val, (void __user *)params_head,
> sizeof(key_val))) {
> dev_err(&GET_DEV(accel_dev),
>
> base-commit: 8aee6d5494bfb2e535307eb3e80e38cc5cc1c7a6
> --
> 2.37.3
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v2] crypto: qat - add limit to linked list parsing
2022-09-21 9:09 [PATCH v2] crypto: qat - add limit to linked list parsing Adam Guerin
2022-09-21 9:38 ` Giovanni Cabiddu
@ 2022-09-30 6:15 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2022-09-30 6:15 UTC (permalink / raw)
To: Adam Guerin; +Cc: linux-crypto, qat-linux, Ciunas Bennett, Giovanni Cabiddu
On Wed, Sep 21, 2022 at 10:09:24AM +0100, Adam Guerin wrote:
> adf_copy_key_value_data() copies data from userland to kernel, based on
> a linked link provided by userland. If userland provides a circular
> list (or just a very long one) then it would drive a long loop where
> allocation occurs in every loop. This could lead to low memory conditions.
> Adding a limit to stop endless loop.
>
> Signed-off-by: Adam Guerin <adam.guerin@intel.com>
> Co-developed-by: Ciunas Bennett <ciunas.bennett@intel.com>
> Signed-off-by: Ciunas Bennett <ciunas.bennett@intel.com>
> Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
> ---
> v2: improved patch based off feedback from ML
> drivers/crypto/qat/qat_common/adf_ctl_drv.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-30 6:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-21 9:09 [PATCH v2] crypto: qat - add limit to linked list parsing Adam Guerin
2022-09-21 9:38 ` Giovanni Cabiddu
2022-09-30 6:15 ` Herbert Xu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.