linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Horia Geantă" <horia.geanta@nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>,
	Dan Douglass <dan.douglass@nxp.com>,
	Tudor Ambarus <tudor-dan.ambarus@nxp.com>,
	"Cristian Stoica" <cristian.stoica@nxp.com>,
	<linux-crypto@vger.kernel.org>
Subject: [PATCH 05/12] crypto: caam - check sg_count() return value
Date: Fri, 10 Feb 2017 14:07:18 +0200	[thread overview]
Message-ID: <1486728445-13047-6-git-send-email-horia.geanta@nxp.com> (raw)
In-Reply-To: <1486728445-13047-1-git-send-email-horia.geanta@nxp.com>

sg_count() internally calls sg_nents_for_len(), which could fail
in case the required number of bytes is larger than the total
bytes in the S/G.

Thus, add checks to validate the input.

Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
---
 drivers/crypto/caam/caamalg.c | 44 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 05d4690351b9..ed8a04412767 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -1335,13 +1335,31 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req,
 
 	if (unlikely(req->dst != req->src)) {
 		src_nents = sg_count(req->src, req->assoclen + req->cryptlen);
+		if (unlikely(src_nents < 0)) {
+			dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
+				req->assoclen + req->cryptlen);
+			return ERR_PTR(src_nents);
+		}
+
 		dst_nents = sg_count(req->dst,
 				     req->assoclen + req->cryptlen +
 					(encrypt ? authsize : (-authsize)));
+		if (unlikely(dst_nents < 0)) {
+			dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n",
+				req->assoclen + req->cryptlen +
+				(encrypt ? authsize : (-authsize)));
+			return ERR_PTR(dst_nents);
+		}
 	} else {
 		src_nents = sg_count(req->src,
 				     req->assoclen + req->cryptlen +
 					(encrypt ? authsize : 0));
+		if (unlikely(src_nents < 0)) {
+			dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
+				req->assoclen + req->cryptlen +
+				(encrypt ? authsize : 0));
+			return ERR_PTR(src_nents);
+		}
 	}
 
 	/* Check if data are contiguous. */
@@ -1609,9 +1627,20 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request
 	int sec4_sg_index;
 
 	src_nents = sg_count(req->src, req->nbytes);
+	if (unlikely(src_nents < 0)) {
+		dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
+			req->nbytes);
+		return ERR_PTR(src_nents);
+	}
 
-	if (req->dst != req->src)
+	if (req->dst != req->src) {
 		dst_nents = sg_count(req->dst, req->nbytes);
+		if (unlikely(dst_nents < 0)) {
+			dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n",
+				req->nbytes);
+			return ERR_PTR(dst_nents);
+		}
+	}
 
 	if (likely(req->src == req->dst)) {
 		sgc = dma_map_sg(jrdev, req->src, src_nents ? : 1,
@@ -1807,6 +1836,11 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc(
 	int sec4_sg_index;
 
 	src_nents = sg_count(req->src, req->nbytes);
+	if (unlikely(src_nents < 0)) {
+		dev_err(jrdev, "Insufficient bytes (%d) in src S/G\n",
+			req->nbytes);
+		return ERR_PTR(src_nents);
+	}
 
 	if (likely(req->src == req->dst)) {
 		sgc = dma_map_sg(jrdev, req->src, src_nents ? : 1,
@@ -1826,6 +1860,12 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc(
 		}
 
 		dst_nents = sg_count(req->dst, req->nbytes);
+		if (unlikely(dst_nents < 0)) {
+			dev_err(jrdev, "Insufficient bytes (%d) in dst S/G\n",
+				req->nbytes);
+			return ERR_PTR(dst_nents);
+		}
+
 		sgc = dma_map_sg(jrdev, req->dst, dst_nents ? : 1,
 				 DMA_FROM_DEVICE);
 		if (unlikely(!sgc)) {
@@ -1914,7 +1954,7 @@ static int ablkcipher_givencrypt(struct skcipher_givcrypt_request *creq)
 	struct crypto_ablkcipher *ablkcipher = crypto_ablkcipher_reqtfm(req);
 	struct caam_ctx *ctx = crypto_ablkcipher_ctx(ablkcipher);
 	struct device *jrdev = ctx->jrdev;
-	bool iv_contig;
+	bool iv_contig = false;
 	u32 *desc;
 	int ret = 0;
 
-- 
2.4.4

  parent reply	other threads:[~2017-02-10 12:07 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-10 12:07 [PATCH 00/12] crypto: caam - fixes Horia Geantă
2017-02-10 12:07 ` [PATCH 01/12] crypto: caam - don't include unneeded headers Horia Geantă
2017-02-10 12:07 ` [PATCH 02/12] crypto: caam - check return code of dma_set_mask_and_coherent() Horia Geantă
2017-02-10 12:07 ` [PATCH 03/12] crypto: caam - fix JR IO mapping if one fails Horia Geantă
2017-02-10 12:07 ` [PATCH 04/12] crypto: caam - fix HW S/G in ablkcipher_giv_edesc_alloc() Horia Geantă
2017-02-10 12:07 ` Horia Geantă [this message]
2017-02-10 12:07 ` [PATCH 06/12] crypto: caam - replace sg_count() with sg_nents_for_len() Horia Geantă
2017-02-10 12:07 ` [PATCH 07/12] crypto: caam - use dma_map_sg() return code Horia Geantă
2017-02-10 12:07 ` [PATCH 08/12] crypto: caam - don't dma_map key for hash algorithms Horia Geantă
2017-02-10 12:07 ` [PATCH 09/12] crypto: caam - fix DMA API leaks for multiple setkey() calls Horia Geantă
2017-02-10 12:07 ` [PATCH 10/12] crypto: caam - fix error path for ctx_dma mapping failure Horia Geantă
2017-02-10 12:07 ` [PATCH 11/12] crypto: caam - abstract ahash request double buffering Horia Geantă
2017-02-10 12:07 ` [PATCH 12/12] crypto: caam - fix state buffer DMA (un)mapping Horia Geantă
2017-02-15  5:33 ` [PATCH 00/12] crypto: caam - fixes Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1486728445-13047-6-git-send-email-horia.geanta@nxp.com \
    --to=horia.geanta@nxp.com \
    --cc=cristian.stoica@nxp.com \
    --cc=dan.douglass@nxp.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=tudor-dan.ambarus@nxp.com \
    --subject='Re: [PATCH 05/12] crypto: caam - check sg_count() return value' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).