Linux-Crypto Archive on lore.kernel.org
 help / color / Atom feed
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Tero Kristo <t-kristo@ti.com>
Cc: davem@davemloft.net, linux-crypto@vger.kernel.org,
	linux-omap@vger.kernel.org, Tejun Heo <tj@kernel.org>
Subject: Re: [PATCHv2 3/7] crypto: omap-crypto: fix userspace copied buffer access
Date: Fri, 22 May 2020 23:12:47 +1000
Message-ID: <20200522131247.GA27255@gondor.apana.org.au> (raw)
In-Reply-To: <20200511111913.26541-4-t-kristo@ti.com>

On Mon, May 11, 2020 at 02:19:09PM +0300, Tero Kristo wrote:
> In case buffers are copied from userspace, directly accessing the page
> will most likely fail because it hasn't been mapped into the kernel
> memory space. Fix the issue by forcing a kmap / kunmap within the
> cleanup functionality.
> 
> Signed-off-by: Tero Kristo <t-kristo@ti.com>
> ---
>  drivers/crypto/omap-crypto.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/crypto/omap-crypto.c b/drivers/crypto/omap-crypto.c
> index cc88b7362bc2..31bdb1d76d11 100644
> --- a/drivers/crypto/omap-crypto.c
> +++ b/drivers/crypto/omap-crypto.c
> @@ -178,11 +178,16 @@ static void omap_crypto_copy_data(struct scatterlist *src,
>  		amt = min(src->length - srco, dst->length - dsto);
>  		amt = min(len, amt);
>  
> -		srcb = sg_virt(src) + srco;
> -		dstb = sg_virt(dst) + dsto;
> +		srcb = kmap_atomic(sg_page(src)) + srco + src->offset;
> +		dstb = kmap_atomic(sg_page(dst)) + dsto + dst->offset;
>  
>  		memcpy(dstb, srcb, amt);
>  
> +		flush_dcache_page(sg_page(dst));

You need to check !PageSlab as it's illegal to call it on a kernel
page.  Also you should be using flush_kernel_dcache_page.  scatterwalk
uses flush_dcache_page only because when it was created the other
function didn't exist.

Would it be possible to use the sg_miter interface to do the copy?
In fact your function could possibly be added to lib/scatterlist.c
as it seems to be quite generic.

Thanks,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

  reply index

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-11 11:19 [PATCHv2 0/7] crypto: omap: sha/aes fixes Tero Kristo
2020-05-11 11:19 ` [PATCHv2 1/7] crypto: omap-aes: avoid spamming console with self tests Tero Kristo
2020-05-11 11:19 ` [PATCHv2 2/7] crypto: omap-sham: force kernel driver usage for sha algos Tero Kristo
2020-05-11 11:19 ` [PATCHv2 3/7] crypto: omap-crypto: fix userspace copied buffer access Tero Kristo
2020-05-22 13:12   ` Herbert Xu [this message]
2020-05-26 12:27     ` Tero Kristo
2020-05-26 12:35       ` Herbert Xu
2020-05-26 12:57         ` Tero Kristo
2020-05-26 13:07           ` Herbert Xu
2020-05-26 13:11             ` Tero Kristo
2020-05-26 14:21     ` [PATCHv3 " Tero Kristo
2020-05-11 11:19 ` [PATCHv2 4/7] crypto: omap-sham: huge buffer access fixes Tero Kristo
2020-05-11 11:19 ` [PATCHv2 5/7] crypto: omap-sham: fix very small data size handling Tero Kristo
2020-05-11 11:19 ` [PATCHv2 6/7] crypto: omap-aes: prevent unregistering algorithms twice Tero Kristo
2020-05-11 11:19 ` [PATCHv2 7/7] crypto: omap-sham: add proper load balancing support for multicore Tero Kristo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200522131247.GA27255@gondor.apana.org.au \
    --to=herbert@gondor.apana.org.au \
    --cc=davem@davemloft.net \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-omap@vger.kernel.org \
    --cc=t-kristo@ti.com \
    --cc=tj@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Crypto Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \
		linux-crypto@vger.kernel.org
	public-inbox-index linux-crypto

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git