From: Gilad Ben-Yossef <gilad@benyossef.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: Ofir Drang <ofir.drang@arm.com>,
stable@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH 30/35] crypto: ccree: don't map AEAD key and IV on stack
Date: Thu, 18 Apr 2019 16:39:05 +0300 [thread overview]
Message-ID: <20190418133913.9122-31-gilad@benyossef.com> (raw)
In-Reply-To: <20190418133913.9122-1-gilad@benyossef.com>
The AEAD authenc key and IVs might be passed to us on stack. Copy it to
a slab buffer before mapping to gurantee proper DMA mapping.
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org # v4.19+
---
drivers/crypto/ccree/cc_aead.c | 11 ++++++++++-
drivers/crypto/ccree/cc_buffer_mgr.c | 15 ++++++++++++---
drivers/crypto/ccree/cc_driver.h | 1 +
3 files changed, 23 insertions(+), 4 deletions(-)
diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index 7447fd0ff48e..ca44a227b211 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -424,7 +424,7 @@ static int validate_keys_sizes(struct cc_aead_ctx *ctx)
/* This function prepers the user key so it can pass to the hmac processing
* (copy to intenral buffer or hash in case of key longer than block
*/
-static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *key,
+static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *authkey,
unsigned int keylen)
{
dma_addr_t key_dma_addr = 0;
@@ -437,6 +437,7 @@ static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *key,
unsigned int hashmode;
unsigned int idx = 0;
int rc = 0;
+ u8 *key = NULL;
struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ];
dma_addr_t padded_authkey_dma_addr =
ctx->auth_state.hmac.padded_authkey_dma_addr;
@@ -455,11 +456,17 @@ static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *key,
}
if (keylen != 0) {
+
+ key = kmemdup(authkey, keylen, GFP_KERNEL);
+ if (!key)
+ return -ENOMEM;
+
key_dma_addr = dma_map_single(dev, (void *)key, keylen,
DMA_TO_DEVICE);
if (dma_mapping_error(dev, key_dma_addr)) {
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
key, keylen);
+ kzfree(key);
return -ENOMEM;
}
if (keylen > blocksize) {
@@ -542,6 +549,8 @@ static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *key,
if (key_dma_addr)
dma_unmap_single(dev, key_dma_addr, keylen, DMA_TO_DEVICE);
+ kzfree(key);
+
return rc;
}
diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c
index 09dceec7d828..c81ad33f9115 100644
--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -557,6 +557,7 @@ void cc_unmap_aead_request(struct device *dev, struct aead_request *req)
if (areq_ctx->gen_ctx.iv_dma_addr) {
dma_unmap_single(dev, areq_ctx->gen_ctx.iv_dma_addr,
hw_iv_size, DMA_BIDIRECTIONAL);
+ kzfree(areq_ctx->gen_ctx.iv);
}
/* Release pool */
@@ -607,19 +608,27 @@ static int cc_aead_chain_iv(struct cc_drvdata *drvdata,
struct aead_req_ctx *areq_ctx = aead_request_ctx(req);
unsigned int hw_iv_size = areq_ctx->hw_iv_size;
struct device *dev = drvdata_to_dev(drvdata);
+ gfp_t flags = cc_gfp_flags(&req->base);
int rc = 0;
if (!req->iv) {
areq_ctx->gen_ctx.iv_dma_addr = 0;
+ areq_ctx->gen_ctx.iv = NULL;
goto chain_iv_exit;
}
- areq_ctx->gen_ctx.iv_dma_addr = dma_map_single(dev, req->iv,
- hw_iv_size,
- DMA_BIDIRECTIONAL);
+ areq_ctx->gen_ctx.iv = kmemdup(req->iv, hw_iv_size, flags);
+ if (!areq_ctx->gen_ctx.iv)
+ return -ENOMEM;
+
+ areq_ctx->gen_ctx.iv_dma_addr =
+ dma_map_single(dev, areq_ctx->gen_ctx.iv, hw_iv_size,
+ DMA_BIDIRECTIONAL);
if (dma_mapping_error(dev, areq_ctx->gen_ctx.iv_dma_addr)) {
dev_err(dev, "Mapping iv %u B at va=%pK for DMA failed\n",
hw_iv_size, req->iv);
+ kzfree(areq_ctx->gen_ctx.iv);
+ areq_ctx->gen_ctx.iv = NULL;
rc = -ENOMEM;
goto chain_iv_exit;
}
diff --git a/drivers/crypto/ccree/cc_driver.h b/drivers/crypto/ccree/cc_driver.h
index 935ae0ba75c0..cc403d705c9d 100644
--- a/drivers/crypto/ccree/cc_driver.h
+++ b/drivers/crypto/ccree/cc_driver.h
@@ -204,6 +204,7 @@ struct cc_alg_template {
struct async_gen_req_ctx {
dma_addr_t iv_dma_addr;
+ u8 *iv;
enum drv_crypto_direction op_type;
};
--
2.21.0
next prev parent reply other threads:[~2019-04-18 13:42 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-18 13:38 [PATCH 00/35] crypto: ccree: features and bug fixes for 5.2 Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 01/35] crypto: testmgr: add missing self test entries for protected keys Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 02/35] crypto: ccree: move key load desc. before flow desc Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 03/35] crypto: ccree: move MLLI desc. before key load Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 04/35] crypto: ccree: add support for sec disabled mode Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 05/35] crypto: ccree: add CPP completion handling Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 06/35] crypto: ccree: add remaining logic for CPP Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 07/35] crypto: ccree: add SM4 protected keys support Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 08/35] crypto: ccree: adapt CPP descriptor to new HW Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 09/35] crypto: ccree: read next IV from HW Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 10/35] crypto: ccree: add CID and PID support Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 11/35] crypto: ccree: fix backlog notifications Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 12/35] crypto: ccree: use proper callback completion api Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 13/35] crypto: ccree: remove special handling of chained sg Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 14/35] crypto: ccree: fix typo in debugfs error path Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 15/35] crypto: ccree: fix mem leak on " Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 16/35] crypto: ccree: use devm_kzalloc for device data Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 17/35] crypto: ccree: use std api when possible Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 18/35] crypto: ccree: copyright header update Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 19/35] crypto: ccree: zero out internal struct before use Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 20/35] crypto: ccree: do not copy zero size MLLI table Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 21/35] crypto: ccree: remove unused defines Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 22/35] crypto: ccree: simplify fragment ICV detection Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 23/35] crypto: ccree: simplify AEAD ICV addr calculation Gilad Ben-Yossef
2019-04-18 13:38 ` [PATCH 24/35] crypto: ccree: don't mangle the request assoclen Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 25/35] crypto: ccree: make AEAD sgl iterator well behaved Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 26/35] crypto: ccree: zap entire sg on aead request unmap Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 27/35] crypto: ccree: use correct internal state sizes for export Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 28/35] crypto: ccree: allow more AEAD assoc data fragments Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 29/35] crypto: ccree: don't map MAC key on stack Gilad Ben-Yossef
2019-04-18 13:39 ` Gilad Ben-Yossef [this message]
2019-04-18 13:39 ` [PATCH 31/35] crypto: ccree: pm resume first enable the source clk Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 32/35] crypto: ccree: remove cc7x3 obsoleted AXIM configs Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 33/35] crypto: ccree: HOST_POWER_DOWN_EN should be the last CC access during suspend Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 34/35] crypto: ccree: add function to handle cryptocell tee fips error Gilad Ben-Yossef
2019-04-18 13:39 ` [PATCH 35/35] crypto: ccree: handle tee fips error during power management resume Gilad Ben-Yossef
2019-04-21 8:52 ` [PATCH 00/35] crypto: ccree: features and bug fixes for 5.2 Gilad Ben-Yossef
2019-05-17 14:52 ` Greg KH
2019-05-18 7:36 ` Gilad Ben-Yossef
2019-05-19 8:28 ` Gilad Ben-Yossef
2019-05-20 9:30 ` Greg KH
2019-05-20 11:51 ` Gilad Ben-Yossef
2019-04-25 7:50 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190418133913.9122-31-gilad@benyossef.com \
--to=gilad@benyossef.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ofir.drang@arm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).