• Wenwen Wang's avatar
    crypto: cavium/nitrox - fix a DMA pool free failure · cf3168c5
    Wenwen Wang authored
    commit 7172122b upstream.
    
    In crypto_alloc_context(), a DMA pool is allocated through dma_pool_alloc()
    to hold the crypto context. The meta data of the DMA pool, including the
    pool used for the allocation 'ndev->ctx_pool' and the base address of the
    DMA pool used by the device 'dma', are then stored to the beginning of the
    pool. These meta data are eventually used in crypto_free_context() to free
    the DMA pool through dma_pool_free(). However, given that the DMA pool can
    also be accessed by the device, a malicious device can modify these meta
    data, especially when the device is controlled to deploy an attack. This
    can cause an unexpected DMA pool free failure.
    
    To avoid the above issue, this patch introduces a new structure
    crypto_ctx_hdr and a new field chdr in the structure nitrox_crypto_ctx hold
    the meta data information of the DMA pool after the allocation. Note that
    the original structure ctx_hdr is not changed to ensure the compatibility.
    
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarWenwen Wang <wang6495@umn.edu>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    cf3168c5
nitrox_req.h 10 KB