Commit 5b41051c authored by Gilad Ben-Yossef's avatar Gilad Ben-Yossef Committed by Greg Kroah-Hartman

crypto: ccree - don't map MAC key on stack

commit 874e1637 upstream.

The MAC hash key might be passed to us on stack. Copy it to
a slab buffer before mapping to gurantee proper DMA mapping.
Signed-off-by: default avatarGilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 297a5966
...@@ -69,6 +69,7 @@ struct cc_hash_alg { ...@@ -69,6 +69,7 @@ struct cc_hash_alg {
struct hash_key_req_ctx { struct hash_key_req_ctx {
u32 keylen; u32 keylen;
dma_addr_t key_dma_addr; dma_addr_t key_dma_addr;
u8 *key;
}; };
/* hash per-session context */ /* hash per-session context */
...@@ -730,13 +731,20 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key, ...@@ -730,13 +731,20 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key,
ctx->key_params.keylen = keylen; ctx->key_params.keylen = keylen;
ctx->key_params.key_dma_addr = 0; ctx->key_params.key_dma_addr = 0;
ctx->is_hmac = true; ctx->is_hmac = true;
ctx->key_params.key = NULL;
if (keylen) { if (keylen) {
ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);
if (!ctx->key_params.key)
return -ENOMEM;
ctx->key_params.key_dma_addr = ctx->key_params.key_dma_addr =
dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE); dma_map_single(dev, (void *)ctx->key_params.key, keylen,
DMA_TO_DEVICE);
if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) { if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n", dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
key, keylen); ctx->key_params.key, keylen);
kzfree(ctx->key_params.key);
return -ENOMEM; return -ENOMEM;
} }
dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n", dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
...@@ -887,6 +895,9 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key, ...@@ -887,6 +895,9 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key,
dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n", dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",
&ctx->key_params.key_dma_addr, ctx->key_params.keylen); &ctx->key_params.key_dma_addr, ctx->key_params.keylen);
} }
kzfree(ctx->key_params.key);
return rc; return rc;
} }
...@@ -913,11 +924,16 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash, ...@@ -913,11 +924,16 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash,
ctx->key_params.keylen = keylen; ctx->key_params.keylen = keylen;
ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);
if (!ctx->key_params.key)
return -ENOMEM;
ctx->key_params.key_dma_addr = ctx->key_params.key_dma_addr =
dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE); dma_map_single(dev, ctx->key_params.key, keylen, DMA_TO_DEVICE);
if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) { if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n", dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
key, keylen); key, keylen);
kzfree(ctx->key_params.key);
return -ENOMEM; return -ENOMEM;
} }
dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n", dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
...@@ -969,6 +985,8 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash, ...@@ -969,6 +985,8 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash,
dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n", dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",
&ctx->key_params.key_dma_addr, ctx->key_params.keylen); &ctx->key_params.key_dma_addr, ctx->key_params.keylen);
kzfree(ctx->key_params.key);
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment