Commit 874e1637 authored by Gilad Ben-Yossef's avatar Gilad Ben-Yossef Committed by Herbert Xu
Browse files

crypto: ccree - don't map MAC key on stack 



The MAC hash key might be passed to us on stack. Copy it to
a slab buffer before mapping to gurantee proper DMA mapping.

Signed-off-by: default avatarGilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 18dd574a

drivers/crypto/ccree/cc_hash.c

+21 −3
Original line number Diff line number Diff line
@@ -69,6 +69,7 @@ struct cc_hash_alg { 
struct hash_key_req_ctx {

	u32 keylen;

	dma_addr_t key_dma_addr;

	u8 *key;

};



/* hash per-session context */
@@ -742,13 +743,20 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key, 
	ctx->key_params.keylen = keylen;

	ctx->key_params.key_dma_addr = 0;

	ctx->is_hmac = true;

	ctx->key_params.key = NULL;



	if (keylen) {

		ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);

		if (!ctx->key_params.key)

			return -ENOMEM;



		ctx->key_params.key_dma_addr =

			dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE);

			dma_map_single(dev, (void *)ctx->key_params.key, keylen,

				       DMA_TO_DEVICE);

		if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {

			dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",

				key, keylen);

				ctx->key_params.key, keylen);

			kzfree(ctx->key_params.key);

			return -ENOMEM;

		}

		dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
@@ -899,6 +907,9 @@ out: 
		dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",

			&ctx->key_params.key_dma_addr, ctx->key_params.keylen);

	}



	kzfree(ctx->key_params.key);



	return rc;

}
@@ -925,11 +936,16 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash, 


	ctx->key_params.keylen = keylen;



	ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);

	if (!ctx->key_params.key)

		return -ENOMEM;



	ctx->key_params.key_dma_addr =

		dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE);

		dma_map_single(dev, ctx->key_params.key, keylen, DMA_TO_DEVICE);

	if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {

		dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",

			key, keylen);

		kzfree(ctx->key_params.key);

		return -ENOMEM;

	}

	dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
@@ -981,6 +997,8 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash, 
	dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",

		&ctx->key_params.key_dma_addr, ctx->key_params.keylen);



	kzfree(ctx->key_params.key);



	return rc;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE