From patchwork Thu Apr 18 13:39:05 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gilad Ben-Yossef X-Patchwork-Id: 162496 Delivered-To: patch@linaro.org Received: by 2002:a02:c6d8:0:0:0:0:0 with SMTP id r24csp762865jan; Thu, 18 Apr 2019 06:42:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqwYDtIUTWimRrvMEoTPeFBMiSLbRrO52MlQfLg1udcCwHbU8KgzpVlH00GtQ/g1NfbtcS6H X-Received: by 2002:a17:902:7b87:: with SMTP id w7mr19959227pll.247.1555594936534; Thu, 18 Apr 2019 06:42:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555594936; cv=none; d=google.com; s=arc-20160816; b=rmcyOvo2B/c8FmKZXIMKRR9fw39ggW3T5ips5Ty2ENmKx6SXUkUQ1ctEVvbeDFEpUk 9sFeIIvE9IN6diIw0hEF8x+bt8/l9w8F8BBjvosgbnHiFy/tGa2A7EPu6w8kHUbdp6K0 Gw2E511ETeE4LWJniRcDwk8fJTXJIBD1aXZjuc58GNzwtJAF6oxLws/PutZU1JXtexKJ FggZRecXooiYfvhAw55F9UDFHkBy4MGSdVuWq2+GolgWBQwrnZ9o7eoAMnoEOZxhkSRi aro6+Fk5jHmQ2nPA8cwtVfs+KtL2QHGdwGEHolJw7oPGe/2lBnD+/nSmiR5uGZrAY4iK G56w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=zXnaTTGm1OZOQTPiYaMqwsZR0OzXJpcUaj3nEn9FcYk=; b=Sd1yTyx9lbGBk7xx7AzkNBKP2+nZrqU5xU3bRPifSPVNuK9wr0XEWrdD/c5LInmBgf Zrotiv8z5suc2XPIuHqzWFZLV8uzDLRFuoJSCueXMk3k/ta09cs/ra3WHAiNe9UDiyRB fHTbxX0q6b6b7lFaAw2EcmYaEIp63FKzVwuVR6a5Fnzjgc+5FJaOwhKB94YmV9KMHwjh AO/LJVtgxNCIwdjZ2A8AaHu3FoqDFu3LZbOjRBbjFXaJhjHvFUe5kbhMgKcpNthetgl2 cwpIxxdRGSbSsWBPcViBcSUw0Mg3mGZIHF6N09YmylP8L5fZJP+QuRKZ0XFpbPKz2TpJ dA7Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f1si1883362pgq.4.2019.04.18.06.42.16; Thu, 18 Apr 2019 06:42:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389296AbfDRNmP (ORCPT + 30 others); Thu, 18 Apr 2019 09:42:15 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:33762 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389270AbfDRNmN (ORCPT ); Thu, 18 Apr 2019 09:42:13 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 74BC11688; Thu, 18 Apr 2019 06:42:12 -0700 (PDT) Received: from e110176-lin.kfn.arm.com (e110176-lin.kfn.arm.com [10.50.4.178]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CCFA43F5AF; Thu, 18 Apr 2019 06:42:10 -0700 (PDT) From: Gilad Ben-Yossef To: Herbert Xu , "David S. Miller" Cc: Ofir Drang , stable@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 30/35] crypto: ccree: don't map AEAD key and IV on stack Date: Thu, 18 Apr 2019 16:39:05 +0300 Message-Id: <20190418133913.9122-31-gilad@benyossef.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190418133913.9122-1-gilad@benyossef.com> References: <20190418133913.9122-1-gilad@benyossef.com> MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The AEAD authenc key and IVs might be passed to us on stack. Copy it to a slab buffer before mapping to gurantee proper DMA mapping. Signed-off-by: Gilad Ben-Yossef Cc: stable@vger.kernel.org # v4.19+ --- drivers/crypto/ccree/cc_aead.c | 11 ++++++++++- drivers/crypto/ccree/cc_buffer_mgr.c | 15 ++++++++++++--- drivers/crypto/ccree/cc_driver.h | 1 + 3 files changed, 23 insertions(+), 4 deletions(-) -- 2.21.0 diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c index 7447fd0ff48e..ca44a227b211 100644 --- a/drivers/crypto/ccree/cc_aead.c +++ b/drivers/crypto/ccree/cc_aead.c @@ -424,7 +424,7 @@ static int validate_keys_sizes(struct cc_aead_ctx *ctx) /* This function prepers the user key so it can pass to the hmac processing * (copy to intenral buffer or hash in case of key longer than block */ -static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *key, +static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *authkey, unsigned int keylen) { dma_addr_t key_dma_addr = 0; @@ -437,6 +437,7 @@ static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *key, unsigned int hashmode; unsigned int idx = 0; int rc = 0; + u8 *key = NULL; struct cc_hw_desc desc[MAX_AEAD_SETKEY_SEQ]; dma_addr_t padded_authkey_dma_addr = ctx->auth_state.hmac.padded_authkey_dma_addr; @@ -455,11 +456,17 @@ static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *key, } if (keylen != 0) { + + key = kmemdup(authkey, keylen, GFP_KERNEL); + if (!key) + return -ENOMEM; + key_dma_addr = dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE); if (dma_mapping_error(dev, key_dma_addr)) { dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n", key, keylen); + kzfree(key); return -ENOMEM; } if (keylen > blocksize) { @@ -542,6 +549,8 @@ static int cc_get_plain_hmac_key(struct crypto_aead *tfm, const u8 *key, if (key_dma_addr) dma_unmap_single(dev, key_dma_addr, keylen, DMA_TO_DEVICE); + kzfree(key); + return rc; } diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c index 09dceec7d828..c81ad33f9115 100644 --- a/drivers/crypto/ccree/cc_buffer_mgr.c +++ b/drivers/crypto/ccree/cc_buffer_mgr.c @@ -557,6 +557,7 @@ void cc_unmap_aead_request(struct device *dev, struct aead_request *req) if (areq_ctx->gen_ctx.iv_dma_addr) { dma_unmap_single(dev, areq_ctx->gen_ctx.iv_dma_addr, hw_iv_size, DMA_BIDIRECTIONAL); + kzfree(areq_ctx->gen_ctx.iv); } /* Release pool */ @@ -607,19 +608,27 @@ static int cc_aead_chain_iv(struct cc_drvdata *drvdata, struct aead_req_ctx *areq_ctx = aead_request_ctx(req); unsigned int hw_iv_size = areq_ctx->hw_iv_size; struct device *dev = drvdata_to_dev(drvdata); + gfp_t flags = cc_gfp_flags(&req->base); int rc = 0; if (!req->iv) { areq_ctx->gen_ctx.iv_dma_addr = 0; + areq_ctx->gen_ctx.iv = NULL; goto chain_iv_exit; } - areq_ctx->gen_ctx.iv_dma_addr = dma_map_single(dev, req->iv, - hw_iv_size, - DMA_BIDIRECTIONAL); + areq_ctx->gen_ctx.iv = kmemdup(req->iv, hw_iv_size, flags); + if (!areq_ctx->gen_ctx.iv) + return -ENOMEM; + + areq_ctx->gen_ctx.iv_dma_addr = + dma_map_single(dev, areq_ctx->gen_ctx.iv, hw_iv_size, + DMA_BIDIRECTIONAL); if (dma_mapping_error(dev, areq_ctx->gen_ctx.iv_dma_addr)) { dev_err(dev, "Mapping iv %u B at va=%pK for DMA failed\n", hw_iv_size, req->iv); + kzfree(areq_ctx->gen_ctx.iv); + areq_ctx->gen_ctx.iv = NULL; rc = -ENOMEM; goto chain_iv_exit; } diff --git a/drivers/crypto/ccree/cc_driver.h b/drivers/crypto/ccree/cc_driver.h index 935ae0ba75c0..cc403d705c9d 100644 --- a/drivers/crypto/ccree/cc_driver.h +++ b/drivers/crypto/ccree/cc_driver.h @@ -204,6 +204,7 @@ struct cc_alg_template { struct async_gen_req_ctx { dma_addr_t iv_dma_addr; + u8 *iv; enum drv_crypto_direction op_type; };