crypto: qcedev: Fix out of memory issue (03ed3a78) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/crypto/msm/qcedev.c

+93 −50

Original line number	Diff line number	Diff line
		@@ -1681,12 +1681,15 @@ static inline long qcedev_ioctl(struct file *file,
		if (podev == NULL \|\| podev->magic != QCEDEV_MAGIC) {
		pr_err("%s: invalid handle %pK\n",
		__func__, podev);
		return -ENOENT;
		err = -ENOENT;
		goto exit_free_qcedev_areq;
		}

		/* Verify user arguments. */
		if (_IOC_TYPE(cmd) != QCEDEV_IOC_MAGIC)
		return -ENOTTY;
		if (_IOC_TYPE(cmd) != QCEDEV_IOC_MAGIC) {
		err = -ENOTTY;
		goto exit_free_qcedev_areq;
		}

		init_completion(&qcedev_areq->complete);
		pstat = &_qcedev_stat;
		@@ -1696,21 +1699,27 @@ static inline long qcedev_ioctl(struct file *file,
		case QCEDEV_IOCTL_DEC_REQ:
		if (copy_from_user(&qcedev_areq->cipher_op_req,
		(void __user *)arg,
		sizeof(struct qcedev_cipher_op_req)))
		return -EFAULT;
		sizeof(struct qcedev_cipher_op_req))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		qcedev_areq->op_type = QCEDEV_CRYPTO_OPER_CIPHER;

		if (qcedev_check_cipher_params(&qcedev_areq->cipher_op_req,
		podev))
		return -EINVAL;
		podev)) {
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}

		err = qcedev_vbuf_ablk_cipher(qcedev_areq, handle);
		if (err)
		return err;
		goto exit_free_qcedev_areq;
		if (copy_to_user((void __user *)arg,
		&qcedev_areq->cipher_op_req,
		sizeof(struct qcedev_cipher_op_req)))
		return -EFAULT;
		sizeof(struct qcedev_cipher_op_req))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		break;

		case QCEDEV_IOCTL_SHA_INIT_REQ:
		@@ -1719,41 +1728,51 @@ static inline long qcedev_ioctl(struct file *file,

		if (copy_from_user(&qcedev_areq->sha_op_req,
		(void __user *)arg,
		sizeof(struct qcedev_sha_op_req)))
		return -EFAULT;
		sizeof(struct qcedev_sha_op_req))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		mutex_lock(&hash_access_lock);
		if (qcedev_check_sha_params(&qcedev_areq->sha_op_req, podev)) {
		mutex_unlock(&hash_access_lock);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		qcedev_areq->op_type = QCEDEV_CRYPTO_OPER_SHA;
		err = qcedev_hash_init(qcedev_areq, handle, &sg_src);
		if (err) {
		mutex_unlock(&hash_access_lock);
		return err;
		goto exit_free_qcedev_areq;
		}
		mutex_unlock(&hash_access_lock);
		if (copy_to_user((void __user *)arg, &qcedev_areq->sha_op_req,
		sizeof(struct qcedev_sha_op_req)))
		return -EFAULT;
		sizeof(struct qcedev_sha_op_req))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		handle->sha_ctxt.init_done = true;
		}
		break;
		case QCEDEV_IOCTL_GET_CMAC_REQ:
		if (!podev->ce_support.cmac)
		return -ENOTTY;
		if (!podev->ce_support.cmac) {
		err = -ENOTTY;
		goto exit_free_qcedev_areq;
		}
		case QCEDEV_IOCTL_SHA_UPDATE_REQ:
		{
		struct scatterlist sg_src;

		if (copy_from_user(&qcedev_areq->sha_op_req,
		(void __user *)arg,
		sizeof(struct qcedev_sha_op_req)))
		return -EFAULT;
		sizeof(struct qcedev_sha_op_req))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		mutex_lock(&hash_access_lock);
		if (qcedev_check_sha_params(&qcedev_areq->sha_op_req, podev)) {
		mutex_unlock(&hash_access_lock);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		qcedev_areq->op_type = QCEDEV_CRYPTO_OPER_SHA;

		@@ -1761,18 +1780,19 @@ static inline long qcedev_ioctl(struct file *file,
		err = qcedev_hash_cmac(qcedev_areq, handle, &sg_src);
		if (err) {
		mutex_unlock(&hash_access_lock);
		return err;
		goto exit_free_qcedev_areq;
		}
		} else {
		if (handle->sha_ctxt.init_done == false) {
		pr_err("%s Init was not called\n", __func__);
		mutex_unlock(&hash_access_lock);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		err = qcedev_hash_update(qcedev_areq, handle, &sg_src);
		if (err) {
		mutex_unlock(&hash_access_lock);
		return err;
		goto exit_free_qcedev_areq;
		}
		}

		@@ -1780,7 +1800,8 @@ static inline long qcedev_ioctl(struct file *file,
		pr_err("Invalid sha_ctxt.diglen %d\n",
		handle->sha_ctxt.diglen);
		mutex_unlock(&hash_access_lock);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		memcpy(&qcedev_areq->sha_op_req.digest[0],
		&handle->sha_ctxt.digest[0],
		@@ -1788,7 +1809,8 @@ static inline long qcedev_ioctl(struct file *file,
		mutex_unlock(&hash_access_lock);
		if (copy_to_user((void __user *)arg, &qcedev_areq->sha_op_req,
		sizeof(struct qcedev_sha_op_req)))
		return -EFAULT;
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		break;

		@@ -1796,28 +1818,33 @@ static inline long qcedev_ioctl(struct file *file,

		if (handle->sha_ctxt.init_done == false) {
		pr_err("%s Init was not called\n", __func__);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		if (copy_from_user(&qcedev_areq->sha_op_req,
		(void __user *)arg,
		sizeof(struct qcedev_sha_op_req)))
		return -EFAULT;
		sizeof(struct qcedev_sha_op_req))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		mutex_lock(&hash_access_lock);
		if (qcedev_check_sha_params(&qcedev_areq->sha_op_req, podev)) {
		mutex_unlock(&hash_access_lock);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		qcedev_areq->op_type = QCEDEV_CRYPTO_OPER_SHA;
		err = qcedev_hash_final(qcedev_areq, handle);
		if (err) {
		mutex_unlock(&hash_access_lock);
		return err;
		goto exit_free_qcedev_areq;
		}
		if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {
		pr_err("Invalid sha_ctxt.diglen %d\n",
		handle->sha_ctxt.diglen);
		mutex_unlock(&hash_access_lock);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		qcedev_areq->sha_op_req.diglen = handle->sha_ctxt.diglen;
		memcpy(&qcedev_areq->sha_op_req.digest[0],
		@@ -1825,8 +1852,10 @@ static inline long qcedev_ioctl(struct file *file,
		handle->sha_ctxt.diglen);
		mutex_unlock(&hash_access_lock);
		if (copy_to_user((void __user *)arg, &qcedev_areq->sha_op_req,
		sizeof(struct qcedev_sha_op_req)))
		return -EFAULT;
		sizeof(struct qcedev_sha_op_req))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		handle->sha_ctxt.init_done = false;
		break;

		@@ -1836,30 +1865,34 @@ static inline long qcedev_ioctl(struct file *file,

		if (copy_from_user(&qcedev_areq->sha_op_req,
		(void __user *)arg,
		sizeof(struct qcedev_sha_op_req)))
		return -EFAULT;
		sizeof(struct qcedev_sha_op_req))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		mutex_lock(&hash_access_lock);
		if (qcedev_check_sha_params(&qcedev_areq->sha_op_req, podev)) {
		mutex_unlock(&hash_access_lock);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		qcedev_areq->op_type = QCEDEV_CRYPTO_OPER_SHA;
		qcedev_hash_init(qcedev_areq, handle, &sg_src);
		err = qcedev_hash_update(qcedev_areq, handle, &sg_src);
		if (err) {
		mutex_unlock(&hash_access_lock);
		return err;
		goto exit_free_qcedev_areq;
		}
		err = qcedev_hash_final(qcedev_areq, handle);
		if (err) {
		mutex_unlock(&hash_access_lock);
		return err;
		goto exit_free_qcedev_areq;
		}
		if (handle->sha_ctxt.diglen > QCEDEV_MAX_SHA_DIGEST) {
		pr_err("Invalid sha_ctxt.diglen %d\n",
		handle->sha_ctxt.diglen);
		mutex_unlock(&hash_access_lock);
		return -EINVAL;
		err = -EINVAL;
		goto exit_free_qcedev_areq;
		}
		qcedev_areq->sha_op_req.diglen = handle->sha_ctxt.diglen;
		memcpy(&qcedev_areq->sha_op_req.digest[0],
		@@ -1868,7 +1901,8 @@ static inline long qcedev_ioctl(struct file *file,
		mutex_unlock(&hash_access_lock);
		if (copy_to_user((void __user *)arg, &qcedev_areq->sha_op_req,
		sizeof(struct qcedev_sha_op_req)))
		return -EFAULT;
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		break;

		@@ -1879,8 +1913,10 @@ static inline long qcedev_ioctl(struct file *file,
		int i = 0;

		if (copy_from_user(&map_buf,
		(void __user *)arg, sizeof(map_buf)))
		return -EFAULT;
		(void __user *)arg, sizeof(map_buf))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}

		for (i = 0; i < map_buf.num_fds; i++) {
		err = qcedev_check_and_map_buffer(handle,
		@@ -1892,7 +1928,7 @@ static inline long qcedev_ioctl(struct file *file,
		pr_err(
		"%s: err: failed to map fd(%d) - %d\n",
		__func__, map_buf.fd[i], err);
		return err;
		goto exit_free_qcedev_areq;
		}
		map_buf.buf_vaddr[i] = vaddr;
		pr_info("%s: info: vaddr = %llx\n",
		@@ -1900,8 +1936,10 @@ static inline long qcedev_ioctl(struct file *file,
		}

		if (copy_to_user((void __user *)arg, &map_buf,
		sizeof(map_buf)))
		return -EFAULT;
		sizeof(map_buf))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}
		break;
		}

		@@ -1911,8 +1949,10 @@ static inline long qcedev_ioctl(struct file *file,
		int i = 0;

		if (copy_from_user(&unmap_buf,
		(void __user *)arg, sizeof(unmap_buf)))
		return -EFAULT;
		(void __user *)arg, sizeof(unmap_buf))) {
		err = -EFAULT;
		goto exit_free_qcedev_areq;
		}

		for (i = 0; i < unmap_buf.num_fds; i++) {
		err = qcedev_check_and_unmap_buffer(handle,
		@@ -1922,16 +1962,19 @@ static inline long qcedev_ioctl(struct file *file,
		"%s: err: failed to unmap fd(%d) - %d\n",
		__func__,
		unmap_buf.fd[i], err);
		return err;
		goto exit_free_qcedev_areq;
		}
		}
		break;
		}

		default:
		return -ENOTTY;
		err = -ENOTTY;
		goto exit_free_qcedev_areq;
		}

		exit_free_qcedev_areq:
		kfree(qcedev_areq);
		return err;
		}