Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 766121a0 authored by Gilad Ben-Yossef's avatar Gilad Ben-Yossef Committed by Greg Kroah-Hartman
Browse files

crypto: ccree - don't map MAC key on stack 



commit 874e163759f27e0a9988c5d1f4605e3f25564fd2 upstream.

The MAC hash key might be passed to us on stack. Copy it to
a slab buffer before mapping to gurantee proper DMA mapping.

Signed-off-by: default avatarGilad Ben-Yossef <gilad@benyossef.com>
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 7560c0ad

drivers/crypto/ccree/cc_hash.c

+21 −3
Original line number Diff line number Diff line
@@ -64,6 +64,7 @@ struct cc_hash_alg { 
struct hash_key_req_ctx {

	u32 keylen;

	dma_addr_t key_dma_addr;

	u8 *key;

};



/* hash per-session context */
@@ -724,13 +725,20 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key, 
	ctx->key_params.keylen = keylen;

	ctx->key_params.key_dma_addr = 0;

	ctx->is_hmac = true;

	ctx->key_params.key = NULL;



	if (keylen) {

		ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);

		if (!ctx->key_params.key)

			return -ENOMEM;



		ctx->key_params.key_dma_addr =

			dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE);

			dma_map_single(dev, (void *)ctx->key_params.key, keylen,

				       DMA_TO_DEVICE);

		if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {

			dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",

				key, keylen);

				ctx->key_params.key, keylen);

			kzfree(ctx->key_params.key);

			return -ENOMEM;

		}

		dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
@@ -881,6 +889,9 @@ static int cc_hash_setkey(struct crypto_ahash *ahash, const u8 *key, 
		dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",

			&ctx->key_params.key_dma_addr, ctx->key_params.keylen);

	}



	kzfree(ctx->key_params.key);



	return rc;

}
@@ -907,11 +918,16 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash, 


	ctx->key_params.keylen = keylen;



	ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);

	if (!ctx->key_params.key)

		return -ENOMEM;



	ctx->key_params.key_dma_addr =

		dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE);

		dma_map_single(dev, ctx->key_params.key, keylen, DMA_TO_DEVICE);

	if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {

		dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",

			key, keylen);

		kzfree(ctx->key_params.key);

		return -ENOMEM;

	}

	dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
@@ -963,6 +979,8 @@ static int cc_xcbc_setkey(struct crypto_ahash *ahash, 
	dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",

		&ctx->key_params.key_dma_addr, ctx->key_params.keylen);



	kzfree(ctx->key_params.key);



	return rc;

}