releases/4.19.45/crypto-ccree-don-t-map-mac-key-on-stack.patch

   1 From 874e163759f27e0a9988c5d1f4605e3f25564fd2 Mon Sep 17 00:00:00 2001
   2 From: Gilad Ben-Yossef <gilad@benyossef.com>
   3 Date: Thu, 18 Apr 2019 16:39:04 +0300
   4 Subject: crypto: ccree - don't map MAC key on stack
   5
   6 From: Gilad Ben-Yossef <gilad@benyossef.com>
   7
   8 commit 874e163759f27e0a9988c5d1f4605e3f25564fd2 upstream.
   9
  10 The MAC hash key might be passed to us on stack. Copy it to
  11 a slab buffer before mapping to gurantee proper DMA mapping.
  12
  13 Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
  14 Cc: stable@vger.kernel.org # v4.19+
  15 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  16 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  17
  18 ---
  19  drivers/crypto/ccree/cc_hash.c |   24 +++++++++++++++++++++---
  20  1 file changed, 21 insertions(+), 3 deletions(-)
  21
  22 --- a/drivers/crypto/ccree/cc_hash.c
  23 +++ b/drivers/crypto/ccree/cc_hash.c
  24 @@ -64,6 +64,7 @@ struct cc_hash_alg {
  25  struct hash_key_req_ctx {
  26         u32 keylen;
  27         dma_addr_t key_dma_addr;
  28 +       u8 *key;
  29  };
  30
  31  /* hash per-session context */
  32 @@ -724,13 +725,20 @@ static int cc_hash_setkey(struct crypto_
  33         ctx->key_params.keylen = keylen;
  34         ctx->key_params.key_dma_addr = 0;
  35         ctx->is_hmac = true;
  36 +       ctx->key_params.key = NULL;
  37
  38         if (keylen) {
  39 +               ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);
  40 +               if (!ctx->key_params.key)
  41 +                       return -ENOMEM;
  42 +
  43                 ctx->key_params.key_dma_addr =
  44 -                       dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE);
  45 +                       dma_map_single(dev, (void *)ctx->key_params.key, keylen,
  46 +                                      DMA_TO_DEVICE);
  47                 if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
  48                         dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
  49 -                               key, keylen);
  50 +                               ctx->key_params.key, keylen);
  51 +                       kzfree(ctx->key_params.key);
  52                         return -ENOMEM;
  53                 }
  54                 dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
  55 @@ -881,6 +889,9 @@ out:
  56                 dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",
  57                         &ctx->key_params.key_dma_addr, ctx->key_params.keylen);
  58         }
  59 +
  60 +       kzfree(ctx->key_params.key);
  61 +
  62         return rc;
  63  }
  64
  65 @@ -907,11 +918,16 @@ static int cc_xcbc_setkey(struct crypto_
  66
  67         ctx->key_params.keylen = keylen;
  68
  69 +       ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);
  70 +       if (!ctx->key_params.key)
  71 +               return -ENOMEM;
  72 +
  73         ctx->key_params.key_dma_addr =
  74 -               dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE);
  75 +               dma_map_single(dev, ctx->key_params.key, keylen, DMA_TO_DEVICE);
  76         if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
  77                 dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
  78                         key, keylen);
  79 +               kzfree(ctx->key_params.key);
  80                 return -ENOMEM;
  81         }
  82         dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
  83 @@ -963,6 +979,8 @@ static int cc_xcbc_setkey(struct crypto_
  84         dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",
  85                 &ctx->key_params.key_dma_addr, ctx->key_params.keylen);
  86
  87 +       kzfree(ctx->key_params.key);
  88 +
  89         return rc;
  90  }
  91