1 From 874e163759f27e0a9988c5d1f4605e3f25564fd2 Mon Sep 17 00:00:00 2001
2 From: Gilad Ben-Yossef <gilad@benyossef.com>
3 Date: Thu, 18 Apr 2019 16:39:04 +0300
4 Subject: crypto: ccree - don't map MAC key on stack
6 From: Gilad Ben-Yossef <gilad@benyossef.com>
8 commit 874e163759f27e0a9988c5d1f4605e3f25564fd2 upstream.
10 The MAC hash key might be passed to us on stack. Copy it to
11 a slab buffer before mapping to gurantee proper DMA mapping.
13 Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
14 Cc: stable@vger.kernel.org # v4.19+
15 Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
16 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
19 drivers/crypto/ccree/cc_hash.c | 24 +++++++++++++++++++++---
20 1 file changed, 21 insertions(+), 3 deletions(-)
22 --- a/drivers/crypto/ccree/cc_hash.c
23 +++ b/drivers/crypto/ccree/cc_hash.c
24 @@ -64,6 +64,7 @@ struct cc_hash_alg {
25 struct hash_key_req_ctx {
27 dma_addr_t key_dma_addr;
31 /* hash per-session context */
32 @@ -724,13 +725,20 @@ static int cc_hash_setkey(struct crypto_
33 ctx->key_params.keylen = keylen;
34 ctx->key_params.key_dma_addr = 0;
36 + ctx->key_params.key = NULL;
39 + ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);
40 + if (!ctx->key_params.key)
43 ctx->key_params.key_dma_addr =
44 - dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE);
45 + dma_map_single(dev, (void *)ctx->key_params.key, keylen,
47 if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
48 dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
50 + ctx->key_params.key, keylen);
51 + kzfree(ctx->key_params.key);
54 dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
55 @@ -881,6 +889,9 @@ out:
56 dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",
57 &ctx->key_params.key_dma_addr, ctx->key_params.keylen);
60 + kzfree(ctx->key_params.key);
65 @@ -907,11 +918,16 @@ static int cc_xcbc_setkey(struct crypto_
67 ctx->key_params.keylen = keylen;
69 + ctx->key_params.key = kmemdup(key, keylen, GFP_KERNEL);
70 + if (!ctx->key_params.key)
73 ctx->key_params.key_dma_addr =
74 - dma_map_single(dev, (void *)key, keylen, DMA_TO_DEVICE);
75 + dma_map_single(dev, ctx->key_params.key, keylen, DMA_TO_DEVICE);
76 if (dma_mapping_error(dev, ctx->key_params.key_dma_addr)) {
77 dev_err(dev, "Mapping key va=0x%p len=%u for DMA failed\n",
79 + kzfree(ctx->key_params.key);
82 dev_dbg(dev, "mapping key-buffer: key_dma_addr=%pad keylen=%u\n",
83 @@ -963,6 +979,8 @@ static int cc_xcbc_setkey(struct crypto_
84 dev_dbg(dev, "Unmapped key-buffer: key_dma_addr=%pad keylen=%u\n",
85 &ctx->key_params.key_dma_addr, ctx->key_params.keylen);
87 + kzfree(ctx->key_params.key);