4.14-stable patches

added patches:
	crypto-ccp-fix-resource-leaks-in-ccp_run_aes_gcm_cmd.patch

diff --git a/queue-4.14/crypto-ccp-fix-resource-leaks-in-ccp_run_aes_gcm_cmd.patch b/queue-4.14/crypto-ccp-fix-resource-leaks-in-ccp_run_aes_gcm_cmd.patch
new file mode 100644 (file)
index 0000000..b4db429
--- /dev/null
+++ b/queue-4.14/crypto-ccp-fix-resource-leaks-in-ccp_run_aes_gcm_cmd.patch
@@ -0,0 +1,76 @@
+From 505d9dcb0f7ddf9d075e729523a33d38642ae680 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 26 Aug 2021 16:04:27 +0300
+Subject: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 505d9dcb0f7ddf9d075e729523a33d38642ae680 upstream.
+
+There are three bugs in this code:
+
+1) If we ccp_init_data() fails for &src then we need to free aad.
+   Use goto e_aad instead of goto e_ctx.
+2) The label to free the &final_wa was named incorrectly as "e_tag" but
+   it should have been "e_final_wa".  One error path leaked &final_wa.
+3) The &tag was leaked on one error path.  In that case, I added a free
+   before the goto because the resource was local to that block.
+
+Fixes: 36cf515b9bbe ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
+Reported-by: "minihanshen(沈明航)" <minihanshen@tencent.com>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: John Allen <john.allen@amd.com>
+Tested-by: John Allen <john.allen@amd.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/ccp/ccp-ops.c |   14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+--- a/drivers/crypto/ccp/ccp-ops.c
++++ b/drivers/crypto/ccp/ccp-ops.c
+@@ -783,7 +783,7 @@ ccp_run_aes_gcm_cmd(struct ccp_cmd_queue
+                                   in_place ? DMA_BIDIRECTIONAL
+                                            : DMA_TO_DEVICE);
+               if (ret)
+-                      goto e_ctx;
++                      goto e_aad;
+ 
+               if (in_place) {
+                       dst = src;
+@@ -868,7 +868,7 @@ ccp_run_aes_gcm_cmd(struct ccp_cmd_queue
+       op.u.aes.size = 0;
+       ret = cmd_q->ccp->vdata->perform->aes(&op);
+       if (ret)
+-              goto e_dst;
++              goto e_final_wa;
+ 
+       if (aes->action == CCP_AES_ACTION_ENCRYPT) {
+               /* Put the ciphered tag after the ciphertext. */
+@@ -878,17 +878,19 @@ ccp_run_aes_gcm_cmd(struct ccp_cmd_queue
+               ret = ccp_init_dm_workarea(&tag, cmd_q, authsize,
+                                          DMA_BIDIRECTIONAL);
+               if (ret)
+-                      goto e_tag;
++                      goto e_final_wa;
+               ret = ccp_set_dm_area(&tag, 0, p_tag, 0, authsize);
+-              if (ret)
+-                      goto e_tag;
++              if (ret) {
++                      ccp_dm_free(&tag);
++                      goto e_final_wa;
++              }
+ 
+               ret = crypto_memneq(tag.address, final_wa.address,
+                                   authsize) ? -EBADMSG : 0;
+               ccp_dm_free(&tag);
+       }
+ 
+-e_tag:
++e_final_wa:
+       ccp_dm_free(&final_wa);
+ 
+ e_dst:

diff --git a/queue-4.14/series b/queue-4.14/series
index 03afdb681cdc312c7a4363b9edfda9ed89adf030..892d0c62ea12466c228a0277c35ac2cfc80d8546 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -68,3 +68,4 @@ arm64-extend-workaround-for-erratum-1024718-to-all-versions-of-cortex-a55.patch
 hso-fix-bailout-in-error-case-of-probe.patch
 usb-hso-fix-error-handling-code-of-hso_create_net_device.patch
 usb-hso-remove-the-bailout-parameter.patch
+crypto-ccp-fix-resource-leaks-in-ccp_run_aes_gcm_cmd.patch