From: Dan Carpenter Date: Wed, 14 Aug 2024 21:11:51 +0000 (+0300) Subject: crypto: spacc - Fix bounds checking on spacc->job[] X-Git-Tag: v6.12-rc1~231^2~54 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b63483b37e813299445d2719488acab2b3f20544;p=thirdparty%2Fkernel%2Flinux.git crypto: spacc - Fix bounds checking on spacc->job[] This bounds checking is off by one. The > should be >=. The spacc->job[] array is allocated in spacc_init() and it has SPACC_MAX_JOBS elements. Fixes: 8ebb14deef0f ("crypto: spacc - Enable SPAcc AUTODETECT") Fixes: c8981d9230d8 ("crypto: spacc - Add SPAcc Skcipher support") Signed-off-by: Dan Carpenter Signed-off-by: Herbert Xu --- diff --git a/drivers/crypto/dwc-spacc/spacc_core.c b/drivers/crypto/dwc-spacc/spacc_core.c index 9bc49de06bb2b..e3380528e82b8 100644 --- a/drivers/crypto/dwc-spacc/spacc_core.c +++ b/drivers/crypto/dwc-spacc/spacc_core.c @@ -1024,7 +1024,7 @@ int spacc_set_operation(struct spacc_device *spacc, int handle, int op, int ret = CRYPTO_OK; struct spacc_job *job = NULL; - if (handle < 0 || handle > SPACC_MAX_JOBS) + if (handle < 0 || handle >= SPACC_MAX_JOBS) return -ENXIO; job = &spacc->job[handle]; @@ -1105,7 +1105,7 @@ int spacc_packet_enqueue_ddt_ex(struct spacc_device *spacc, int use_jb, struct spacc_job *job; int ret = CRYPTO_OK, proc_len; - if (job_idx < 0 || job_idx > SPACC_MAX_JOBS) + if (job_idx < 0 || job_idx >= SPACC_MAX_JOBS) return -ENXIO; switch (prio) { @@ -1331,7 +1331,7 @@ static int spacc_set_auxinfo(struct spacc_device *spacc, int jobid, int ret = CRYPTO_OK; struct spacc_job *job; - if (jobid < 0 || jobid > SPACC_MAX_JOBS) + if (jobid < 0 || jobid >= SPACC_MAX_JOBS) return -ENXIO; job = &spacc->job[jobid]; @@ -2364,7 +2364,7 @@ int spacc_set_key_exp(struct spacc_device *spacc, int job_idx) struct spacc_ctx *ctx = NULL; struct spacc_job *job = NULL; - if (job_idx < 0 || job_idx > SPACC_MAX_JOBS) { + if (job_idx < 0 || job_idx >= SPACC_MAX_JOBS) { pr_debug("ERR: Invalid Job id specified (out of range)\n"); return -ENXIO; }