From a8bb35c7ed20a4427cd2afd30a6462f6d9626442 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 22 Jan 2024 09:37:38 -0800 Subject: [PATCH] 5.10-stable patches added patches: dma-mapping-fix-build-error-unused-value.patch virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch virtio-crypto-fix-memory-leak.patch --- ...mapping-fix-build-error-unused-value.patch | 51 +++++++++++++ queue-5.10/series | 3 + ...io_crypto_alg_skcipher_close_session.patch | 37 ++++++++++ .../virtio-crypto-fix-memory-leak.patch | 74 +++++++++++++++++++ 4 files changed, 165 insertions(+) create mode 100644 queue-5.10/dma-mapping-fix-build-error-unused-value.patch create mode 100644 queue-5.10/virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch create mode 100644 queue-5.10/virtio-crypto-fix-memory-leak.patch diff --git a/queue-5.10/dma-mapping-fix-build-error-unused-value.patch b/queue-5.10/dma-mapping-fix-build-error-unused-value.patch new file mode 100644 index 00000000000..fa40013ecf2 --- /dev/null +++ b/queue-5.10/dma-mapping-fix-build-error-unused-value.patch @@ -0,0 +1,51 @@ +From 50d6281ce9b8412f7ef02d1bc9d23aa62ae0cf98 Mon Sep 17 00:00:00 2001 +From: Ren Zhijie +Date: Thu, 30 Jun 2022 20:35:28 +0800 +Subject: dma-mapping: Fix build error unused-value +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ren Zhijie + +commit 50d6281ce9b8412f7ef02d1bc9d23aa62ae0cf98 upstream. + +If CONFIG_DMA_DECLARE_COHERENT is not set, +make ARCH=x86_64 CROSS_COMPILE=x86_64-linux-gnu- will be failed, like this: + +drivers/remoteproc/remoteproc_core.c: In function ‘rproc_rvdev_release’: +./include/linux/dma-map-ops.h:182:42: error: statement with no effect [-Werror=unused-value] + #define dma_release_coherent_memory(dev) (0) + ^ +drivers/remoteproc/remoteproc_core.c:464:2: note: in expansion of macro ‘dma_release_coherent_memory’ + dma_release_coherent_memory(dev); + ^~~~~~~~~~~~~~~~~~~~~~~~~~~ +cc1: all warnings being treated as errors + +The return type of function dma_release_coherent_memory in CONFIG_DMA_DECLARE_COHERENT area is void, so in !CONFIG_DMA_DECLARE_COHERENT area it should neither return any value nor be defined as zero. + +Reported-by: Hulk Robot +Fixes: e61c451476e6 ("dma-mapping: Add dma_release_coherent_memory to DMA API") +Signed-off-by: Ren Zhijie +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20220630123528.251181-1-renzhijie2@huawei.com +Signed-off-by: Mathieu Poirier +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/dma-map-ops.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/dma-map-ops.h ++++ b/include/linux/dma-map-ops.h +@@ -185,10 +185,10 @@ static inline int dma_declare_coherent_m + return -ENOSYS; + } + +-#define dma_release_coherent_memory(dev) (0) + #define dma_alloc_from_dev_coherent(dev, size, handle, ret) (0) + #define dma_release_from_dev_coherent(dev, order, vaddr) (0) + #define dma_mmap_from_dev_coherent(dev, vma, vaddr, order, ret) (0) ++static inline void dma_release_coherent_memory(struct device *dev) { } + + static inline void *dma_alloc_from_global_coherent(struct device *dev, + ssize_t size, dma_addr_t *dma_handle) diff --git a/queue-5.10/series b/queue-5.10/series index de79d7d0794..f170560eb8a 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -199,3 +199,6 @@ binder-fix-async-space-check-for-0-sized-buffers.patch binder-fix-unused-alloc-free_async_space.patch binder-fix-use-after-free-in-shinker-s-callback.patch input-atkbd-use-ab83-as-id-when-skipping-the-getid-command.patch +dma-mapping-fix-build-error-unused-value.patch +virtio-crypto-fix-memory-leak.patch +virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch diff --git a/queue-5.10/virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch b/queue-5.10/virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch new file mode 100644 index 00000000000..2cc71f2c812 --- /dev/null +++ b/queue-5.10/virtio-crypto-fix-memory-leak-in-virtio_crypto_alg_skcipher_close_session.patch @@ -0,0 +1,37 @@ +From b1d65f717cd6305a396a8738e022c6f7c65cfbe8 Mon Sep 17 00:00:00 2001 +From: Wei Yongjun +Date: Mon, 14 Nov 2022 11:07:40 +0000 +Subject: virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session() + +From: Wei Yongjun + +commit b1d65f717cd6305a396a8738e022c6f7c65cfbe8 upstream. + +'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(), +and should be freed in the invalid ctrl_status->status error handling +case. Otherwise there is a memory leak. + +Fixes: 0756ad15b1fe ("virtio-crypto: use private buffer for control request") +Signed-off-by: Wei Yongjun +Message-Id: <20221114110740.537276-1-weiyongjun@huaweicloud.com> +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Gonglei +Acked-by: zhenwei pi +Acked-by: Jason Wang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/virtio/virtio_crypto_algs.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/crypto/virtio/virtio_crypto_algs.c ++++ b/drivers/crypto/virtio/virtio_crypto_algs.c +@@ -239,7 +239,8 @@ static int virtio_crypto_alg_skcipher_cl + pr_err("virtio_crypto: Close session failed status: %u, session_id: 0x%llx\n", + ctrl_status->status, destroy_session->session_id); + +- return -EINVAL; ++ err = -EINVAL; ++ goto out; + } + + err = 0; diff --git a/queue-5.10/virtio-crypto-fix-memory-leak.patch b/queue-5.10/virtio-crypto-fix-memory-leak.patch new file mode 100644 index 00000000000..021b442a512 --- /dev/null +++ b/queue-5.10/virtio-crypto-fix-memory-leak.patch @@ -0,0 +1,74 @@ +From 1bedcf22c081a6e9943f09937b2da8d3ef52d20d Mon Sep 17 00:00:00 2001 +From: lei he +Date: Mon, 19 Sep 2022 15:51:58 +0800 +Subject: virtio-crypto: fix memory-leak + +From: lei he + +commit 1bedcf22c081a6e9943f09937b2da8d3ef52d20d upstream. + +Fix memory-leak for virtio-crypto akcipher request, this problem is +introduced by 59ca6c93387d3(virtio-crypto: implement RSA algorithm). +The leak can be reproduced and tested with the following script +inside virtual machine: + +#!/bin/bash + +LOOP_TIMES=10000 + +# required module: pkcs8_key_parser, virtio_crypto +modprobe pkcs8_key_parser # if CONFIG_PKCS8_PRIVATE_KEY_PARSER=m +modprobe virtio_crypto # if CONFIG_CRYPTO_DEV_VIRTIO=m +rm -rf /tmp/data +dd if=/dev/random of=/tmp/data count=1 bs=230 + +# generate private key and self-signed cert +openssl req -nodes -x509 -newkey rsa:2048 -keyout key.pem \ + -outform der -out cert.der \ + -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=always.com/emailAddress=yy@always.com" +# convert private key from pem to der +openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER -out key.der + +# add key +PRIV_KEY_ID=`cat key.der | keyctl padd asymmetric test_priv_key @s` +echo "priv key id = "$PRIV_KEY_ID +PUB_KEY_ID=`cat cert.der | keyctl padd asymmetric test_pub_key @s` +echo "pub key id = "$PUB_KEY_ID + +# query key +keyctl pkey_query $PRIV_KEY_ID 0 +keyctl pkey_query $PUB_KEY_ID 0 + +# here we only run pkey_encrypt becasuse it is the fastest interface +function bench_pub() { + keyctl pkey_encrypt $PUB_KEY_ID 0 /tmp/data enc=pkcs1 >/tmp/enc.pub +} + +# do bench_pub in loop to obtain the memory leak +for (( i = 0; i < ${LOOP_TIMES}; ++i )); do + bench_pub +done + +Signed-off-by: lei he +Acked-by: Michael S. Tsirkin +Reviewed-by: Gonglei +Message-Id: <20220919075158.3625-1-helei.sig11@bytedance.com> +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/virtio/virtio_crypto_akcipher_algs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c ++++ b/drivers/crypto/virtio/virtio_crypto_akcipher_algs.c +@@ -56,6 +56,10 @@ static void virtio_crypto_akcipher_final + struct virtio_crypto_akcipher_request *vc_akcipher_req, + struct akcipher_request *req, int err) + { ++ kfree(vc_akcipher_req->src_buf); ++ kfree(vc_akcipher_req->dst_buf); ++ vc_akcipher_req->src_buf = NULL; ++ vc_akcipher_req->dst_buf = NULL; + virtcrypto_clear_request(&vc_akcipher_req->base); + + crypto_finalize_akcipher_request(vc_akcipher_req->base.dataq->engine, req, err); -- 2.47.3