review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Wenwen Wang <wang6495@umn.edu>
	Fri, 19 Oct 2018 00:50:43 +0000 (19:50 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 9 Jan 2019 16:38:44 +0000 (17:38 +0100)
commit	0fa6bead41baabd87abdffdd1d33d341069935af
tree	efe2bf865a16b7633fa24090c33f5a5724a6edbd	tree \| snapshot
parent	d095e1ba4165a375620b34656856fe1763978714	commit \| diff

crypto: cavium/nitrox - fix a DMA pool free failure

commit 7172122be6a4712d699da4d261f92aa5ab3a78b8 upstream.

In crypto_alloc_context(), a DMA pool is allocated through dma_pool_alloc()
to hold the crypto context. The meta data of the DMA pool, including the
pool used for the allocation 'ndev->ctx_pool' and the base address of the
DMA pool used by the device 'dma', are then stored to the beginning of the
pool. These meta data are eventually used in crypto_free_context() to free
the DMA pool through dma_pool_free(). However, given that the DMA pool can
also be accessed by the device, a malicious device can modify these meta
data, especially when the device is controlled to deploy an attack. This
can cause an unexpected DMA pool free failure.

To avoid the above issue, this patch introduces a new structure
crypto_ctx_hdr and a new field chdr in the structure nitrox_crypto_ctx hold
the meta data information of the DMA pool after the allocation. Note that
the original structure ctx_hdr is not changed to ensure the compatibility.

Cc: <stable@vger.kernel.org>
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/crypto/cavium/nitrox/nitrox_algs.c		diff \| blob \| history
drivers/crypto/cavium/nitrox/nitrox_lib.c		diff \| blob \| history
drivers/crypto/cavium/nitrox/nitrox_req.h		diff \| blob \| history