diff options
5 files changed, 526 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/cryptodev_1.7.inc b/recipes-kernel/cryptodev/cryptodev_1.7.inc index 31b23a7..27e679d 100644 --- a/recipes-kernel/cryptodev/cryptodev_1.7.inc +++ b/recipes-kernel/cryptodev/cryptodev_1.7.inc | |||
@@ -38,6 +38,10 @@ file://0017-remove-dead-code.patch \ | |||
38 | file://0018-fix-compat-warnings.patch \ | 38 | file://0018-fix-compat-warnings.patch \ |
39 | file://0019-fix-size_t-print-format.patch \ | 39 | file://0019-fix-size_t-print-format.patch \ |
40 | file://0020-fix-uninitialized-variable-compiler-warning.patch \ | 40 | file://0020-fix-uninitialized-variable-compiler-warning.patch \ |
41 | file://0021-check-return-codes-for-copy-to-from-user-functions.patch \ | ||
42 | file://0022-fix-double-free-pkc-req-on-error.patch \ | ||
43 | file://0023-remove-MAY_BACKLOG-flag-from-requests.patch \ | ||
44 | file://0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch \ | ||
41 | " | 45 | " |
42 | 46 | ||
43 | # NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc | 47 | # NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc |
diff --git a/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch b/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch new file mode 100644 index 0000000..558d045 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch | |||
@@ -0,0 +1,398 @@ | |||
1 | From 4078382cfc69c0f5e582d485fe8cc778f9e458d1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 21 Sep 2015 16:39:52 +0300 | ||
4 | Subject: [PATCH 21/23] check return codes for copy to/from user functions | ||
5 | |||
6 | - these functions may fail and we should check their return codes. | ||
7 | - fix an unintended fall-through in CRK_DSA_GENERATE_KEY | ||
8 | - fix incorrect return code for CIOCASYMFETCHCOOKIE | ||
9 | |||
10 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
11 | --- | ||
12 | ioctl.c | 42 +++++++-------- | ||
13 | main.c | 183 ++++++++++++++++++++++++++++++---------------------------------- | ||
14 | 2 files changed, 108 insertions(+), 117 deletions(-) | ||
15 | |||
16 | diff --git a/ioctl.c b/ioctl.c | ||
17 | index 7cd3c56..8fa3e5c 100644 | ||
18 | --- a/ioctl.c | ||
19 | +++ b/ioctl.c | ||
20 | @@ -711,13 +711,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
21 | case CRK_MOD_EXP: | ||
22 | { | ||
23 | struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req; | ||
24 | - copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); | ||
25 | + ret = copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); | ||
26 | } | ||
27 | break; | ||
28 | case CRK_MOD_EXP_CRT: | ||
29 | { | ||
30 | struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3; | ||
31 | - copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); | ||
32 | + ret = copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); | ||
33 | } | ||
34 | break; | ||
35 | case CRK_DSA_SIGN: | ||
36 | @@ -725,11 +725,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
37 | struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign; | ||
38 | |||
39 | if (pkc->req->type == ECDSA_SIGN) { | ||
40 | - copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len); | ||
41 | - copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); | ||
42 | + ret = copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) || | ||
43 | + copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); | ||
44 | } else { | ||
45 | - copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len); | ||
46 | - copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); | ||
47 | + ret = copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) || | ||
48 | + copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); | ||
49 | } | ||
50 | } | ||
51 | break; | ||
52 | @@ -739,9 +739,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
53 | { | ||
54 | struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req; | ||
55 | if (pkc->req->type == ECDH_COMPUTE_KEY) | ||
56 | - copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); | ||
57 | + ret = copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len); | ||
58 | else | ||
59 | - copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); | ||
60 | + ret = copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len); | ||
61 | } | ||
62 | break; | ||
63 | case CRK_DSA_GENERATE_KEY: | ||
64 | @@ -750,16 +750,17 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc) | ||
65 | struct keygen_req_s *key_req = &pkc->req->req_u.keygen; | ||
66 | |||
67 | if (pkc->req->type == ECC_KEYGEN) { | ||
68 | - copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, | ||
69 | - key_req->pub_key_len); | ||
70 | - copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, | ||
71 | + ret = copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key, | ||
72 | + key_req->pub_key_len) || | ||
73 | + copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key, | ||
74 | key_req->priv_key_len); | ||
75 | } else { | ||
76 | - copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, | ||
77 | - key_req->pub_key_len); | ||
78 | - copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, | ||
79 | + ret = copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key, | ||
80 | + key_req->pub_key_len) || | ||
81 | + copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key, | ||
82 | key_req->priv_key_len); | ||
83 | } | ||
84 | + break; | ||
85 | } | ||
86 | default: | ||
87 | ret = -EINVAL; | ||
88 | @@ -1115,14 +1116,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_) | ||
89 | |||
90 | /* Reflect the updated request to user-space */ | ||
91 | if (cookie_list.cookie_available) { | ||
92 | - copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); | ||
93 | + ret = copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s)); | ||
94 | } else { | ||
95 | struct pkc_cookie_list_s *user_ck_list = (void *)arg; | ||
96 | - put_user(0, &(user_ck_list->cookie_available)); | ||
97 | + ret = put_user(0, &(user_ck_list->cookie_available)); | ||
98 | } | ||
99 | - ret = cookie_list.cookie_available; | ||
100 | } | ||
101 | - | ||
102 | return ret; | ||
103 | default: | ||
104 | return -EINVAL; | ||
105 | @@ -1417,9 +1416,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_) | ||
106 | } | ||
107 | |||
108 | /* Reflect the updated request to user-space */ | ||
109 | - if (cookie_list.cookie_available) | ||
110 | - copy_to_user(arg, &cookie_list, | ||
111 | - sizeof(struct compat_pkc_cookie_list_s)); | ||
112 | + if (cookie_list.cookie_available) { | ||
113 | + ret = copy_to_user(arg, &cookie_list, | ||
114 | + sizeof(struct compat_pkc_cookie_list_s)); | ||
115 | + } | ||
116 | } | ||
117 | return ret; | ||
118 | default: | ||
119 | diff --git a/main.c b/main.c | ||
120 | index ed1c69a..e5adb93 100644 | ||
121 | --- a/main.c | ||
122 | +++ b/main.c | ||
123 | @@ -223,31 +223,29 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc) | ||
124 | dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len; | ||
125 | dsa_req->c = dsa_req->m + dsa_req->m_len; | ||
126 | dsa_req->d = dsa_req->c + dsa_req->d_len; | ||
127 | - copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); | ||
128 | - copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); | ||
129 | - copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); | ||
130 | - copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); | ||
131 | - copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, | ||
132 | - dsa_req->priv_key_len); | ||
133 | + rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) || | ||
134 | + copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) || | ||
135 | + copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) || | ||
136 | + copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) || | ||
137 | + copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, dsa_req->priv_key_len); | ||
138 | if (cop->crk_iparams == 6) { | ||
139 | dsa_req->ab = dsa_req->d + dsa_req->d_len; | ||
140 | - copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, | ||
141 | + rc = rc || copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, | ||
142 | dsa_req->ab_len); | ||
143 | } | ||
144 | + if (rc) | ||
145 | + goto err; | ||
146 | + | ||
147 | rc = cryptodev_pkc_offload(pkc); | ||
148 | if (pkc->type == SYNCHRONOUS) { | ||
149 | - if (rc) | ||
150 | - goto err; | ||
151 | if (cop->crk_iparams == 6) { | ||
152 | - copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, | ||
153 | - dsa_req->d_len); | ||
154 | - copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, | ||
155 | - dsa_req->d_len); | ||
156 | + rc = rc || | ||
157 | + copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) || | ||
158 | + copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len); | ||
159 | } else { | ||
160 | - copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, | ||
161 | - dsa_req->d_len); | ||
162 | - copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, | ||
163 | - dsa_req->d_len); | ||
164 | + rc = rc || | ||
165 | + copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) || | ||
166 | + copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len); | ||
167 | } | ||
168 | } else { | ||
169 | if (rc != -EINPROGRESS && rc != 0) | ||
170 | @@ -303,31 +301,28 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc) | ||
171 | dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len; | ||
172 | dsa_req->c = dsa_req->m + dsa_req->m_len; | ||
173 | dsa_req->d = dsa_req->c + dsa_req->d_len; | ||
174 | - copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len); | ||
175 | - copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len); | ||
176 | - copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len); | ||
177 | - copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len); | ||
178 | - copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, | ||
179 | - dsa_req->pub_key_len); | ||
180 | + rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) || | ||
181 | + copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) || | ||
182 | + copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) || | ||
183 | + copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) || | ||
184 | + copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, dsa_req->pub_key_len); | ||
185 | if (cop->crk_iparams == 8) { | ||
186 | dsa_req->ab = dsa_req->d + dsa_req->d_len; | ||
187 | - copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, | ||
188 | - dsa_req->ab_len); | ||
189 | - copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, | ||
190 | - dsa_req->d_len); | ||
191 | - copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, | ||
192 | - dsa_req->d_len); | ||
193 | + rc = rc || | ||
194 | + copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, dsa_req->ab_len) || | ||
195 | + copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, dsa_req->d_len) || | ||
196 | + copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, dsa_req->d_len); | ||
197 | } else { | ||
198 | - copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, | ||
199 | - dsa_req->d_len); | ||
200 | - copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, | ||
201 | - dsa_req->d_len); | ||
202 | + rc = rc || | ||
203 | + copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, dsa_req->d_len) || | ||
204 | + copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, dsa_req->d_len); | ||
205 | } | ||
206 | + | ||
207 | + if (rc) | ||
208 | + goto err; | ||
209 | + | ||
210 | rc = cryptodev_pkc_offload(pkc); | ||
211 | - if (pkc->type == SYNCHRONOUS) { | ||
212 | - if (rc) | ||
213 | - goto err; | ||
214 | - } else { | ||
215 | + if (pkc->type != SYNCHRONOUS) { | ||
216 | if (rc != -EINPROGRESS && !rc) | ||
217 | goto err; | ||
218 | pkc->cookie = buf; | ||
219 | @@ -380,24 +375,15 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc) | ||
220 | rc = cryptodev_pkc_offload(pkc); | ||
221 | |||
222 | if (pkc->type == SYNCHRONOUS) { | ||
223 | - if (rc) | ||
224 | - goto err; | ||
225 | - | ||
226 | - copy_to_user(cop->crk_param[0].crp_p, | ||
227 | - key_req->p, key_req->p_len); | ||
228 | - copy_to_user(cop->crk_param[1].crp_p, | ||
229 | - key_req->q, key_req->q_len); | ||
230 | - copy_to_user(cop->crk_param[2].crp_p, | ||
231 | - key_req->n, key_req->n_len); | ||
232 | - copy_to_user(cop->crk_param[3].crp_p, | ||
233 | - key_req->d, key_req->d_len); | ||
234 | - copy_to_user(cop->crk_param[4].crp_p, | ||
235 | - key_req->dp, key_req->dp_len); | ||
236 | - copy_to_user(cop->crk_param[5].crp_p, | ||
237 | - key_req->dq, key_req->dq_len); | ||
238 | - copy_to_user(cop->crk_param[6].crp_p, | ||
239 | - key_req->c, key_req->c_len); | ||
240 | - } else { | ||
241 | + rc = rc || | ||
242 | + copy_to_user(cop->crk_param[0].crp_p, key_req->p, key_req->p_len) || | ||
243 | + copy_to_user(cop->crk_param[1].crp_p, key_req->q, key_req->q_len) || | ||
244 | + copy_to_user(cop->crk_param[2].crp_p, key_req->n, key_req->n_len) || | ||
245 | + copy_to_user(cop->crk_param[3].crp_p, key_req->d, key_req->d_len) || | ||
246 | + copy_to_user(cop->crk_param[4].crp_p, key_req->dp, key_req->dp_len) || | ||
247 | + copy_to_user(cop->crk_param[5].crp_p, key_req->dq, key_req->dq_len) || | ||
248 | + copy_to_user(cop->crk_param[6].crp_p, key_req->c, key_req->c_len); | ||
249 | + } else { | ||
250 | if (rc != -EINPROGRESS && !rc) { | ||
251 | printk("%s: Failed\n", __func__); | ||
252 | goto err; | ||
253 | @@ -451,30 +437,33 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc) | ||
254 | key_req->g = key_req->r + key_req->r_len; | ||
255 | key_req->pub_key = key_req->g + key_req->g_len; | ||
256 | key_req->priv_key = key_req->pub_key + key_req->pub_key_len; | ||
257 | - copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len); | ||
258 | - copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len); | ||
259 | - copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); | ||
260 | + rc = copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len) || | ||
261 | + copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len) || | ||
262 | + copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len); | ||
263 | + | ||
264 | if (cop->crk_iparams == 4) { | ||
265 | key_req->ab = key_req->priv_key + key_req->priv_key_len; | ||
266 | - copy_from_user(key_req->ab, cop->crk_param[3].crp_p, | ||
267 | + rc = rc || copy_from_user(key_req->ab, cop->crk_param[3].crp_p, | ||
268 | key_req->ab_len); | ||
269 | } | ||
270 | |||
271 | + if (rc) | ||
272 | + goto err; | ||
273 | + | ||
274 | rc = cryptodev_pkc_offload(pkc); | ||
275 | if (pkc->type == SYNCHRONOUS) { | ||
276 | - if (rc) | ||
277 | - goto err; | ||
278 | - | ||
279 | if (cop->crk_iparams == 4) { | ||
280 | - copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, | ||
281 | - key_req->pub_key_len); | ||
282 | - copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, | ||
283 | + rc = rc || | ||
284 | + copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key, | ||
285 | + key_req->pub_key_len) || | ||
286 | + copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key, | ||
287 | key_req->priv_key_len); | ||
288 | } else { | ||
289 | - copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, | ||
290 | - key_req->pub_key_len); | ||
291 | - copy_to_user(cop->crk_param[4].crp_p, | ||
292 | - key_req->priv_key, key_req->priv_key_len); | ||
293 | + rc = rc || | ||
294 | + copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key, | ||
295 | + key_req->pub_key_len) || | ||
296 | + copy_to_user(cop->crk_param[4].crp_p, key_req->priv_key, | ||
297 | + key_req->priv_key_len); | ||
298 | } | ||
299 | } else { | ||
300 | if (rc != -EINPROGRESS && !rc) | ||
301 | @@ -495,7 +484,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) | ||
302 | struct dh_key_req_s *dh_req; | ||
303 | int buf_size; | ||
304 | uint8_t *buf; | ||
305 | - int rc = -EINVAL; | ||
306 | + int rc = 0; | ||
307 | |||
308 | dh_req = &pkc->req->req_u.dh_req; | ||
309 | dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8; | ||
310 | @@ -520,22 +509,23 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc) | ||
311 | if (cop->crk_iparams == 4) { | ||
312 | dh_req->ab = dh_req->z + dh_req->z_len; | ||
313 | pkc->req->curve_type = cop->curve_type; | ||
314 | - copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, | ||
315 | - dh_req->ab_len); | ||
316 | + rc = copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, dh_req->ab_len); | ||
317 | } | ||
318 | - copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len); | ||
319 | - copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, | ||
320 | - dh_req->pub_key_len); | ||
321 | - copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); | ||
322 | + | ||
323 | + rc = rc || | ||
324 | + copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len) || | ||
325 | + copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, dh_req->pub_key_len) || | ||
326 | + copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len); | ||
327 | + if (rc) | ||
328 | + goto err; | ||
329 | + | ||
330 | rc = cryptodev_pkc_offload(pkc); | ||
331 | if (pkc->type == SYNCHRONOUS) { | ||
332 | - if (rc) | ||
333 | - goto err; | ||
334 | if (cop->crk_iparams == 4) | ||
335 | - copy_to_user(cop->crk_param[4].crp_p, dh_req->z, | ||
336 | + rc = rc || copy_to_user(cop->crk_param[4].crp_p, dh_req->z, | ||
337 | dh_req->z_len); | ||
338 | else | ||
339 | - copy_to_user(cop->crk_param[3].crp_p, dh_req->z, | ||
340 | + rc = rc || copy_to_user(cop->crk_param[3].crp_p, dh_req->z, | ||
341 | dh_req->z_len); | ||
342 | } else { | ||
343 | if (rc != -EINPROGRESS && rc != 0) | ||
344 | @@ -582,19 +572,19 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc) | ||
345 | rsa_req->dq = rsa_req->dp + rsa_req->dp_len; | ||
346 | rsa_req->c = rsa_req->dq + rsa_req->dq_len; | ||
347 | rsa_req->f = rsa_req->c + rsa_req->c_len; | ||
348 | - copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len); | ||
349 | - copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len); | ||
350 | - copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len); | ||
351 | - copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len); | ||
352 | - copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len); | ||
353 | - copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); | ||
354 | + rc = copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len) || | ||
355 | + copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len) || | ||
356 | + copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len) || | ||
357 | + copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len) || | ||
358 | + copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len) || | ||
359 | + copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len); | ||
360 | + if (rc) | ||
361 | + goto err; | ||
362 | + | ||
363 | rc = cryptodev_pkc_offload(pkc); | ||
364 | |||
365 | if (pkc->type == SYNCHRONOUS) { | ||
366 | - if (rc) | ||
367 | - goto err; | ||
368 | - copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, | ||
369 | - rsa_req->f_len); | ||
370 | + rc = rc || copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len); | ||
371 | } else { | ||
372 | if (rc != -EINPROGRESS && rc != 0) | ||
373 | goto err; | ||
374 | @@ -633,14 +623,15 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc) | ||
375 | rsa_req->f = rsa_req->e + rsa_req->e_len; | ||
376 | rsa_req->g = rsa_req->f + rsa_req->f_len; | ||
377 | rsa_req->n = rsa_req->g + rsa_req->g_len; | ||
378 | - copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len); | ||
379 | - copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len); | ||
380 | - copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); | ||
381 | + rc = copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len) || | ||
382 | + copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len) || | ||
383 | + copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len); | ||
384 | + if (rc) | ||
385 | + goto err; | ||
386 | + | ||
387 | rc = cryptodev_pkc_offload(pkc); | ||
388 | if (pkc->type == SYNCHRONOUS) { | ||
389 | - if (rc) | ||
390 | - goto err; | ||
391 | - copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); | ||
392 | + rc = rc || copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len); | ||
393 | } else { | ||
394 | if (rc != -EINPROGRESS && rc != 0) | ||
395 | goto err; | ||
396 | -- | ||
397 | 2.3.5 | ||
398 | |||
diff --git a/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch b/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch new file mode 100644 index 0000000..6e747e0 --- /dev/null +++ b/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch | |||
@@ -0,0 +1,26 @@ | |||
1 | From 85146b8429ba11bd0be68c24c17dd77b21ec8c25 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristian Stoica <cristian.stoica@freescale.com> | ||
3 | Date: Mon, 12 Oct 2015 23:03:28 +0300 | ||
4 | Subject: [PATCH 22/23] fix double free pkc->req on error | ||
5 | |||
6 | Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com> | ||
7 | --- | ||
8 | main.c | 2 +- | ||
9 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
10 | |||
11 | diff --git a/main.c b/main.c | ||
12 | index e5adb93..ec11129 100644 | ||
13 | --- a/main.c | ||
14 | +++ b/main.c | ||
15 | @@ -747,7 +747,7 @@ int crypto_run_asym(struct cryptodev_pkc *pkc) | ||
16 | /* todo - fix alloc-free on error path */ | ||
17 | pkc->req->type = pkc_req_type; | ||
18 | err = call_next_action(pkc); | ||
19 | - if (pkc->type == SYNCHRONOUS) | ||
20 | + if (err == 0 && pkc->type == SYNCHRONOUS) | ||
21 | kfree(pkc->req); | ||
22 | |||
23 | return err; | ||
24 | -- | ||
25 | 2.3.5 | ||
26 | |||
diff --git a/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch b/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch new file mode 100644 index 0000000..32c3ddd --- /dev/null +++ b/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch | |||
@@ -0,0 +1,69 @@ | |||
1 | From 7d0d0deb255f8c59b0cf6d3944ee2e3be4133b4c Mon Sep 17 00:00:00 2001 | ||
2 | From: Alex Porosanu <alexandru.porosanu@freescale.com> | ||
3 | Date: Mon, 19 Oct 2015 11:53:11 +0300 | ||
4 | Subject: [PATCH 23/23] remove MAY_BACKLOG flag from requests | ||
5 | |||
6 | cryptodev doesn't implement the backlogging mechanism properly, | ||
7 | since it misses the possibility of sleeping and waiting for | ||
8 | wake-up when the crypto driver below starts working on the | ||
9 | submitted backloggable request. | ||
10 | In case the crypto driver below implements backlogging mechanisms, | ||
11 | this can lead to side-effects such as working on previously-free'ed | ||
12 | data. | ||
13 | This patch removes the MAY_BACKLOG flag from the requests. | ||
14 | |||
15 | Change-Id: Ia3d822b1abfc1a51e2ce3e9682476b2c99d19c5a | ||
16 | Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com> | ||
17 | --- | ||
18 | cryptlib.c | 14 +++++--------- | ||
19 | 1 file changed, 5 insertions(+), 9 deletions(-) | ||
20 | |||
21 | diff --git a/cryptlib.c b/cryptlib.c | ||
22 | index 10f5e1a..eba4616 100644 | ||
23 | --- a/cryptlib.c | ||
24 | +++ b/cryptlib.c | ||
25 | @@ -194,8 +194,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, | ||
26 | goto error; | ||
27 | } | ||
28 | |||
29 | - ablkcipher_request_set_callback(out->async.request, | ||
30 | - CRYPTO_TFM_REQ_MAY_BACKLOG, | ||
31 | + ablkcipher_request_set_callback(out->async.request, 0, | ||
32 | cryptodev_complete, out->async.result); | ||
33 | } else { | ||
34 | out->async.arequest = aead_request_alloc(out->async.as, GFP_KERNEL); | ||
35 | @@ -205,8 +204,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name, | ||
36 | goto error; | ||
37 | } | ||
38 | |||
39 | - aead_request_set_callback(out->async.arequest, | ||
40 | - CRYPTO_TFM_REQ_MAY_BACKLOG, | ||
41 | + aead_request_set_callback(out->async.arequest, 0, | ||
42 | cryptodev_complete, out->async.result); | ||
43 | } | ||
44 | |||
45 | @@ -362,9 +360,8 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name, | ||
46 | goto error; | ||
47 | } | ||
48 | |||
49 | - ahash_request_set_callback(hdata->async.request, | ||
50 | - CRYPTO_TFM_REQ_MAY_BACKLOG, | ||
51 | - cryptodev_complete, hdata->async.result); | ||
52 | + ahash_request_set_callback(hdata->async.request, 0, | ||
53 | + cryptodev_complete, hdata->async.result); | ||
54 | |||
55 | ret = crypto_ahash_init(hdata->async.request); | ||
56 | if (unlikely(ret)) { | ||
57 | @@ -439,8 +436,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc) | ||
58 | int ret; | ||
59 | |||
60 | init_completion(&pkc->result.completion); | ||
61 | - pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG, | ||
62 | - cryptodev_complete_asym, pkc); | ||
63 | + pkc_request_set_callback(pkc->req, 0, cryptodev_complete_asym, pkc); | ||
64 | ret = crypto_pkc_op(pkc->req); | ||
65 | if (ret != -EINPROGRESS && ret != 0) | ||
66 | goto error; | ||
67 | -- | ||
68 | 2.3.5 | ||
69 | |||
diff --git a/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch b/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch new file mode 100644 index 0000000..8d0bd8b --- /dev/null +++ b/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | From 53e4d0fe4a334dae3df32b2053e4ebdfda2e9148 Mon Sep 17 00:00:00 2001 | ||
2 | From: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
3 | Date: Tue, 27 Oct 2015 15:51:02 +0200 | ||
4 | Subject: [PATCH] fix COMPAT_CIOCKEY ioctl command number | ||
5 | |||
6 | CIOCKEY and COMPAT_CIOCKEY had different command numbers, | ||
7 | so that 32-bit applications got EINVAL error on 64-bit kernel. | ||
8 | |||
9 | Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com> | ||
10 | --- | ||
11 | cryptodev_int.h | 2 +- | ||
12 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
13 | |||
14 | diff --git a/cryptodev_int.h b/cryptodev_int.h | ||
15 | index c83c885..cb005d7 100644 | ||
16 | --- a/cryptodev_int.h | ||
17 | +++ b/cryptodev_int.h | ||
18 | @@ -132,7 +132,7 @@ struct compat_crypt_auth_op { | ||
19 | /* compat ioctls, defined for the above structs */ | ||
20 | #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op) | ||
21 | #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op) | ||
22 | -#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop) | ||
23 | +#define COMPAT_CIOCKEY _IOWR('c', 105, struct compat_crypt_kop) | ||
24 | #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op) | ||
25 | #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op) | ||
26 | #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op) | ||
27 | -- | ||
28 | 2.3.3 | ||
29 | |||