| Message ID | 20210721083905.15144-1-ykaukab@suse.de |
|---|---|
| State | Accepted |
| Commit | 0469dede0eeeefe12a9a2fd76078f4a266513457 |
| Headers | show |
| Series | crypto: ecc: handle unaligned input buffer in ecc_swap_digits | expand |
On Wed, Jul 21, 2021 at 10:39:05AM +0200, Mian Yousaf Kaukab wrote: > ecdsa_set_pub_key() makes an u64 pointer at 1 byte offset of the key. > This results in an unaligned u64 pointer. This pointer is passed to > ecc_swap_digits() which assumes natural alignment. > > This causes a kernel crash on an armv7 platform: > [ 0.409022] Unhandled fault: alignment exception (0x001) at 0xc2a0a6a9 > ... > [ 0.416982] PC is at ecdsa_set_pub_key+0xdc/0x120 > ... > [ 0.491492] Backtrace: > [ 0.492059] [<c07c266c>] (ecdsa_set_pub_key) from [<c07c75d4>] (test_akcipher_one+0xf4/0x6c0) > > Handle unaligned input buffer in ecc_swap_digits() by replacing > be64_to_cpu() to get_unaligned_be64(). Change type of in pointer to > void to reflect it doesn’t necessarily need to be aligned. > > Fixes: 4e6602916bc6 ("crypto: ecdsa - Add support for ECDSA signature verification") > Reported-by: Guillaume Gardet <guillaume.gardet@arm.com> > Suggested-by: Takashi Iwai <tiwai@suse.de> > Signed-off-by: Mian Yousaf Kaukab <ykaukab@suse.de> > --- > crypto/ecc.h | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/crypto/ecc.h b/crypto/ecc.h index a006132646a4..1350e8eb6ac2 100644 --- a/crypto/ecc.h +++ b/crypto/ecc.h @@ -27,6 +27,7 @@ #define _CRYPTO_ECC_H #include <crypto/ecc_curve.h> +#include <asm/unaligned.h> /* One digit is u64 qword. */ #define ECC_CURVE_NIST_P192_DIGITS 3 @@ -46,13 +47,13 @@ * @out: Output array * @ndigits: Number of digits to copy */ -static inline void ecc_swap_digits(const u64 *in, u64 *out, unsigned int ndigits) +static inline void ecc_swap_digits(const void *in, u64 *out, unsigned int ndigits) { const __be64 *src = (__force __be64 *)in; int i; for (i = 0; i < ndigits; i++) - out[i] = be64_to_cpu(src[ndigits - 1 - i]); + out[i] = get_unaligned_be64(&src[ndigits - 1 - i]); } /**
ecdsa_set_pub_key() makes an u64 pointer at 1 byte offset of the key. This results in an unaligned u64 pointer. This pointer is passed to ecc_swap_digits() which assumes natural alignment. This causes a kernel crash on an armv7 platform: [ 0.409022] Unhandled fault: alignment exception (0x001) at 0xc2a0a6a9 ... [ 0.416982] PC is at ecdsa_set_pub_key+0xdc/0x120 ... [ 0.491492] Backtrace: [ 0.492059] [<c07c266c>] (ecdsa_set_pub_key) from [<c07c75d4>] (test_akcipher_one+0xf4/0x6c0) Handle unaligned input buffer in ecc_swap_digits() by replacing be64_to_cpu() to get_unaligned_be64(). Change type of in pointer to void to reflect it doesn’t necessarily need to be aligned. Fixes: 4e6602916bc6 ("crypto: ecdsa - Add support for ECDSA signature verification") Reported-by: Guillaume Gardet <guillaume.gardet@arm.com> Suggested-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Mian Yousaf Kaukab <ykaukab@suse.de> --- crypto/ecc.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)