From patchwork Tue Jul 24 14:12:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gilad Ben-Yossef X-Patchwork-Id: 142807 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp7324797ljj; Tue, 24 Jul 2018 07:14:02 -0700 (PDT) X-Google-Smtp-Source: AAOMgpc7zZGLGirn0bif5EcefcNmfi8Shtl07gV66GEKA6L9XS09ORrky6n8A13pTjWv3FumkI4v X-Received: by 2002:a62:b40c:: with SMTP id h12-v6mr18088691pfn.18.1532441641946; Tue, 24 Jul 2018 07:14:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532441641; cv=none; d=google.com; s=arc-20160816; b=mXYlwNGQ9dSFFdybXTwC/FieckZ7nJXb8TalzVvotSvIn3u+jk0vpGKflNu/UY1diZ XrljspQK5d6dtjz33rAAWLMuxB52+pUj7Y6uJQnV1mwxhZerwkon8Vvz+0S0niPU8Vv3 1GrQZilcqgluwkEsKH96MCUM47InCW1wpGUoybZks9VhWdqp8q18wmJhU5m54/Tk7mif w9/ZxMinxGsYqnI8MYs7N/7oviqBn6/UCbSzcCwnzeFbzaPTTQAzKzVBkE5rm09Wjum3 JT9gbSwLanFQFn0ZBQcyA2ojrX3enq41TP670B3SJRAuqfyDYl4VQh0My10QwLKLffTQ DPMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=runiEI3I8OxSunaVbcL1M03ZpeP7YYut3jc62+mkQ4I=; b=aIjJ1lSWj8P369r4cQtW6enc2Iw9DgLbmDXSZEiAxwpB2K2yZ3KTNBgqnzHs0tRtrv 1Uf4pf8ti7N+KLvMPLAvpVPdrPafU9dkusc4x/ZJNiIZHJYxdUknS93LFAlEZJ5HWy3w iDYYFliF45dtZZy4TPLxN4BnIgwycUVdvCTbJTmQu6otMg5y6yEO8mN6FXbMi2Yvi+Ft hZKDawkJmhC4DWYa9fqlwJbgQktXAaKOEqa9xuXUIQ2pxwn6mBrfvnWpwssiIkkYSQEG JxMdn7y7EH0ahz5JGMJRF/QDoFPl+BHGCFJCroJoBaHQpWcj9LSYvmOQlYtRrXdwJ9e4 AELQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w25-v6si11884854pga.58.2018.07.24.07.14.01; Tue, 24 Jul 2018 07:14:01 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388559AbeGXPUj (ORCPT + 31 others); Tue, 24 Jul 2018 11:20:39 -0400 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:52304 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388460AbeGXPUi (ORCPT ); Tue, 24 Jul 2018 11:20:38 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6FE717A9; Tue, 24 Jul 2018 07:13:58 -0700 (PDT) Received: from sugar.kfn.arm.com (E110176.Emea.Arm.com [10.50.4.179]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C66B23F237; Tue, 24 Jul 2018 07:13:56 -0700 (PDT) From: Gilad Ben-Yossef To: Herbert Xu , "David S. Miller" Cc: Ofir Drang , Geert Uytterhoeven , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 3/4] crypto: ccree: zero all of request ctx before use Date: Tue, 24 Jul 2018 15:12:45 +0100 Message-Id: <1532441567-11694-4-git-send-email-gilad@benyossef.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1532441567-11694-1-git-send-email-gilad@benyossef.com> References: <1532441567-11694-1-git-send-email-gilad@benyossef.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In certain error path req_ctx->iv was being freed despite not being allocated because it was not initialized to NULL. Rather than play whack a mole with the structure various field, zero it before use. This fixes a kernel panic that may occur if an invalid buffer size was requested triggering the bug above. Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support") Reported-by: Geert Uytterhoeven Signed-off-by: Gilad Ben-Yossef --- drivers/crypto/ccree/cc_cipher.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.7.4 diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index 64740dd..9da0ecc 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -767,7 +767,7 @@ static int cc_cipher_encrypt(struct skcipher_request *req) { struct cipher_req_ctx *req_ctx = skcipher_request_ctx(req); - req_ctx->backup_info = NULL; + memset(req_ctx, 0, sizeof(*req_ctx)); return cc_cipher_process(req, DRV_CRYPTO_DIRECTION_ENCRYPT); } @@ -782,6 +782,8 @@ static int cc_cipher_decrypt(struct skcipher_request *req) gfp_t flags = cc_gfp_flags(&req->base); unsigned int len; + memset(req_ctx, 0, sizeof(*req_ctx)); + if (ctx_p->cipher_mode == DRV_CIPHER_CBC) { /* Allocate and save the last IV sized bytes of the source, @@ -794,8 +796,6 @@ static int cc_cipher_decrypt(struct skcipher_request *req) len = req->cryptlen - ivsize; scatterwalk_map_and_copy(req_ctx->backup_info, req->src, len, ivsize, 0); - } else { - req_ctx->backup_info = NULL; } return cc_cipher_process(req, DRV_CRYPTO_DIRECTION_DECRYPT);