Received: by 2002:a25:1104:0:0:0:0:0 with SMTP id 4csp266730ybr; Fri, 22 May 2020 06:14:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwcaHZ3unwbEoxM/9YXC3jbFqXA+r/OqDWGrFNLywjwJYyYS5Dc6q/T+rWfwcc5Nd5w4Nrf X-Received: by 2002:a17:906:ae88:: with SMTP id md8mr7822429ejb.119.1590153276843; Fri, 22 May 2020 06:14:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590153276; cv=none; d=google.com; s=arc-20160816; b=Ky8T5XJlDvV3jGbTf/55NTpz8XWS/GVlujvhsG3U7hynao4zbZQVToopB0bvseU9X2 mgmc4Ub3FkMYVu+LuQG6W3FGyRdgh+IczmRKxm2G1z6aEWE8pKf6wNT+DN8dg7clq1qO MaUhb/9PfnqP6RW9SLyHH6NkWfKhYGigsQqwZ7oo6fCDp2yhblofa/HWwy28Dg0Txufi nlDg3OHPJZrbFSoR14rTQk33sx9W93w/AKvQIEcpMvTMl6gZ+G2rXyWVh+IYWWrbrNme rtV/oUD7012hBOblahBmiJXcG556NC/18tDU74Yxg5Lb7KoBUGxvCphKViZOPi2/DEYW gsMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=quTWvhpjCKBiJkSpwZYxEQbjPm1ih2fTgolhUCVymb0=; b=l0rB6TGYV2Ec7R9ahn7ux7+m8wMQu0Zi7l+tgc6aLQ+5IUHA23TOcfnEtAqseOwcGp wqPEdwSfsQ62UmW9AjOxBKUUwhM2l/p7BTTf/z663g3AsH71XQbpHkwe/MepdZ1QjlrC cOjE1G0lOz/8ugRGTi6eACMxM5h/gy9s+K9AXMFNmbBGYIOEqU2+ezNnpSmm05FQ5zwr aJ3Z+hYW9RnaLVlB3sfC99bAaOr/xj3k6ryFNcORYiJ1kqGOwe1vCDyxtLmKPrip/xOJ rZ+ZzfPWU7uzz/LZAsnkNQC4WDQcZCkj0SdXDmaWpbEzW63zLp3J9VZiH0BtAvuoZTkE b6qg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i3si4557504ejg.428.2020.05.22.06.13.59; Fri, 22 May 2020 06:14:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729838AbgEVNNL (ORCPT + 99 others); Fri, 22 May 2020 09:13:11 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:39262 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729334AbgEVNNL (ORCPT ); Fri, 22 May 2020 09:13:11 -0400 Received: from gwarestrin.arnor.me.apana.org.au ([192.168.0.7]) by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian)) id 1jc7Tj-0007Pz-B1; Fri, 22 May 2020 23:12:48 +1000 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Fri, 22 May 2020 23:12:47 +1000 Date: Fri, 22 May 2020 23:12:47 +1000 From: Herbert Xu To: Tero Kristo Cc: davem@davemloft.net, linux-crypto@vger.kernel.org, linux-omap@vger.kernel.org, Tejun Heo Subject: Re: [PATCHv2 3/7] crypto: omap-crypto: fix userspace copied buffer access Message-ID: <20200522131247.GA27255@gondor.apana.org.au> References: <20200511111913.26541-1-t-kristo@ti.com> <20200511111913.26541-4-t-kristo@ti.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200511111913.26541-4-t-kristo@ti.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, May 11, 2020 at 02:19:09PM +0300, Tero Kristo wrote: > In case buffers are copied from userspace, directly accessing the page > will most likely fail because it hasn't been mapped into the kernel > memory space. Fix the issue by forcing a kmap / kunmap within the > cleanup functionality. > > Signed-off-by: Tero Kristo > --- > drivers/crypto/omap-crypto.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/drivers/crypto/omap-crypto.c b/drivers/crypto/omap-crypto.c > index cc88b7362bc2..31bdb1d76d11 100644 > --- a/drivers/crypto/omap-crypto.c > +++ b/drivers/crypto/omap-crypto.c > @@ -178,11 +178,16 @@ static void omap_crypto_copy_data(struct scatterlist *src, > amt = min(src->length - srco, dst->length - dsto); > amt = min(len, amt); > > - srcb = sg_virt(src) + srco; > - dstb = sg_virt(dst) + dsto; > + srcb = kmap_atomic(sg_page(src)) + srco + src->offset; > + dstb = kmap_atomic(sg_page(dst)) + dsto + dst->offset; > > memcpy(dstb, srcb, amt); > > + flush_dcache_page(sg_page(dst)); You need to check !PageSlab as it's illegal to call it on a kernel page. Also you should be using flush_kernel_dcache_page. scatterwalk uses flush_dcache_page only because when it was created the other function didn't exist. Would it be possible to use the sg_miter interface to do the copy? In fact your function could possibly be added to lib/scatterlist.c as it seems to be quite generic. Thanks, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt