Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp673640ybm; Wed, 27 May 2020 05:25:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwQthQ+QhaqgJjlntoDTJJAcH6WDjvjO3XEXzMApT/0k7RfSIAkvNt3X46TomNYD6irJmn1 X-Received: by 2002:a17:906:a415:: with SMTP id l21mr6095008ejz.100.1590582336493; Wed, 27 May 2020 05:25:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590582336; cv=none; d=google.com; s=arc-20160816; b=MvIMvyfVKna7bLkVpFHhCKcfDXvnJnLd9QSVHIO/3ph+UyC+SC+eqrAMq+qbcWeqr+ UxeTo7/QO/cFR7EvUjYmot9KrLxi+9Kwb+wSOKRM54KAT/beDYaqZlHAk1//Sv0rtgpb 99HbzWOHnYAUjkTu34WnLjdnOJH59VaOgZhrlOEKt9SXSzcDNhLfxzyWI6595x8ioeYz oShw5YZnxe4BuRULAES0smqa5fYex121YkcVYkO1TuYeltOnJvGXvnI+mQU9ZgYd69jX 2RpY4nB8moBVt/LOOvmEciR7P8D/VEc2jrIhm+PlLOzOjGUVATtdYl6I2P8z9SVIV+Ph 2POQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=D+FkBTnlxhFt8rwKSbgbew41pOYqmQRAEPiRqzTmXOQ=; b=gBg3kE9LvbhIdopK0LJxqlA8FbES/moVxYkv2uXV6xPU3MOnywLzcy5u7licU4Dt0m /of2jkoe/ZCeITvhm4tD9YAIQPwVdjjOJPzwr6INCPiQidRyws/rULo+XrWs5jU5K1+3 y602ccryl6E3dM6YhXJLZ8uvRorYSx42BhtOzeDmDmkb0HwIYzD9pCFWOy37xlyCk0f8 LgRt2yaxHs+QZCKwKvW6xZJMOoG1tyfk/35VmJbc4UEOAGJUqM8DUGcCFXZxmiF51UWX oQWX3HVScRBXaYz3jgPLBvVrb1EfwsEhMmErOV3THijW1s2wAkn74fsl4CbV+NN4H4Nn J6WA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ti.com header.s=ti-com-17Q1 header.b="uOHn1K/c"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=ti.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g20si1600473edy.548.2020.05.27.05.25.12; Wed, 27 May 2020 05:25:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ti.com header.s=ti-com-17Q1 header.b="uOHn1K/c"; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=ti.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729396AbgE0MYt (ORCPT + 99 others); Wed, 27 May 2020 08:24:49 -0400 Received: from fllv0016.ext.ti.com ([198.47.19.142]:37686 "EHLO fllv0016.ext.ti.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729352AbgE0MYs (ORCPT ); Wed, 27 May 2020 08:24:48 -0400 Received: from lelv0266.itg.ti.com ([10.180.67.225]) by fllv0016.ext.ti.com (8.15.2/8.15.2) with ESMTP id 04RCOgv1026175; Wed, 27 May 2020 07:24:42 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ti.com; s=ti-com-17Q1; t=1590582282; bh=D+FkBTnlxhFt8rwKSbgbew41pOYqmQRAEPiRqzTmXOQ=; h=From:To:CC:Subject:Date:In-Reply-To:References; b=uOHn1K/coqZHF5iy0g7XcARebKAI7VNebv7o5r1ZT1+bRcbyRvQP0KAlVggYkrHau 36yQWfSi5Rfae03d77wuKBaVNQfgc9eBrFAS4jrJ4qiOjKyQRbVGOKXTzpvJw0PHUp Lgmqp40hpaaibJVekvWQtItkb7G/rh7X6pKZ09zI= Received: from DFLE101.ent.ti.com (dfle101.ent.ti.com [10.64.6.22]) by lelv0266.itg.ti.com (8.15.2/8.15.2) with ESMTPS id 04RCOg1G039936 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 27 May 2020 07:24:42 -0500 Received: from DFLE110.ent.ti.com (10.64.6.31) by DFLE101.ent.ti.com (10.64.6.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1979.3; Wed, 27 May 2020 07:24:41 -0500 Received: from fllv0040.itg.ti.com (10.64.41.20) by DFLE110.ent.ti.com (10.64.6.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1979.3 via Frontend Transport; Wed, 27 May 2020 07:24:41 -0500 Received: from sokoban.ti.com (ileax41-snat.itg.ti.com [10.172.224.153]) by fllv0040.itg.ti.com (8.15.2/8.15.2) with ESMTP id 04RCOYRh101979; Wed, 27 May 2020 07:24:40 -0500 From: Tero Kristo To: , , CC: Subject: [RESEND PATCHv3 4/7] crypto: omap-sham: huge buffer access fixes Date: Wed, 27 May 2020 15:24:26 +0300 Message-ID: <20200527122429.14888-5-t-kristo@ti.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200527122429.14888-1-t-kristo@ti.com> References: <20200527122429.14888-1-t-kristo@ti.com> MIME-Version: 1.0 Content-Type: text/plain X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The ctx internal buffer can only hold buflen amount of data, don't try to copy over more than that. Also, initialize the context sg pointer if we only have data in the context internal buffer, this can happen when closing a hash with certain data amounts. Signed-off-by: Tero Kristo --- drivers/crypto/omap-sham.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/omap-sham.c b/drivers/crypto/omap-sham.c index 0c837bbd8f0c..9823d7dfca9c 100644 --- a/drivers/crypto/omap-sham.c +++ b/drivers/crypto/omap-sham.c @@ -751,8 +751,15 @@ static int omap_sham_align_sgs(struct scatterlist *sg, int offset = rctx->offset; int bufcnt = rctx->bufcnt; - if (!sg || !sg->length || !nbytes) + if (!sg || !sg->length || !nbytes) { + if (bufcnt) { + sg_init_table(rctx->sgl, 1); + sg_set_buf(rctx->sgl, rctx->dd->xmit_buf, bufcnt); + rctx->sg = rctx->sgl; + } + return 0; + } new_len = nbytes; @@ -896,7 +903,7 @@ static int omap_sham_prepare_request(struct ahash_request *req, bool update) if (hash_later < 0) hash_later = 0; - if (hash_later) { + if (hash_later && hash_later <= rctx->buflen) { scatterwalk_map_and_copy(rctx->buffer, req->src, req->nbytes - hash_later, -- 2.17.1 -- Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki