Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp3291271pxv; Mon, 26 Jul 2021 00:06:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4HY8QOHkCQYEPysgiSDB1/1ECed65jEc/EXnjwW748rYIBJEE+sz2qBfV8OoAISkyGbzW X-Received: by 2002:a02:cf15:: with SMTP id q21mr15251930jar.119.1627283161389; Mon, 26 Jul 2021 00:06:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627283161; cv=none; d=google.com; s=arc-20160816; b=ZVoHUc9Gyex4tQBXwW0XL5unzs6SVI6VthecHLp83kTvnCyxaOObAf5d8pAleKKtPR qhiU7yyMKwF3WfZ3E+JCOOG26khz0jrVAuR8/CLeO8nsh5tCd27SkkyVdBrZfvPDtdW/ C7reTvmwlQi5rMgtSO6kSIfz7GKbRngV8Ki4o20+gfgURs2TYezlfEDOM1UDxos2kI2Y TJkLLbGFRAIF6W0V0eFpzNB4UCmgtaVu/oZMBDFVpBmgVnmgswG4pTqCBQY9F70T1qo6 y25eNncuT3Lw7i052Ek9hhvzl3xwAXtMLFq8ysJ/W5qPCmyuXKenLolZHemFCx7/JkO6 qobA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=QzFrnn4/EByGWqfuBWRVUIBP6//KrlgR4YFAj4ObM4o=; b=OcDnvEARk6DzPO9yRPA02tOGaaoyFbNvkG9xv3gaic2nW9Ee3AiUZ1DzjKbg+gBosy WKVSkhNglbjNFCLD2Lmv8XO6r/e+NLNxSz9ej1oebQqM1+D/AlBRNLPLm9I34kZ+rpFM qk8Hwuql3Rg89TUxa+4DSfBWWPqwYbN/Tch8BmaAAmrvkGI9+7P8bwFg6SW8wzMkXSnY SlaiaCPJqMgzpFa431kLx0jXBp3uddKgOZIwG9RPnSZ0w5XUX+zcNyARzONZo4EO8obP Y0m0eBOuLa/MnEefdMEjzJLpi0jWmJ4q8nmf2KidZn2ITcy0wPkwSrNURDOrHZuwlUdW 8y0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VkPMZsUL; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c17si5385557iod.43.2021.07.26.00.05.42; Mon, 26 Jul 2021 00:06:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VkPMZsUL; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231639AbhGZGZJ (ORCPT + 99 others); Mon, 26 Jul 2021 02:25:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231570AbhGZGZF (ORCPT ); Mon, 26 Jul 2021 02:25:05 -0400 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B371C061757; Mon, 26 Jul 2021 00:05:34 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id o5so14982957ejy.2; Mon, 26 Jul 2021 00:05:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=QzFrnn4/EByGWqfuBWRVUIBP6//KrlgR4YFAj4ObM4o=; b=VkPMZsULx4/+6BKCp2u6FhxPWCEMPD9uhYGBOMxqg+3Z8RFu7AyixOitCZnhKRAIzx WGl4uM0Bh/EhOf381B18dyPdz6t1nyeHV7H5bx+uvG3rdCgGOZ0z0xYEA0/P6thT92AG olkRLeqQbfpCnhhAckDSqwstoxtj/rcVdjHOqZJ3hLzK4zQ8Bj63J5HmLt7+65UFceI3 gb42S4AGsS1y6hQKENXR5Zna4g9F03GDVaYBWvFl1AVMtuz06hUhmwLZ3KRwkVrGmmym v+7Ov68FXiglTGzylWUOPP0XwkMupaIXsej26jIV46tU8ERZpTGectfVTif0+R71njvt Uw3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=QzFrnn4/EByGWqfuBWRVUIBP6//KrlgR4YFAj4ObM4o=; b=ia60aHM6wFMtqo79j91ti3/0rf6LJsPbK4KjGGyf/lMeAJ1hfbiHHSHpLSy8hIxI/R M9PfpESx0VEUi5Y6VTstBYH6oK3ZayCcl3Ek1SrVZARvgNFMNMTfVnZ45QHcVkiYC5Jz cJKIrAIfroK8PmoEcCy0r36OK13yUSDUf4b1RSq23ISwTzavQdVjTJvjurS4v5pFtTys 3tk7qQZjSwbrbH9lSdjGFjdJd/SnahQrI1jSSzmladW5h/vgiLPbryOznbs7WcT+0sZ7 lPCz2aPKMCWvJHLiI834vXEPLrjCzOtZ5nAt/ym9XBVcSmq0Tpny1DyHyfE15oswXxLo pBsQ== X-Gm-Message-State: AOAM532j2CazXlEb0r6stimNipytIwJXMyDb6CKQ1guBLy6zjAgLfdQN rq0M+42WuKyN5e0Ed6iQ4N6R6xpnBAkgrsN6AH4= X-Received: by 2002:a17:906:3006:: with SMTP id 6mr16252428ejz.73.1627283132598; Mon, 26 Jul 2021 00:05:32 -0700 (PDT) MIME-Version: 1.0 References: <20210726062801.2078117-1-mudongliangabcd@gmail.com> In-Reply-To: From: Dongliang Mu Date: Mon, 26 Jul 2021 15:05:06 +0800 Message-ID: Subject: Re: [PATCH] crypto: sun8i-ce: fix memory leak and return value of sun8i_ce_hash_run To: Corentin Labbe Cc: Herbert Xu , "David S. Miller" , Maxime Ripard , Chen-Yu Tsai , Jernej Skrabec , "Jason A. Donenfeld" , Ard Biesheuvel , Eric Biggers , Colin Ian King , Xiang Chen , Dan Carpenter , linux-crypto@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-sunxi@lists.linux.dev, linux-kernel Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, Jul 26, 2021 at 2:48 PM Corentin Labbe wrote: > > Le Mon, Jul 26, 2021 at 02:27:50PM +0800, Dongliang Mu a =C3=A9crit : > > This patch fixes some memory leak caused by dma_mmap_sg/single > > in the error handling code. In addition, it fixes the return value > > when errors related with dma_mmap_sg/single occur. > > > > Reported-by: Dongliang Mu > > Fixes: 732b764099f65 ("crypto: sun8i-ce - fix two error path's memory l= eak") > > Signed-off-by: Dongliang Mu > > --- > > .../crypto/allwinner/sun8i-ss/sun8i-ss-hash.c | 37 ++++++++++--------- > > 1 file changed, 20 insertions(+), 17 deletions(-) > > > > diff --git a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c b/driver= s/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c > > index 3c073eb3db03..7c4ed19f5466 100644 > > --- a/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c > > +++ b/drivers/crypto/allwinner/sun8i-ss/sun8i-ss-hash.c > > @@ -324,11 +324,11 @@ int sun8i_ss_hash_run(struct crypto_engine *engin= e, void *breq) > > struct sun8i_ss_alg_template *algt; > > struct sun8i_ss_dev *ss; > > struct scatterlist *sg; > > - int nr_sgs, err, digestsize; > > + int j, i, todo, nr_sgs, tmp_err, digestsize; > > + int err =3D 0; > > unsigned int len; > > u64 fill, min_fill, byte_count; > > void *pad, *result; > > - int j, i, todo; > > __be64 *bebits; > > __le64 *lebits; > > dma_addr_t addr_res, addr_pad; > > @@ -368,14 +368,14 @@ int sun8i_ss_hash_run(struct crypto_engine *engin= e, void *breq) > > if (nr_sgs <=3D 0 || nr_sgs > MAX_SG) { > > dev_err(ss->dev, "Invalid sg number %d\n", nr_sgs); > > err =3D -EINVAL; > > - goto theend; > > + goto err_result; > > } > > > > addr_res =3D dma_map_single(ss->dev, result, digestsize, DMA_FROM= _DEVICE); > > if (dma_mapping_error(ss->dev, addr_res)) { > > dev_err(ss->dev, "DMA map dest\n"); > > err =3D -EINVAL; > > - goto theend; > > + goto err_unmap_sg; > > } > > > > len =3D areq->nbytes; > > @@ -390,7 +390,7 @@ int sun8i_ss_hash_run(struct crypto_engine *engine,= void *breq) > > if (len > 0) { > > dev_err(ss->dev, "remaining len %d\n", len); > > err =3D -EINVAL; > > - goto theend; > > + goto err_addr_res; > > } > > > > byte_count =3D areq->nbytes; > > @@ -421,27 +421,30 @@ int sun8i_ss_hash_run(struct crypto_engine *engin= e, void *breq) > > } > > > > addr_pad =3D dma_map_single(ss->dev, pad, j * 4, DMA_TO_DEVICE); > > - rctx->t_src[i].addr =3D addr_pad; > > - rctx->t_src[i].len =3D j; > > - rctx->t_dst[i].addr =3D addr_res; > > - rctx->t_dst[i].len =3D digestsize / 4; > > if (dma_mapping_error(ss->dev, addr_pad)) { > > dev_err(ss->dev, "DMA error on padding SG\n"); > > err =3D -EINVAL; > > - goto theend; > > + goto err_addr_res; > > } > > + rctx->t_src[i].addr =3D addr_pad; > > + rctx->t_src[i].len =3D j; > > + rctx->t_dst[i].addr =3D addr_res; > > + rctx->t_dst[i].len =3D digestsize / 4; > > > > - err =3D sun8i_ss_run_hash_task(ss, rctx, crypto_tfm_alg_name(areq= ->base.tfm)); > > + tmp_err =3D sun8i_ss_run_hash_task(ss, rctx, crypto_tfm_alg_name(= areq->base.tfm)); > > + > > + memcpy(areq->result, result, algt->alg.hash.halg.digestsize); > > + > > + crypto_finalize_hash_request(engine, breq, tmp_err); > > > > dma_unmap_single(ss->dev, addr_pad, j * 4, DMA_TO_DEVICE); > > +err_addr_res: > > + dma_unmap_single(ss->dev, addr_res, digestsize, DMA_FROM_DEVICE); > > +err_unmap_sg: > > dma_unmap_sg(ss->dev, areq->src, sg_nents(areq->src), > > DMA_TO_DEVICE); > > - dma_unmap_single(ss->dev, addr_res, digestsize, DMA_FROM_DEVICE); > > - > > - memcpy(areq->result, result, algt->alg.hash.halg.digestsize); > > -theend: > > +err_result: > > kfree(pad); > > kfree(result); > > - crypto_finalize_hash_request(engine, breq, err); > > - return 0; > > + return err; > > } > > Hello > > This is wrong, you need to always call crypto_finalize_hash_request() > > Do you have tested your changes ? Copying results before dma_unmap() is a= lso very wrong, this will lead to random cache fail. I am sorry I don't test my changes due to no PoC or input at hand. If you know any PoC for me to test, please let me know. Thanks in advance. I am not familiar with this code. All my intention is to fix the leak caused by the incorrect error handling code. Your reply indicated two pieces of information: 1. crypto_finalize_hash_request must be executed and placed at the end 2. memcpy must be executed after dma_unmap_*() functions. Any other information I missed? I can address those issues and send a v2 pa= tch. > > Regards