LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, "Horia Geantă" <horia.geanta@nxp.com>,
	"Christophe Leroy" <christophe.leroy@c-s.fr>,
	"Herbert Xu" <herbert@gondor.apana.org.au>
Subject: [PATCH 4.9 05/32] crypto: talitos - fix IPsec cipher in length
Date: Tue,  8 May 2018 10:10:45 +0200	[thread overview]
Message-ID: <20180508074009.623023630@linuxfoundation.org> (raw)
In-Reply-To: <20180508074008.800421598@linuxfoundation.org>

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: LEROY Christophe <christophe.leroy@c-s.fr>

commit 2b1227301a8e4729409694e323b72c064c47cb6b upstream.

For SEC 2.x+, cipher in length must contain only the ciphertext length.
In case of using hardware ICV checking, the ICV length is provided via
the "extent" field of the descriptor pointer.

Cc: <stable@vger.kernel.org> # 4.8+
Fixes: 549bd8bc5987 ("crypto: talitos - Implement AEAD for SEC1 using HMAC_SNOOP_NO_AFEU")
Reported-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Tested-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[backported to 4.9.y, 4.14.y]
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/crypto/talitos.c |   41 +++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -1116,10 +1116,10 @@ next:
 	return count;
 }
 
-int talitos_sg_map(struct device *dev, struct scatterlist *src,
-		   unsigned int len, struct talitos_edesc *edesc,
-		   struct talitos_ptr *ptr,
-		   int sg_count, unsigned int offset, int tbl_off)
+static int talitos_sg_map_ext(struct device *dev, struct scatterlist *src,
+			      unsigned int len, struct talitos_edesc *edesc,
+			      struct talitos_ptr *ptr, int sg_count,
+			      unsigned int offset, int tbl_off, int elen)
 {
 	struct talitos_private *priv = dev_get_drvdata(dev);
 	bool is_sec1 = has_ftr_sec1(priv);
@@ -1130,7 +1130,7 @@ int talitos_sg_map(struct device *dev, s
 	}
 
 	to_talitos_ptr_len(ptr, len, is_sec1);
-	to_talitos_ptr_ext_set(ptr, 0, is_sec1);
+	to_talitos_ptr_ext_set(ptr, elen, is_sec1);
 
 	if (sg_count == 1) {
 		to_talitos_ptr(ptr, sg_dma_address(src) + offset, is_sec1);
@@ -1140,7 +1140,7 @@ int talitos_sg_map(struct device *dev, s
 		to_talitos_ptr(ptr, edesc->dma_link_tbl + offset, is_sec1);
 		return sg_count;
 	}
-	sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len,
+	sg_count = sg_to_link_tbl_offset(src, sg_count, offset, len + elen,
 					 &edesc->link_tbl[tbl_off]);
 	if (sg_count == 1) {
 		/* Only one segment now, so no link tbl needed*/
@@ -1154,6 +1154,15 @@ int talitos_sg_map(struct device *dev, s
 	return sg_count;
 }
 
+static int talitos_sg_map(struct device *dev, struct scatterlist *src,
+			  unsigned int len, struct talitos_edesc *edesc,
+			  struct talitos_ptr *ptr, int sg_count,
+			  unsigned int offset, int tbl_off)
+{
+	return talitos_sg_map_ext(dev, src, len, edesc, ptr, sg_count, offset,
+				  tbl_off, 0);
+}
+
 /*
  * fill in and submit ipsec_esp descriptor
  */
@@ -1171,7 +1180,7 @@ static int ipsec_esp(struct talitos_edes
 	unsigned int ivsize = crypto_aead_ivsize(aead);
 	int tbl_off = 0;
 	int sg_count, ret;
-	int sg_link_tbl_len;
+	int elen = 0;
 	bool sync_needed = false;
 	struct talitos_private *priv = dev_get_drvdata(dev);
 	bool is_sec1 = has_ftr_sec1(priv);
@@ -1225,20 +1234,12 @@ static int ipsec_esp(struct talitos_edes
 	 * extent is bytes of HMAC postpended to ciphertext,
 	 * typically 12 for ipsec
 	 */
-	to_talitos_ptr_len(&desc->ptr[4], cryptlen, is_sec1);
-	to_talitos_ptr_ext_set(&desc->ptr[4], 0, is_sec1);
-
-	sg_link_tbl_len = cryptlen;
-
-	if (desc->hdr & DESC_HDR_TYPE_IPSEC_ESP) {
-		to_talitos_ptr_ext_set(&desc->ptr[4], authsize, is_sec1);
-
-		if (edesc->desc.hdr & DESC_HDR_MODE1_MDEU_CICV)
-			sg_link_tbl_len += authsize;
-	}
+	if ((desc->hdr & DESC_HDR_TYPE_IPSEC_ESP) &&
+	    (desc->hdr & DESC_HDR_MODE1_MDEU_CICV))
+		elen = authsize;
 
-	ret = talitos_sg_map(dev, areq->src, sg_link_tbl_len, edesc,
-			     &desc->ptr[4], sg_count, areq->assoclen, tbl_off);
+	ret = talitos_sg_map_ext(dev, areq->src, cryptlen, edesc, &desc->ptr[4],
+				 sg_count, areq->assoclen, tbl_off, elen);
 
 	if (ret > 1) {
 		tbl_off += ret;

  parent reply	other threads:[~2018-05-08  8:10 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-08  8:10 [PATCH 4.9 00/32] 4.9.99-stable review Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 01/32] perf/core: Fix the perf_cpu_time_max_percent check Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 02/32] percpu: include linux/sched.h for cond_resched() Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 03/32] bpf: map_get_next_key to return first key on NULL Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 04/32] arm/arm64: KVM: Add PSCI version selection API Greg Kroah-Hartman
2018-05-08  8:10 ` Greg Kroah-Hartman [this message]
2018-05-08  8:10 ` [PATCH 4.9 06/32] serial: imx: ensure UCR3 and UFCR are setup correctly Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 07/32] USB: serial: option: Add support for Quectel EP06 Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 08/32] ALSA: pcm: Check PCM state at xfern compat ioctl Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 09/32] ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 10/32] ALSA: aloop: Mark paused device as inactive Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 11/32] ALSA: aloop: Add missing cable lock to ctl API callbacks Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 12/32] tracepoint: Do not warn on ENOMEM Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 13/32] Input: leds - fix out of bound access Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 14/32] Input: atmel_mxt_ts - add touchpad button mapping for Samsung Chromebook Pro Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 15/32] xfs: prevent creating negative-sized file via INSERT_RANGE Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 16/32] RDMA/cxgb4: release hw resources on device removal Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 17/32] RDMA/ucma: Allow resolving address w/o specifying source address Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 18/32] RDMA/mlx5: Protect from shift operand overflow Greg Kroah-Hartman
2018-05-08  8:10 ` [PATCH 4.9 19/32] NET: usb: qmi_wwan: add support for ublox R410M PID 0x90b2 Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 20/32] IB/mlx5: Use unlimited rate when static rate is not supported Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 21/32] IB/hfi1: Fix NULL pointer dereference when invalid num_vls is used Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 22/32] drm/vmwgfx: Fix a buffer object leak Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 23/32] drm/bridge: vga-dac: Fix edid memory leak Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 24/32] test_firmware: fix setting old custom fw path back on exit, second try Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 25/32] USB: serial: visor: handle potential invalid device configuration Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 26/32] USB: Accept bulk endpoints with 1024-byte maxpacket Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 27/32] USB: serial: option: reimplement interface masking Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 28/32] USB: serial: option: adding support for ublox R410M Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 29/32] usb: musb: host: fix potential NULL pointer dereference Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 30/32] usb: musb: trace: fix NULL pointer dereference in musb_g_tx() Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 31/32] platform/x86: asus-wireless: Fix NULL pointer dereference Greg Kroah-Hartman
2018-05-08  8:11 ` [PATCH 4.9 32/32] s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT Greg Kroah-Hartman
2018-05-08 14:25 ` [PATCH 4.9 00/32] 4.9.99-stable review kernelci.org bot
2018-05-08 16:21 ` Guenter Roeck
2018-05-08 18:13 ` Naresh Kamboju
2018-05-08 23:56 ` Shuah Khan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180508074009.623023630@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=christophe.leroy@c-s.fr \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --subject='Re: [PATCH 4.9 05/32] crypto: talitos - fix IPsec cipher in length' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).