git.openwrt.org Git - openwrt/staging/blogic.git/commit

author	Wenwen Wang <wang6495@umn.edu>
	Fri, 19 Oct 2018 00:50:43 +0000 (19:50 -0500)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Fri, 9 Nov 2018 09:40:58 +0000 (17:40 +0800)
commit	7172122be6a4712d699da4d261f92aa5ab3a78b8
tree	06834907673275def5400428143476c8c492feda	tree \| snapshot
parent	927574e0e85da61f84dcda15d5b6a2baa06cda46	commit \| diff

crypto: cavium/nitrox - fix a DMA pool free failure

In crypto_alloc_context(), a DMA pool is allocated through dma_pool_alloc()
to hold the crypto context. The meta data of the DMA pool, including the
pool used for the allocation 'ndev->ctx_pool' and the base address of the
DMA pool used by the device 'dma', are then stored to the beginning of the
pool. These meta data are eventually used in crypto_free_context() to free
the DMA pool through dma_pool_free(). However, given that the DMA pool can
also be accessed by the device, a malicious device can modify these meta
data, especially when the device is controlled to deploy an attack. This
can cause an unexpected DMA pool free failure.

To avoid the above issue, this patch introduces a new structure
crypto_ctx_hdr and a new field chdr in the structure nitrox_crypto_ctx hold
the meta data information of the DMA pool after the allocation. Note that
the original structure ctx_hdr is not changed to ensure the compatibility.

Cc: <stable@vger.kernel.org>
Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

drivers/crypto/cavium/nitrox/nitrox_algs.c		diff \| blob \| history
drivers/crypto/cavium/nitrox/nitrox_lib.c		diff \| blob \| history
drivers/crypto/cavium/nitrox/nitrox_req.h		diff \| blob \| history