[meta-freescale] [PATCH 56/60] cryptodev: update to commit 53e4d0fe

ting.liu at nxp.com ting.liu at nxp.com
Fri Jan 8 22:43:49 PST 2016


From: Ting Liu <ting.liu at nxp.com>

New commits imported:
53e4d0f fix COMPAT_CIOCKEY ioctl command number
7d0d0de remove MAY_BACKLOG flag from requests
85146b8 fix double free pkc->req on error
4078382 check return codes for copy to/from user functions

Signed-off-by: Ting Liu <ting.liu at nxp.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo at nxp.com>
---
 recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc   |   4 +
 ...urn-codes-for-copy-to-from-user-functions.patch | 398 +++++++++++++++++++++
 .../0022-fix-double-free-pkc-req-on-error.patch    |  26 ++
 ...023-remove-MAY_BACKLOG-flag-from-requests.patch |  69 ++++
 ...4-fix-COMPAT_CIOCKEY-ioctl-command-number.patch |  29 ++
 5 files changed, 526 insertions(+)
 create mode 100644 recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch
 create mode 100644 recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch
 create mode 100644 recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch
 create mode 100644 recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch

diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc
index ffd07a8..aa0e994 100644
--- a/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc
+++ b/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc
@@ -47,6 +47,10 @@ file://0017-remove-dead-code.patch \
 file://0018-fix-compat-warnings.patch \
 file://0019-fix-size_t-print-format.patch \
 file://0020-fix-uninitialized-variable-compiler-warning.patch \
+file://0021-check-return-codes-for-copy-to-from-user-functions.patch \
+file://0022-fix-double-free-pkc-req-on-error.patch \
+file://0023-remove-MAY_BACKLOG-flag-from-requests.patch \
+file://0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch \
 "
 
 # NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc
diff --git a/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch b/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch
new file mode 100644
index 0000000..558d045
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch
@@ -0,0 +1,398 @@
+From 4078382cfc69c0f5e582d485fe8cc778f9e458d1 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Mon, 21 Sep 2015 16:39:52 +0300
+Subject: [PATCH 21/23] check return codes for copy to/from user functions
+
+- these functions may fail and we should check their return codes.
+- fix an unintended fall-through in CRK_DSA_GENERATE_KEY
+- fix incorrect return code for CIOCASYMFETCHCOOKIE
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ ioctl.c |  42 +++++++--------
+ main.c  | 183 ++++++++++++++++++++++++++++++----------------------------------
+ 2 files changed, 108 insertions(+), 117 deletions(-)
+
+diff --git a/ioctl.c b/ioctl.c
+index 7cd3c56..8fa3e5c 100644
+--- a/ioctl.c
++++ b/ioctl.c
+@@ -711,13 +711,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ 	case CRK_MOD_EXP:
+ 	{
+ 		struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req;
+-		copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
++		ret = copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
+ 	}
+ 	break;
+ 	case CRK_MOD_EXP_CRT:
+ 	{
+ 		struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3;
+-		copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
++		ret = copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
+ 	}
+ 	break;
+ 	case CRK_DSA_SIGN:
+@@ -725,11 +725,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ 		struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign;
+ 
+ 		if (pkc->req->type == ECDSA_SIGN) {
+-			copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len);
+-			copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
++			ret = copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) ||
++			      copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
+ 		} else {
+-			copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len);
+-			copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
++			ret = copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) ||
++			      copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
+ 		}
+ 	}
+ 	break;
+@@ -739,9 +739,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ 	{
+ 		struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req;
+ 		if (pkc->req->type == ECDH_COMPUTE_KEY)
+-			copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
++			ret = copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
+ 		else
+-			copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
++			ret = copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
+ 	}
+ 	break;
+ 	case CRK_DSA_GENERATE_KEY:
+@@ -750,16 +750,17 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
+ 		struct keygen_req_s *key_req = &pkc->req->req_u.keygen;
+ 
+ 		if (pkc->req->type == ECC_KEYGEN) {
+-			copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
+-					key_req->pub_key_len);
+-			copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
++			ret = copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
++					key_req->pub_key_len) ||
++			      copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
+ 					key_req->priv_key_len);
+ 		} else {
+-			copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key,
+-					key_req->pub_key_len);
+-			copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key,
++			ret = copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key,
++					key_req->pub_key_len) ||
++			      copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key,
+ 					key_req->priv_key_len);
+ 		}
++	break;
+ 	}
+ 	default:
+ 		ret = -EINVAL;
+@@ -1115,14 +1116,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
+ 
+ 		/* Reflect the updated request to user-space */
+ 		if (cookie_list.cookie_available) {
+-			copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s));
++			ret = copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s));
+ 		} else {
+ 			struct pkc_cookie_list_s *user_ck_list = (void *)arg;
+-			put_user(0, &(user_ck_list->cookie_available));
++			ret = put_user(0, &(user_ck_list->cookie_available));
+ 		}
+-		ret = cookie_list.cookie_available;
+ 	}
+-
+ 	return ret;
+ 	default:
+ 		return -EINVAL;
+@@ -1417,9 +1416,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
+ 		}
+ 
+ 		/* Reflect the updated request to user-space */
+-		if (cookie_list.cookie_available)
+-			copy_to_user(arg, &cookie_list,
+-				     sizeof(struct compat_pkc_cookie_list_s));
++		if (cookie_list.cookie_available) {
++			ret = copy_to_user(arg, &cookie_list,
++					sizeof(struct compat_pkc_cookie_list_s));
++		}
+ 	}
+ 	return ret;
+ 	default:
+diff --git a/main.c b/main.c
+index ed1c69a..e5adb93 100644
+--- a/main.c
++++ b/main.c
+@@ -223,31 +223,29 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
+ 	dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len;
+ 	dsa_req->c = dsa_req->m + dsa_req->m_len;
+ 	dsa_req->d = dsa_req->c + dsa_req->d_len;
+-	copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
+-	copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
+-	copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
+-	copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
+-	copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p,
+-		       dsa_req->priv_key_len);
++	rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) ||
++	     copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) ||
++	     copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) ||
++	     copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) ||
++	     copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, dsa_req->priv_key_len);
+ 	if (cop->crk_iparams == 6) {
+ 		dsa_req->ab = dsa_req->d + dsa_req->d_len;
+-		copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
++		rc = rc || copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
+ 			       dsa_req->ab_len);
+ 	}
++	if (rc)
++		goto err;
++
+ 	rc = cryptodev_pkc_offload(pkc);
+ 	if (pkc->type == SYNCHRONOUS) {
+-		if (rc)
+-			goto err;
+ 		if (cop->crk_iparams == 6) {
+-			copy_to_user(cop->crk_param[6].crp_p, dsa_req->c,
+-				     dsa_req->d_len);
+-			copy_to_user(cop->crk_param[7].crp_p, dsa_req->d,
+-				     dsa_req->d_len);
++			rc = rc ||
++			     copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) ||
++			     copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
+ 		} else {
+-			copy_to_user(cop->crk_param[5].crp_p, dsa_req->c,
+-				     dsa_req->d_len);
+-			copy_to_user(cop->crk_param[6].crp_p, dsa_req->d,
+-				     dsa_req->d_len);
++			rc = rc ||
++			     copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) ||
++			     copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
+ 		}
+ 	} else {
+ 		if (rc != -EINPROGRESS && rc != 0)
+@@ -303,31 +301,28 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
+ 	dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len;
+ 	dsa_req->c = dsa_req->m + dsa_req->m_len;
+ 	dsa_req->d = dsa_req->c + dsa_req->d_len;
+-	copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
+-	copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
+-	copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
+-	copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
+-	copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p,
+-		       dsa_req->pub_key_len);
++	rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) ||
++	     copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) ||
++	     copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) ||
++	     copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) ||
++	     copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, dsa_req->pub_key_len);
+ 	if (cop->crk_iparams == 8) {
+ 		dsa_req->ab = dsa_req->d + dsa_req->d_len;
+-		copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
+-			       dsa_req->ab_len);
+-		copy_from_user(dsa_req->c, cop->crk_param[6].crp_p,
+-			       dsa_req->d_len);
+-		copy_from_user(dsa_req->d, cop->crk_param[7].crp_p,
+-			       dsa_req->d_len);
++		rc = rc ||
++		     copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, dsa_req->ab_len) ||
++		     copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, dsa_req->d_len) ||
++		     copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, dsa_req->d_len);
+ 	} else {
+-		copy_from_user(dsa_req->c, cop->crk_param[5].crp_p,
+-			       dsa_req->d_len);
+-		copy_from_user(dsa_req->d, cop->crk_param[6].crp_p,
+-			       dsa_req->d_len);
++		rc = rc ||
++		     copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, dsa_req->d_len) ||
++		     copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, dsa_req->d_len);
+ 	}
++
++	if (rc)
++		goto err;
++
+ 	rc = cryptodev_pkc_offload(pkc);
+-	if (pkc->type == SYNCHRONOUS) {
+-		if (rc)
+-			goto err;
+-	} else {
++	if (pkc->type != SYNCHRONOUS) {
+ 		if (rc != -EINPROGRESS && !rc)
+ 			goto err;
+ 		pkc->cookie = buf;
+@@ -380,24 +375,15 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
+ 	rc = cryptodev_pkc_offload(pkc);
+ 
+ 	if (pkc->type == SYNCHRONOUS) {
+-		if (rc)
+-			goto err;
+-
+-		copy_to_user(cop->crk_param[0].crp_p,
+-				key_req->p, key_req->p_len);
+-		copy_to_user(cop->crk_param[1].crp_p,
+-				key_req->q, key_req->q_len);
+-		copy_to_user(cop->crk_param[2].crp_p,
+-				key_req->n, key_req->n_len);
+-		copy_to_user(cop->crk_param[3].crp_p,
+-				key_req->d, key_req->d_len);
+-		copy_to_user(cop->crk_param[4].crp_p,
+-				key_req->dp, key_req->dp_len);
+-		copy_to_user(cop->crk_param[5].crp_p,
+-				key_req->dq, key_req->dq_len);
+-		copy_to_user(cop->crk_param[6].crp_p,
+-				key_req->c, key_req->c_len);
+-		} else {
++		rc = rc ||
++		     copy_to_user(cop->crk_param[0].crp_p, key_req->p, key_req->p_len) ||
++		     copy_to_user(cop->crk_param[1].crp_p, key_req->q, key_req->q_len) ||
++		     copy_to_user(cop->crk_param[2].crp_p, key_req->n, key_req->n_len) ||
++		     copy_to_user(cop->crk_param[3].crp_p, key_req->d, key_req->d_len) ||
++		     copy_to_user(cop->crk_param[4].crp_p, key_req->dp, key_req->dp_len) ||
++		     copy_to_user(cop->crk_param[5].crp_p, key_req->dq, key_req->dq_len) ||
++		     copy_to_user(cop->crk_param[6].crp_p, key_req->c, key_req->c_len);
++	} else {
+ 		if (rc != -EINPROGRESS && !rc) {
+ 			printk("%s: Failed\n", __func__);
+ 			goto err;
+@@ -451,30 +437,33 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
+ 	key_req->g = key_req->r + key_req->r_len;
+ 	key_req->pub_key = key_req->g + key_req->g_len;
+ 	key_req->priv_key = key_req->pub_key + key_req->pub_key_len;
+-	copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
+-	copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
+-	copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
++	rc = copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len) ||
++	     copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len) ||
++	     copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
++
+ 	if (cop->crk_iparams == 4) {
+ 		key_req->ab = key_req->priv_key + key_req->priv_key_len;
+-		copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
++		rc = rc || copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
+ 			       key_req->ab_len);
+ 	}
+ 
++	if (rc)
++		goto err;
++
+ 	rc = cryptodev_pkc_offload(pkc);
+ 	if (pkc->type == SYNCHRONOUS) {
+-		if (rc)
+-			goto err;
+-
+ 		if (cop->crk_iparams == 4) {
+-			copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
+-				     key_req->pub_key_len);
+-			copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
++			rc = rc ||
++			     copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
++				     key_req->pub_key_len) ||
++			     copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
+ 				     key_req->priv_key_len);
+ 		} else {
+-			copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
+-				     key_req->pub_key_len);
+-			copy_to_user(cop->crk_param[4].crp_p,
+-				     key_req->priv_key, key_req->priv_key_len);
++			rc = rc ||
++			     copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
++				     key_req->pub_key_len) ||
++			     copy_to_user(cop->crk_param[4].crp_p, key_req->priv_key,
++				     key_req->priv_key_len);
+ 		}
+ 	} else {
+ 		if (rc != -EINPROGRESS && !rc)
+@@ -495,7 +484,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+ 	struct dh_key_req_s *dh_req;
+ 	int buf_size;
+ 	uint8_t *buf;
+-	int rc = -EINVAL;
++	int rc = 0;
+ 
+ 	dh_req = &pkc->req->req_u.dh_req;
+ 	dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
+@@ -520,22 +509,23 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
+ 	if (cop->crk_iparams == 4) {
+ 		dh_req->ab = dh_req->z + dh_req->z_len;
+ 		pkc->req->curve_type = cop->curve_type;
+-		copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
+-			       dh_req->ab_len);
++		rc = copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, dh_req->ab_len);
+ 	}
+-	copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len);
+-	copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p,
+-		       dh_req->pub_key_len);
+-	copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
++
++	rc = rc ||
++	     copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len) ||
++	     copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, dh_req->pub_key_len) ||
++	     copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
++	if (rc)
++		goto err;
++
+ 	rc = cryptodev_pkc_offload(pkc);
+ 	if (pkc->type == SYNCHRONOUS) {
+-		if (rc)
+-			goto err;
+ 		if (cop->crk_iparams == 4)
+-			copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
++			rc = rc || copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
+ 				     dh_req->z_len);
+ 		else
+-			copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
++			rc = rc || copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
+ 				     dh_req->z_len);
+ 	} else {
+ 		if (rc != -EINPROGRESS && rc != 0)
+@@ -582,19 +572,19 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
+ 	rsa_req->dq = rsa_req->dp + rsa_req->dp_len;
+ 	rsa_req->c = rsa_req->dq + rsa_req->dq_len;
+ 	rsa_req->f = rsa_req->c + rsa_req->c_len;
+-	copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len);
+-	copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len);
+-	copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len);
+-	copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len);
+-	copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len);
+-	copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
++	rc = copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len) ||
++	     copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len) ||
++	     copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len) ||
++	     copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len) ||
++	     copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len) ||
++	     copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
++	if (rc)
++		goto err;
++
+ 	rc = cryptodev_pkc_offload(pkc);
+ 
+ 	if (pkc->type == SYNCHRONOUS) {
+-		if (rc)
+-			goto err;
+-		copy_to_user(cop->crk_param[6].crp_p, rsa_req->f,
+-			     rsa_req->f_len);
++		rc = rc || copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
+ 	} else {
+ 		if (rc != -EINPROGRESS && rc != 0)
+ 			goto err;
+@@ -633,14 +623,15 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
+ 	rsa_req->f = rsa_req->e + rsa_req->e_len;
+ 	rsa_req->g = rsa_req->f + rsa_req->f_len;
+ 	rsa_req->n = rsa_req->g + rsa_req->g_len;
+-	copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len);
+-	copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len);
+-	copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
++	rc = copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len) ||
++	     copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len) ||
++	     copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
++	if (rc)
++		goto err;
++
+ 	rc = cryptodev_pkc_offload(pkc);
+ 	if (pkc->type == SYNCHRONOUS) {
+-		if (rc)
+-			goto err;
+-		copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
++		rc = rc || copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
+ 	} else {
+ 		if (rc != -EINPROGRESS && rc != 0)
+ 			goto err;
+-- 
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch b/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch
new file mode 100644
index 0000000..6e747e0
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch
@@ -0,0 +1,26 @@
+From 85146b8429ba11bd0be68c24c17dd77b21ec8c25 Mon Sep 17 00:00:00 2001
+From: Cristian Stoica <cristian.stoica at freescale.com>
+Date: Mon, 12 Oct 2015 23:03:28 +0300
+Subject: [PATCH 22/23] fix double free pkc->req on error
+
+Signed-off-by: Cristian Stoica <cristian.stoica at freescale.com>
+---
+ main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/main.c b/main.c
+index e5adb93..ec11129 100644
+--- a/main.c
++++ b/main.c
+@@ -747,7 +747,7 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
+ 	/* todo - fix alloc-free on error path */
+ 	pkc->req->type = pkc_req_type;
+ 	err = call_next_action(pkc);
+-	if (pkc->type == SYNCHRONOUS)
++	if (err == 0 && pkc->type == SYNCHRONOUS)
+ 		kfree(pkc->req);
+ 
+ 	return err;
+-- 
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch b/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch
new file mode 100644
index 0000000..32c3ddd
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch
@@ -0,0 +1,69 @@
+From 7d0d0deb255f8c59b0cf6d3944ee2e3be4133b4c Mon Sep 17 00:00:00 2001
+From: Alex Porosanu <alexandru.porosanu at freescale.com>
+Date: Mon, 19 Oct 2015 11:53:11 +0300
+Subject: [PATCH 23/23] remove MAY_BACKLOG flag from requests
+
+cryptodev doesn't implement the backlogging mechanism properly,
+since it misses the possibility of sleeping and waiting for
+wake-up when the crypto driver below starts working on the
+submitted backloggable request.
+In case the crypto driver below implements backlogging mechanisms,
+this can lead to side-effects such as working on previously-free'ed
+data.
+This patch removes the MAY_BACKLOG flag from the requests.
+
+Change-Id: Ia3d822b1abfc1a51e2ce3e9682476b2c99d19c5a
+Signed-off-by: Alex Porosanu <alexandru.porosanu at freescale.com>
+---
+ cryptlib.c | 14 +++++---------
+ 1 file changed, 5 insertions(+), 9 deletions(-)
+
+diff --git a/cryptlib.c b/cryptlib.c
+index 10f5e1a..eba4616 100644
+--- a/cryptlib.c
++++ b/cryptlib.c
+@@ -194,8 +194,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+ 			goto error;
+ 		}
+ 
+-		ablkcipher_request_set_callback(out->async.request,
+-					CRYPTO_TFM_REQ_MAY_BACKLOG,
++		ablkcipher_request_set_callback(out->async.request, 0,
+ 					cryptodev_complete, out->async.result);
+ 	} else {
+ 		out->async.arequest = aead_request_alloc(out->async.as, GFP_KERNEL);
+@@ -205,8 +204,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
+ 			goto error;
+ 		}
+ 
+-		aead_request_set_callback(out->async.arequest,
+-					CRYPTO_TFM_REQ_MAY_BACKLOG,
++		aead_request_set_callback(out->async.arequest, 0,
+ 					cryptodev_complete, out->async.result);
+ 	}
+ 
+@@ -362,9 +360,8 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
+ 		goto error;
+ 	}
+ 
+-	ahash_request_set_callback(hdata->async.request,
+-			CRYPTO_TFM_REQ_MAY_BACKLOG,
+-			cryptodev_complete, hdata->async.result);
++	ahash_request_set_callback(hdata->async.request, 0,
++				   cryptodev_complete, hdata->async.result);
+ 
+ 	ret = crypto_ahash_init(hdata->async.request);
+ 	if (unlikely(ret)) {
+@@ -439,8 +436,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
+ 	int ret;
+ 
+ 	init_completion(&pkc->result.completion);
+-	pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
+-				 cryptodev_complete_asym, pkc);
++	pkc_request_set_callback(pkc->req, 0, cryptodev_complete_asym, pkc);
+ 	ret = crypto_pkc_op(pkc->req);
+ 	if (ret != -EINPROGRESS && ret != 0)
+ 		goto error;
+-- 
+2.3.5
+
diff --git a/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch b/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch
new file mode 100644
index 0000000..8d0bd8b
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch
@@ -0,0 +1,29 @@
+From 53e4d0fe4a334dae3df32b2053e4ebdfda2e9148 Mon Sep 17 00:00:00 2001
+From: Tudor Ambarus <tudor.ambarus at freescale.com>
+Date: Tue, 27 Oct 2015 15:51:02 +0200
+Subject: [PATCH] fix COMPAT_CIOCKEY ioctl command number
+
+CIOCKEY and COMPAT_CIOCKEY had different command numbers,
+so that 32-bit applications got EINVAL error on 64-bit kernel.
+
+Signed-off-by: Tudor Ambarus <tudor.ambarus at freescale.com>
+---
+ cryptodev_int.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cryptodev_int.h b/cryptodev_int.h
+index c83c885..cb005d7 100644
+--- a/cryptodev_int.h
++++ b/cryptodev_int.h
+@@ -132,7 +132,7 @@ struct compat_crypt_auth_op {
+ /* compat ioctls, defined for the above structs */
+ #define COMPAT_CIOCGSESSION    _IOWR('c', 102, struct compat_session_op)
+ #define COMPAT_CIOCCRYPT       _IOWR('c', 104, struct compat_crypt_op)
+-#define COMPAT_CIOCKEY    _IOW('c', 105, struct compat_crypt_kop)
++#define COMPAT_CIOCKEY    _IOWR('c', 105, struct compat_crypt_kop)
+ #define COMPAT_CIOCASYNCCRYPT  _IOW('c', 107, struct compat_crypt_op)
+ #define COMPAT_CIOCASYNCFETCH  _IOR('c', 108, struct compat_crypt_op)
+ #define COMPAT_CIOCAUTHCRYPT   _IOWR('c', 109, struct compat_crypt_auth_op)
+-- 
+2.3.3
+
-- 
1.9.2



More information about the meta-freescale mailing list