linux

History

Iuliana Prodan 55b3209acb crypto: caam - fix the address of the last entry of S/G For skcipher algorithms, the input, output HW S/G tables look like this: [IV, src][dst, IV] Now, we can have 2 conditions here: - there is no IV; - src and dst are equal (in-place encryption) and scattered and the error is an "off-by-one" in the HW S/G table. This issue was seen with KASAN: BUG: KASAN: slab-out-of-bounds in skcipher_edesc_alloc+0x95c/0x1018 Read of size 4 at addr ffff000022a02958 by task cryptomgr_test/321 CPU: 2 PID: 321 Comm: cryptomgr_test Not tainted 5.6.0-rc1-00165-ge4ef8383-dirty #4 Hardware name: LS1046A RDB Board (DT) Call trace: dump_backtrace+0x0/0x260 show_stack+0x14/0x20 dump_stack+0xe8/0x144 print_address_description.isra.11+0x64/0x348 __kasan_report+0x11c/0x230 kasan_report+0xc/0x18 __asan_load4+0x90/0xb0 skcipher_edesc_alloc+0x95c/0x1018 skcipher_encrypt+0x84/0x150 crypto_skcipher_encrypt+0x50/0x68 test_skcipher_vec_cfg+0x4d4/0xc10 test_skcipher_vec+0x178/0x1d8 alg_test_skcipher+0xec/0x230 alg_test.part.44+0x114/0x4a0 alg_test+0x1c/0x60 cryptomgr_test+0x34/0x58 kthread+0x1b8/0x1c0 ret_from_fork+0x10/0x18 Allocated by task 321: save_stack+0x24/0xb0 __kasan_kmalloc.isra.10+0xc4/0xe0 kasan_kmalloc+0xc/0x18 __kmalloc+0x178/0x2b8 skcipher_edesc_alloc+0x21c/0x1018 skcipher_encrypt+0x84/0x150 crypto_skcipher_encrypt+0x50/0x68 test_skcipher_vec_cfg+0x4d4/0xc10 test_skcipher_vec+0x178/0x1d8 alg_test_skcipher+0xec/0x230 alg_test.part.44+0x114/0x4a0 alg_test+0x1c/0x60 cryptomgr_test+0x34/0x58 kthread+0x1b8/0x1c0 ret_from_fork+0x10/0x18 Freed by task 0: (stack is not available) The buggy address belongs to the object at ffff000022a02800 which belongs to the cache dma-kmalloc-512 of size 512 The buggy address is located 344 bytes inside of 512-byte region [ffff000022a02800, ffff000022a02a00) The buggy address belongs to the page: page:fffffe00006a8000 refcount:1 mapcount:0 mapping:ffff00093200c400 index:0x0 compound_mapcount: 0 flags: 0xffff00000010200(slab\|head) raw: 0ffff00000010200 dead000000000100 dead000000000122 ffff00093200c400 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff000022a02800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff000022a02880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff000022a02900: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc ^ ffff000022a02980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff000022a02a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Fixes: `334d37c9e2` ("crypto: caam - update IV using HW support") Cc: <stable@vger.kernel.org> # v5.3+ Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>		2020-04-16 16:48:56 +10:00
..
accessibility
acpi	More ACPI updates for 5.7-rc1	2020-04-10 09:52:15 -07:00
amba	Revert "amba: Initialize dma_parms for amba devices"	2020-04-01 08:03:28 +02:00
android
ata	ahci: Add Intel Comet Lake PCH RAID PCI ID	2020-04-09 09:31:38 -06:00
atm	.gitignore: add SPDX License Identifier	2020-03-25 11:50:48 +01:00
auxdisplay
base	mm/memory_hotplug: allow to specify a default online_type	2020-04-07 10:43:41 -07:00
bcma
block	xen: branch for v5.7-rc1b	2020-04-10 17:20:06 -07:00
bluetooth
bus	ARM: driver updates	2020-04-03 15:05:35 -07:00
cdrom
char	Merge branch 'akpm' (patches from Andrew)	2020-04-10 17:57:48 -07:00
clk	There's not much to see in the core framework this time around. Instead the	2020-04-05 10:43:32 -07:00
clocksource	clocksource/drivers/timer-vf-pit: Add missing parenthesis	2020-04-05 09:24:58 +02:00
connector
counter
cpufreq	Additional power management updates for 5.7-rc1	2020-04-06 10:14:39 -07:00
cpuidle	Merge branch 'pm-cpuidle'	2020-04-10 11:32:22 +02:00
crypto	crypto: caam - fix the address of the last entry of S/G	2020-04-16 16:48:56 +10:00
dax	dax: Move mandatory ->zero_page_range() check in alloc_dax()	2020-04-02 19:15:03 -07:00
dca
devfreq	PM / devfreq: Fix handling dev_pm_qos_remove_request result	2020-03-25 08:35:03 +09:00
dio
dma	drivers/dma/tegra20-apb-dma.c: fix platform_get_irq.cocci warnings	2020-04-10 15:36:22 -07:00
dma-buf	A bunch of fixes to avoid null pointer dereference in fbcon, fix a return	2020-04-08 09:14:34 +10:00
edac	Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2020-03-30 16:40:08 -07:00
eisa	.gitignore: add SPDX License Identifier	2020-03-25 11:50:48 +01:00
extcon	Char/Misc driver patches for 5.7-rc1	2020-04-03 13:22:40 -07:00
firewire
firmware	sound fixes for 5.7-rc1	2020-04-10 12:27:06 -07:00
fpga
fsi
gnss
gpio	This is the bulk of GPIO development for the v5.7 kernel cycle.	2020-04-04 10:27:00 -07:00
gpu	Kbuild updates for v5.7 (2nd)	2020-04-11 09:46:12 -07:00
greybus
hid	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid	2020-04-01 15:18:42 -07:00
hsi
hv	hv_balloon: don't check for memhp_auto_online manually	2020-04-07 10:43:40 -07:00
hwmon	change email address for Pali Rohár	2020-04-10 15:36:22 -07:00
hwspinlock	hwspinlock: hwspinlock_internal.h: Replace zero-length array with flexible-array member	2020-03-25 22:30:46 -07:00
hwtracing
i2c	Merge branch 'i2c/for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux	2020-04-02 15:54:13 -07:00
i3c	i3c: convert to use i2c_new_client_device()	2020-03-29 10:35:50 +02:00
ide	drivers/ide: Fix build regression.	2020-04-04 18:07:59 -07:00
idle	Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2020-03-30 16:40:08 -07:00
iio	chrome platform changes for 5.7	2020-04-08 21:25:49 -07:00
infiniband	RDMA 5.7 pull request	2020-04-01 18:18:18 -07:00
input	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input	2020-04-07 20:20:12 -07:00
interconnect
iommu	Merge branches 'iommu/fixes', 'arm/qcom', 'arm/omap', 'arm/smmu', 'x86/amd', 'x86/vt-d', 'virtio' and 'core' into next	2020-03-27 11:33:27 +01:00
ipack
irqchip	Two reverts addressing regressions of the Xilinx interrupt controller	2020-04-05 11:57:12 -07:00
isdn
leds	leds: core: Fix warning message when init_data	2020-04-06 23:12:08 +02:00
lightnvm	for-5.7/drivers-2020-03-29	2020-03-30 11:43:51 -07:00
macintosh	Char/Misc driver patches for 5.7-rc1	2020-04-03 13:22:40 -07:00
mailbox
mcb
md	libnvdimm for 5.7	2020-04-08 21:03:40 -07:00
media	Power management updates for 5.7-rc1	2020-03-30 15:05:01 -07:00
memory	ARM: driver updates	2020-04-03 15:05:35 -07:00
memstick
message	scsi: message: fusion: Replace zero-length array with flexible-array member	2020-03-26 22:40:47 -04:00
mfd	mfd: intel-lpss: Fix Intel Elkhart Lake LPSS I2C input clock	2020-03-30 07:35:28 +01:00
misc	virtio: fixes, vdpa	2020-04-08 10:51:53 -07:00
mmc	MMC core:	2020-03-31 16:13:09 -07:00
most
mtd	This pull request contains fixes for UBI and UBIFS:	2020-04-07 12:40:56 -07:00
mux
net	virtio: fixes, vdpa	2020-04-08 10:51:53 -07:00
nfc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2020-03-25 18:58:11 -07:00
ntb	pci-v5.7-changes	2020-04-03 14:25:02 -07:00
nubus
nvdimm	libnvdimm for 5.7	2020-04-08 21:03:40 -07:00
nvme	block-5.7-2020-04-10	2020-04-10 10:06:54 -07:00
nvmem	nvmem: core: remove nvmem_sysfs_get_groups()	2020-03-25 19:23:49 +01:00
of	Devicetree updates for v5.7:	2020-04-02 17:32:52 -07:00
opp
oprofile
parisc	parisc: Replace setup_irq() by request_irq()	2020-04-05 22:05:23 +02:00
parport
pci	IOMMU Updates for Linux v5.7	2020-04-08 11:00:00 -07:00
pcmcia	pcmcia: remove some unused space characters	2020-03-31 18:48:22 +02:00
perf	arm64 updates for 5.7:	2020-03-31 10:05:01 -07:00
phy	pci-v5.7-changes	2020-04-03 14:25:02 -07:00
pinctrl	This is the bulk of GPIO development for the v5.7 kernel cycle.	2020-04-04 10:27:00 -07:00
platform	change email address for Pali Rohár	2020-04-10 15:36:22 -07:00
pnp
power	change email address for Pali Rohár	2020-04-10 15:36:22 -07:00
powercap	Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip	2020-03-30 16:40:08 -07:00
pps
ps3	powerpc/ps3: Remove an unneeded NULL check	2020-04-03 00:09:59 +11:00
ptp	ptp: Avoid deadlocks in the programmable pin code.	2020-03-30 11:16:38 -07:00
pwm	pwm: pca9685: Fix PWM/GPIO inter-operation	2020-04-03 21:41:42 +02:00
rapidio
ras
regulator	spi/regulator: Updates for v5.7	2020-03-30 14:58:26 -07:00
remoteproc	remoteproc/omap: Fix set_load call in omap_rproc_request_timer	2020-04-03 10:47:21 -07:00
reset
rpmsg
rtc	- New Drivers	2020-04-07 19:48:52 -07:00
s390	SCSI misc on 20200410	2020-04-10 12:21:11 -07:00
sbus
scsi	SCSI misc on 20200410	2020-04-10 12:21:11 -07:00
sfi
sh
siox
slimbus
soc	RISC-V Patches for the 5.7 Merge Window, Part 1	2020-04-09 10:51:30 -07:00
soundwire	Char/Misc driver patches for 5.7-rc1	2020-04-03 13:22:40 -07:00
spi	sound updates for 5.7-rc1	2020-04-02 15:50:04 -07:00
spmi
ssb
staging	mm/vma: introduce VM_ACCESS_FLAGS	2020-04-10 15:36:21 -07:00
target	SCSI misc on 20200410	2020-04-10 12:21:11 -07:00
tc
tee	ARM: driver updates	2020-04-03 15:05:35 -07:00
thermal	- Convert tsens configuration DT binding to yaml (Rajeshwari)	2020-04-07 20:00:16 -07:00
thunderbolt
tty	powerpc updates for 5.7	2020-04-05 11:12:59 -07:00
uio
usb	SCSI misc on 20200402	2020-04-02 17:03:53 -07:00
vdpa	vdpa: move to drivers/vdpa	2020-04-02 10:41:40 -04:00
vfio	vfio: Ignore -ENODEV when getting MSI cookie	2020-04-01 13:51:51 -06:00
vhost	vhost: introduce vDPA-based backend	2020-04-02 10:41:40 -04:00
video	drm fixes for 5.7-rc1	2020-04-07 20:24:34 -07:00
virt
virtio	virtio: fixes, vdpa	2020-04-08 10:51:53 -07:00
visorbus
vlynq
vme
w1
watchdog	watchdog: Add K3 RTI watchdog support	2020-04-01 11:35:23 +02:00
xen	xen: branch for v5.7-rc1b	2020-04-10 17:20:06 -07:00
zorro	SPDX patches for 5.7-rc1.	2020-04-03 13:12:26 -07:00
Kconfig	virtio: fixes, vdpa	2020-04-08 10:51:53 -07:00
Makefile	virtio: fixes, vdpa	2020-04-08 10:51:53 -07:00