summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc4
-rw-r--r--recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch398
-rw-r--r--recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch26
-rw-r--r--recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch69
-rw-r--r--recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch29
5 files changed, 526 insertions, 0 deletions
diff --git a/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc b/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc
index ffd07a85f..aa0e9948f 100644
--- a/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc
+++ b/recipes-kernel/cryptodev/cryptodev-qoriq_1.7.inc
@@ -47,6 +47,10 @@ file://0017-remove-dead-code.patch \
47file://0018-fix-compat-warnings.patch \ 47file://0018-fix-compat-warnings.patch \
48file://0019-fix-size_t-print-format.patch \ 48file://0019-fix-size_t-print-format.patch \
49file://0020-fix-uninitialized-variable-compiler-warning.patch \ 49file://0020-fix-uninitialized-variable-compiler-warning.patch \
50file://0021-check-return-codes-for-copy-to-from-user-functions.patch \
51file://0022-fix-double-free-pkc-req-on-error.patch \
52file://0023-remove-MAY_BACKLOG-flag-from-requests.patch \
53file://0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch \
50" 54"
51 55
52# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc 56# NOTE: remove this patch and all traces of DISTRO_FEATURE c29x_pkc
diff --git a/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch b/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch
new file mode 100644
index 000000000..558d045fb
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0021-check-return-codes-for-copy-to-from-user-functions.patch
@@ -0,0 +1,398 @@
1From 4078382cfc69c0f5e582d485fe8cc778f9e458d1 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 21 Sep 2015 16:39:52 +0300
4Subject: [PATCH 21/23] check return codes for copy to/from user functions
5
6- these functions may fail and we should check their return codes.
7- fix an unintended fall-through in CRK_DSA_GENERATE_KEY
8- fix incorrect return code for CIOCASYMFETCHCOOKIE
9
10Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
11---
12 ioctl.c | 42 +++++++--------
13 main.c | 183 ++++++++++++++++++++++++++++++----------------------------------
14 2 files changed, 108 insertions(+), 117 deletions(-)
15
16diff --git a/ioctl.c b/ioctl.c
17index 7cd3c56..8fa3e5c 100644
18--- a/ioctl.c
19+++ b/ioctl.c
20@@ -711,13 +711,13 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
21 case CRK_MOD_EXP:
22 {
23 struct rsa_pub_req_s *rsa_req = &pkc->req->req_u.rsa_pub_req;
24- copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
25+ ret = copy_to_user(ckop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
26 }
27 break;
28 case CRK_MOD_EXP_CRT:
29 {
30 struct rsa_priv_frm3_req_s *rsa_req = &pkc->req->req_u.rsa_priv_f3;
31- copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
32+ ret = copy_to_user(ckop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
33 }
34 break;
35 case CRK_DSA_SIGN:
36@@ -725,11 +725,11 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
37 struct dsa_sign_req_s *dsa_req = &pkc->req->req_u.dsa_sign;
38
39 if (pkc->req->type == ECDSA_SIGN) {
40- copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len);
41- copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
42+ ret = copy_to_user(ckop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) ||
43+ copy_to_user(ckop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
44 } else {
45- copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len);
46- copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
47+ ret = copy_to_user(ckop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) ||
48+ copy_to_user(ckop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
49 }
50 }
51 break;
52@@ -739,9 +739,9 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
53 {
54 struct dh_key_req_s *dh_req = &pkc->req->req_u.dh_req;
55 if (pkc->req->type == ECDH_COMPUTE_KEY)
56- copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
57+ ret = copy_to_user(ckop->crk_param[4].crp_p, dh_req->z, dh_req->z_len);
58 else
59- copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
60+ ret = copy_to_user(ckop->crk_param[3].crp_p, dh_req->z, dh_req->z_len);
61 }
62 break;
63 case CRK_DSA_GENERATE_KEY:
64@@ -750,16 +750,17 @@ static int crypto_async_fetch_asym(struct cryptodev_pkc *pkc)
65 struct keygen_req_s *key_req = &pkc->req->req_u.keygen;
66
67 if (pkc->req->type == ECC_KEYGEN) {
68- copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
69- key_req->pub_key_len);
70- copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
71+ ret = copy_to_user(ckop->crk_param[4].crp_p, key_req->pub_key,
72+ key_req->pub_key_len) ||
73+ copy_to_user(ckop->crk_param[5].crp_p, key_req->priv_key,
74 key_req->priv_key_len);
75 } else {
76- copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key,
77- key_req->pub_key_len);
78- copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key,
79+ ret = copy_to_user(ckop->crk_param[3].crp_p, key_req->pub_key,
80+ key_req->pub_key_len) ||
81+ copy_to_user(ckop->crk_param[4].crp_p, key_req->priv_key,
82 key_req->priv_key_len);
83 }
84+ break;
85 }
86 default:
87 ret = -EINVAL;
88@@ -1115,14 +1116,12 @@ cryptodev_ioctl(struct file *filp, unsigned int cmd, unsigned long arg_)
89
90 /* Reflect the updated request to user-space */
91 if (cookie_list.cookie_available) {
92- copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s));
93+ ret = copy_to_user(arg, &cookie_list, sizeof(struct pkc_cookie_list_s));
94 } else {
95 struct pkc_cookie_list_s *user_ck_list = (void *)arg;
96- put_user(0, &(user_ck_list->cookie_available));
97+ ret = put_user(0, &(user_ck_list->cookie_available));
98 }
99- ret = cookie_list.cookie_available;
100 }
101-
102 return ret;
103 default:
104 return -EINVAL;
105@@ -1417,9 +1416,10 @@ cryptodev_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg_)
106 }
107
108 /* Reflect the updated request to user-space */
109- if (cookie_list.cookie_available)
110- copy_to_user(arg, &cookie_list,
111- sizeof(struct compat_pkc_cookie_list_s));
112+ if (cookie_list.cookie_available) {
113+ ret = copy_to_user(arg, &cookie_list,
114+ sizeof(struct compat_pkc_cookie_list_s));
115+ }
116 }
117 return ret;
118 default:
119diff --git a/main.c b/main.c
120index ed1c69a..e5adb93 100644
121--- a/main.c
122+++ b/main.c
123@@ -223,31 +223,29 @@ int crypto_kop_dsasign(struct cryptodev_pkc *pkc)
124 dsa_req->m = dsa_req->priv_key + dsa_req->priv_key_len;
125 dsa_req->c = dsa_req->m + dsa_req->m_len;
126 dsa_req->d = dsa_req->c + dsa_req->d_len;
127- copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
128- copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
129- copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
130- copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
131- copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p,
132- dsa_req->priv_key_len);
133+ rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) ||
134+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) ||
135+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) ||
136+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) ||
137+ copy_from_user(dsa_req->priv_key, cop->crk_param[4].crp_p, dsa_req->priv_key_len);
138 if (cop->crk_iparams == 6) {
139 dsa_req->ab = dsa_req->d + dsa_req->d_len;
140- copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
141+ rc = rc || copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
142 dsa_req->ab_len);
143 }
144+ if (rc)
145+ goto err;
146+
147 rc = cryptodev_pkc_offload(pkc);
148 if (pkc->type == SYNCHRONOUS) {
149- if (rc)
150- goto err;
151 if (cop->crk_iparams == 6) {
152- copy_to_user(cop->crk_param[6].crp_p, dsa_req->c,
153- dsa_req->d_len);
154- copy_to_user(cop->crk_param[7].crp_p, dsa_req->d,
155- dsa_req->d_len);
156+ rc = rc ||
157+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->c, dsa_req->d_len) ||
158+ copy_to_user(cop->crk_param[7].crp_p, dsa_req->d, dsa_req->d_len);
159 } else {
160- copy_to_user(cop->crk_param[5].crp_p, dsa_req->c,
161- dsa_req->d_len);
162- copy_to_user(cop->crk_param[6].crp_p, dsa_req->d,
163- dsa_req->d_len);
164+ rc = rc ||
165+ copy_to_user(cop->crk_param[5].crp_p, dsa_req->c, dsa_req->d_len) ||
166+ copy_to_user(cop->crk_param[6].crp_p, dsa_req->d, dsa_req->d_len);
167 }
168 } else {
169 if (rc != -EINPROGRESS && rc != 0)
170@@ -303,31 +301,28 @@ int crypto_kop_dsaverify(struct cryptodev_pkc *pkc)
171 dsa_req->m = dsa_req->pub_key + dsa_req->pub_key_len;
172 dsa_req->c = dsa_req->m + dsa_req->m_len;
173 dsa_req->d = dsa_req->c + dsa_req->d_len;
174- copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len);
175- copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len);
176- copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len);
177- copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len);
178- copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p,
179- dsa_req->pub_key_len);
180+ rc = copy_from_user(dsa_req->m, cop->crk_param[0].crp_p, dsa_req->m_len) ||
181+ copy_from_user(dsa_req->q, cop->crk_param[1].crp_p, dsa_req->q_len) ||
182+ copy_from_user(dsa_req->r, cop->crk_param[2].crp_p, dsa_req->r_len) ||
183+ copy_from_user(dsa_req->g, cop->crk_param[3].crp_p, dsa_req->g_len) ||
184+ copy_from_user(dsa_req->pub_key, cop->crk_param[4].crp_p, dsa_req->pub_key_len);
185 if (cop->crk_iparams == 8) {
186 dsa_req->ab = dsa_req->d + dsa_req->d_len;
187- copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p,
188- dsa_req->ab_len);
189- copy_from_user(dsa_req->c, cop->crk_param[6].crp_p,
190- dsa_req->d_len);
191- copy_from_user(dsa_req->d, cop->crk_param[7].crp_p,
192- dsa_req->d_len);
193+ rc = rc ||
194+ copy_from_user(dsa_req->ab, cop->crk_param[5].crp_p, dsa_req->ab_len) ||
195+ copy_from_user(dsa_req->c, cop->crk_param[6].crp_p, dsa_req->d_len) ||
196+ copy_from_user(dsa_req->d, cop->crk_param[7].crp_p, dsa_req->d_len);
197 } else {
198- copy_from_user(dsa_req->c, cop->crk_param[5].crp_p,
199- dsa_req->d_len);
200- copy_from_user(dsa_req->d, cop->crk_param[6].crp_p,
201- dsa_req->d_len);
202+ rc = rc ||
203+ copy_from_user(dsa_req->c, cop->crk_param[5].crp_p, dsa_req->d_len) ||
204+ copy_from_user(dsa_req->d, cop->crk_param[6].crp_p, dsa_req->d_len);
205 }
206+
207+ if (rc)
208+ goto err;
209+
210 rc = cryptodev_pkc_offload(pkc);
211- if (pkc->type == SYNCHRONOUS) {
212- if (rc)
213- goto err;
214- } else {
215+ if (pkc->type != SYNCHRONOUS) {
216 if (rc != -EINPROGRESS && !rc)
217 goto err;
218 pkc->cookie = buf;
219@@ -380,24 +375,15 @@ int crypto_kop_rsa_keygen(struct cryptodev_pkc *pkc)
220 rc = cryptodev_pkc_offload(pkc);
221
222 if (pkc->type == SYNCHRONOUS) {
223- if (rc)
224- goto err;
225-
226- copy_to_user(cop->crk_param[0].crp_p,
227- key_req->p, key_req->p_len);
228- copy_to_user(cop->crk_param[1].crp_p,
229- key_req->q, key_req->q_len);
230- copy_to_user(cop->crk_param[2].crp_p,
231- key_req->n, key_req->n_len);
232- copy_to_user(cop->crk_param[3].crp_p,
233- key_req->d, key_req->d_len);
234- copy_to_user(cop->crk_param[4].crp_p,
235- key_req->dp, key_req->dp_len);
236- copy_to_user(cop->crk_param[5].crp_p,
237- key_req->dq, key_req->dq_len);
238- copy_to_user(cop->crk_param[6].crp_p,
239- key_req->c, key_req->c_len);
240- } else {
241+ rc = rc ||
242+ copy_to_user(cop->crk_param[0].crp_p, key_req->p, key_req->p_len) ||
243+ copy_to_user(cop->crk_param[1].crp_p, key_req->q, key_req->q_len) ||
244+ copy_to_user(cop->crk_param[2].crp_p, key_req->n, key_req->n_len) ||
245+ copy_to_user(cop->crk_param[3].crp_p, key_req->d, key_req->d_len) ||
246+ copy_to_user(cop->crk_param[4].crp_p, key_req->dp, key_req->dp_len) ||
247+ copy_to_user(cop->crk_param[5].crp_p, key_req->dq, key_req->dq_len) ||
248+ copy_to_user(cop->crk_param[6].crp_p, key_req->c, key_req->c_len);
249+ } else {
250 if (rc != -EINPROGRESS && !rc) {
251 printk("%s: Failed\n", __func__);
252 goto err;
253@@ -451,30 +437,33 @@ int crypto_kop_keygen(struct cryptodev_pkc *pkc)
254 key_req->g = key_req->r + key_req->r_len;
255 key_req->pub_key = key_req->g + key_req->g_len;
256 key_req->priv_key = key_req->pub_key + key_req->pub_key_len;
257- copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len);
258- copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len);
259- copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
260+ rc = copy_from_user(key_req->q, cop->crk_param[0].crp_p, key_req->q_len) ||
261+ copy_from_user(key_req->r, cop->crk_param[1].crp_p, key_req->r_len) ||
262+ copy_from_user(key_req->g, cop->crk_param[2].crp_p, key_req->g_len);
263+
264 if (cop->crk_iparams == 4) {
265 key_req->ab = key_req->priv_key + key_req->priv_key_len;
266- copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
267+ rc = rc || copy_from_user(key_req->ab, cop->crk_param[3].crp_p,
268 key_req->ab_len);
269 }
270
271+ if (rc)
272+ goto err;
273+
274 rc = cryptodev_pkc_offload(pkc);
275 if (pkc->type == SYNCHRONOUS) {
276- if (rc)
277- goto err;
278-
279 if (cop->crk_iparams == 4) {
280- copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
281- key_req->pub_key_len);
282- copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
283+ rc = rc ||
284+ copy_to_user(cop->crk_param[4].crp_p, key_req->pub_key,
285+ key_req->pub_key_len) ||
286+ copy_to_user(cop->crk_param[5].crp_p, key_req->priv_key,
287 key_req->priv_key_len);
288 } else {
289- copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
290- key_req->pub_key_len);
291- copy_to_user(cop->crk_param[4].crp_p,
292- key_req->priv_key, key_req->priv_key_len);
293+ rc = rc ||
294+ copy_to_user(cop->crk_param[3].crp_p, key_req->pub_key,
295+ key_req->pub_key_len) ||
296+ copy_to_user(cop->crk_param[4].crp_p, key_req->priv_key,
297+ key_req->priv_key_len);
298 }
299 } else {
300 if (rc != -EINPROGRESS && !rc)
301@@ -495,7 +484,7 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
302 struct dh_key_req_s *dh_req;
303 int buf_size;
304 uint8_t *buf;
305- int rc = -EINVAL;
306+ int rc = 0;
307
308 dh_req = &pkc->req->req_u.dh_req;
309 dh_req->s_len = (cop->crk_param[0].crp_nbits + 7)/8;
310@@ -520,22 +509,23 @@ int crypto_kop_dh_key(struct cryptodev_pkc *pkc)
311 if (cop->crk_iparams == 4) {
312 dh_req->ab = dh_req->z + dh_req->z_len;
313 pkc->req->curve_type = cop->curve_type;
314- copy_from_user(dh_req->ab, cop->crk_param[3].crp_p,
315- dh_req->ab_len);
316+ rc = copy_from_user(dh_req->ab, cop->crk_param[3].crp_p, dh_req->ab_len);
317 }
318- copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len);
319- copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p,
320- dh_req->pub_key_len);
321- copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
322+
323+ rc = rc ||
324+ copy_from_user(dh_req->s, cop->crk_param[0].crp_p, dh_req->s_len) ||
325+ copy_from_user(dh_req->pub_key, cop->crk_param[1].crp_p, dh_req->pub_key_len) ||
326+ copy_from_user(dh_req->q, cop->crk_param[2].crp_p, dh_req->q_len);
327+ if (rc)
328+ goto err;
329+
330 rc = cryptodev_pkc_offload(pkc);
331 if (pkc->type == SYNCHRONOUS) {
332- if (rc)
333- goto err;
334 if (cop->crk_iparams == 4)
335- copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
336+ rc = rc || copy_to_user(cop->crk_param[4].crp_p, dh_req->z,
337 dh_req->z_len);
338 else
339- copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
340+ rc = rc || copy_to_user(cop->crk_param[3].crp_p, dh_req->z,
341 dh_req->z_len);
342 } else {
343 if (rc != -EINPROGRESS && rc != 0)
344@@ -582,19 +572,19 @@ int crypto_modexp_crt(struct cryptodev_pkc *pkc)
345 rsa_req->dq = rsa_req->dp + rsa_req->dp_len;
346 rsa_req->c = rsa_req->dq + rsa_req->dq_len;
347 rsa_req->f = rsa_req->c + rsa_req->c_len;
348- copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len);
349- copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len);
350- copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len);
351- copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len);
352- copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len);
353- copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
354+ rc = copy_from_user(rsa_req->p, cop->crk_param[0].crp_p, rsa_req->p_len) ||
355+ copy_from_user(rsa_req->q, cop->crk_param[1].crp_p, rsa_req->q_len) ||
356+ copy_from_user(rsa_req->g, cop->crk_param[2].crp_p, rsa_req->g_len) ||
357+ copy_from_user(rsa_req->dp, cop->crk_param[3].crp_p, rsa_req->dp_len) ||
358+ copy_from_user(rsa_req->dq, cop->crk_param[4].crp_p, rsa_req->dq_len) ||
359+ copy_from_user(rsa_req->c, cop->crk_param[5].crp_p, rsa_req->c_len);
360+ if (rc)
361+ goto err;
362+
363 rc = cryptodev_pkc_offload(pkc);
364
365 if (pkc->type == SYNCHRONOUS) {
366- if (rc)
367- goto err;
368- copy_to_user(cop->crk_param[6].crp_p, rsa_req->f,
369- rsa_req->f_len);
370+ rc = rc || copy_to_user(cop->crk_param[6].crp_p, rsa_req->f, rsa_req->f_len);
371 } else {
372 if (rc != -EINPROGRESS && rc != 0)
373 goto err;
374@@ -633,14 +623,15 @@ int crypto_bn_modexp(struct cryptodev_pkc *pkc)
375 rsa_req->f = rsa_req->e + rsa_req->e_len;
376 rsa_req->g = rsa_req->f + rsa_req->f_len;
377 rsa_req->n = rsa_req->g + rsa_req->g_len;
378- copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len);
379- copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len);
380- copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
381+ rc = copy_from_user(rsa_req->f, cop->crk_param[0].crp_p, rsa_req->f_len) ||
382+ copy_from_user(rsa_req->e, cop->crk_param[1].crp_p, rsa_req->e_len) ||
383+ copy_from_user(rsa_req->n, cop->crk_param[2].crp_p, rsa_req->n_len);
384+ if (rc)
385+ goto err;
386+
387 rc = cryptodev_pkc_offload(pkc);
388 if (pkc->type == SYNCHRONOUS) {
389- if (rc)
390- goto err;
391- copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
392+ rc = rc || copy_to_user(cop->crk_param[3].crp_p, rsa_req->g, rsa_req->g_len);
393 } else {
394 if (rc != -EINPROGRESS && rc != 0)
395 goto err;
396--
3972.3.5
398
diff --git a/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch b/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch
new file mode 100644
index 000000000..6e747e0f7
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0022-fix-double-free-pkc-req-on-error.patch
@@ -0,0 +1,26 @@
1From 85146b8429ba11bd0be68c24c17dd77b21ec8c25 Mon Sep 17 00:00:00 2001
2From: Cristian Stoica <cristian.stoica@freescale.com>
3Date: Mon, 12 Oct 2015 23:03:28 +0300
4Subject: [PATCH 22/23] fix double free pkc->req on error
5
6Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
7---
8 main.c | 2 +-
9 1 file changed, 1 insertion(+), 1 deletion(-)
10
11diff --git a/main.c b/main.c
12index e5adb93..ec11129 100644
13--- a/main.c
14+++ b/main.c
15@@ -747,7 +747,7 @@ int crypto_run_asym(struct cryptodev_pkc *pkc)
16 /* todo - fix alloc-free on error path */
17 pkc->req->type = pkc_req_type;
18 err = call_next_action(pkc);
19- if (pkc->type == SYNCHRONOUS)
20+ if (err == 0 && pkc->type == SYNCHRONOUS)
21 kfree(pkc->req);
22
23 return err;
24--
252.3.5
26
diff --git a/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch b/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch
new file mode 100644
index 000000000..32c3ddd51
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0023-remove-MAY_BACKLOG-flag-from-requests.patch
@@ -0,0 +1,69 @@
1From 7d0d0deb255f8c59b0cf6d3944ee2e3be4133b4c Mon Sep 17 00:00:00 2001
2From: Alex Porosanu <alexandru.porosanu@freescale.com>
3Date: Mon, 19 Oct 2015 11:53:11 +0300
4Subject: [PATCH 23/23] remove MAY_BACKLOG flag from requests
5
6cryptodev doesn't implement the backlogging mechanism properly,
7since it misses the possibility of sleeping and waiting for
8wake-up when the crypto driver below starts working on the
9submitted backloggable request.
10In case the crypto driver below implements backlogging mechanisms,
11this can lead to side-effects such as working on previously-free'ed
12data.
13This patch removes the MAY_BACKLOG flag from the requests.
14
15Change-Id: Ia3d822b1abfc1a51e2ce3e9682476b2c99d19c5a
16Signed-off-by: Alex Porosanu <alexandru.porosanu@freescale.com>
17---
18 cryptlib.c | 14 +++++---------
19 1 file changed, 5 insertions(+), 9 deletions(-)
20
21diff --git a/cryptlib.c b/cryptlib.c
22index 10f5e1a..eba4616 100644
23--- a/cryptlib.c
24+++ b/cryptlib.c
25@@ -194,8 +194,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
26 goto error;
27 }
28
29- ablkcipher_request_set_callback(out->async.request,
30- CRYPTO_TFM_REQ_MAY_BACKLOG,
31+ ablkcipher_request_set_callback(out->async.request, 0,
32 cryptodev_complete, out->async.result);
33 } else {
34 out->async.arequest = aead_request_alloc(out->async.as, GFP_KERNEL);
35@@ -205,8 +204,7 @@ int cryptodev_cipher_init(struct cipher_data *out, const char *alg_name,
36 goto error;
37 }
38
39- aead_request_set_callback(out->async.arequest,
40- CRYPTO_TFM_REQ_MAY_BACKLOG,
41+ aead_request_set_callback(out->async.arequest, 0,
42 cryptodev_complete, out->async.result);
43 }
44
45@@ -362,9 +360,8 @@ int cryptodev_hash_init(struct hash_data *hdata, const char *alg_name,
46 goto error;
47 }
48
49- ahash_request_set_callback(hdata->async.request,
50- CRYPTO_TFM_REQ_MAY_BACKLOG,
51- cryptodev_complete, hdata->async.result);
52+ ahash_request_set_callback(hdata->async.request, 0,
53+ cryptodev_complete, hdata->async.result);
54
55 ret = crypto_ahash_init(hdata->async.request);
56 if (unlikely(ret)) {
57@@ -439,8 +436,7 @@ int cryptodev_pkc_offload(struct cryptodev_pkc *pkc)
58 int ret;
59
60 init_completion(&pkc->result.completion);
61- pkc_request_set_callback(pkc->req, CRYPTO_TFM_REQ_MAY_BACKLOG,
62- cryptodev_complete_asym, pkc);
63+ pkc_request_set_callback(pkc->req, 0, cryptodev_complete_asym, pkc);
64 ret = crypto_pkc_op(pkc->req);
65 if (ret != -EINPROGRESS && ret != 0)
66 goto error;
67--
682.3.5
69
diff --git a/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch b/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch
new file mode 100644
index 000000000..8d0bd8b1c
--- /dev/null
+++ b/recipes-kernel/cryptodev/files/0024-fix-COMPAT_CIOCKEY-ioctl-command-number.patch
@@ -0,0 +1,29 @@
1From 53e4d0fe4a334dae3df32b2053e4ebdfda2e9148 Mon Sep 17 00:00:00 2001
2From: Tudor Ambarus <tudor.ambarus@freescale.com>
3Date: Tue, 27 Oct 2015 15:51:02 +0200
4Subject: [PATCH] fix COMPAT_CIOCKEY ioctl command number
5
6CIOCKEY and COMPAT_CIOCKEY had different command numbers,
7so that 32-bit applications got EINVAL error on 64-bit kernel.
8
9Signed-off-by: Tudor Ambarus <tudor.ambarus@freescale.com>
10---
11 cryptodev_int.h | 2 +-
12 1 file changed, 1 insertion(+), 1 deletion(-)
13
14diff --git a/cryptodev_int.h b/cryptodev_int.h
15index c83c885..cb005d7 100644
16--- a/cryptodev_int.h
17+++ b/cryptodev_int.h
18@@ -132,7 +132,7 @@ struct compat_crypt_auth_op {
19 /* compat ioctls, defined for the above structs */
20 #define COMPAT_CIOCGSESSION _IOWR('c', 102, struct compat_session_op)
21 #define COMPAT_CIOCCRYPT _IOWR('c', 104, struct compat_crypt_op)
22-#define COMPAT_CIOCKEY _IOW('c', 105, struct compat_crypt_kop)
23+#define COMPAT_CIOCKEY _IOWR('c', 105, struct compat_crypt_kop)
24 #define COMPAT_CIOCASYNCCRYPT _IOW('c', 107, struct compat_crypt_op)
25 #define COMPAT_CIOCASYNCFETCH _IOR('c', 108, struct compat_crypt_op)
26 #define COMPAT_CIOCAUTHCRYPT _IOWR('c', 109, struct compat_crypt_auth_op)
27--
282.3.3
29
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-24 03:45:52 +0000