diff options
| author | Horia Geantă <horia.geanta@nxp.com> | 2017-09-25 08:30:46 (GMT) |
|---|---|---|
| committer | Xie Xiaobo <xiaobo.xie@nxp.com> | 2017-09-26 02:59:34 (GMT) |
| commit | 1e65b659831680691ffcfca687f568367122873e (patch) | |
| tree | fd844bb8bb4ec8dcdc487002779688cb4e6c26b1 /drivers/crypto | |
| parent | 34f9fd43d2fe1adc55fcc8935bdcb6cac7f91a2e (diff) | |
| download | linux-1e65b659831680691ffcfca687f568367122873e.tar.xz | |
crypto: caam/qi2 - zeroize memory used for S/G entries
Memory used for S/G entries (kmem cache-backed) is not zeroized.
More, the dpaa2_sg_* API does not offer getters, setters for all fields
/ bits.
This means that there are bits that currently have random values.
Probably the most problematic is SGE[BMT] (Bypass Memory Translation).
When this "happens" to be set and IOMMU is enabled in the system,
caam engine will report DMA errors - for e.g. see below self-tests
failing:
[...]
dpaa2_caam dpseci.1: FD error: 000000a8
dpaa2_caam dpseci.1: 40001216: DECO: desc idx 18: DMA Error
alg: skcipher: encryption failed on chunk test 1 for cbc-3des-caam-qi2: ret=5
dpaa2_caam dpseci.1: FD error: 00000088
dpaa2_caam dpseci.1: 40000916: DECO: desc idx 9: DMA Error
alg: aead: encryption failed on test 1 for rfc4106-gcm-aes-caam-qi2: ret=5
dpaa2_caam dpseci.1: FD error: 000000a8
dpaa2_caam dpseci.1: 40001516: DECO: desc idx 21: DMA Error
alg: aead-ddst: encryption failed on test 1 for rfc4543-gcm-aes-caam-qi2: ret=5
dpaa2_caam dpseci.1: FD error: 00000088
dpaa2_caam dpseci.1: 40000916: DECO: desc idx 9: DMA Error
alg: aead: encryption failed on test 1 for gcm-aes-caam-qi2: ret=5
[...]
Fix this by requiring allocated memory to be zeroized.
Fixes: d4df6899d2c6 ("crypto: caam/qi2 - add DPAA2-CAAM driver")
Fixes: 74e4a0d250d3 ("crypto: caam/qi2 - add ablkcipher algorithms")
Fixes: 40865366205a ("crypto: caam/qi2 - add support for TLS 1.0 record")
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Diffstat (limited to 'drivers/crypto')
| -rw-r--r-- | drivers/crypto/caam/caamalg_qi2.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index f031634..102b084 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -116,9 +116,9 @@ void *dpaa2_caam_iova_to_virt(struct dpaa2_caam_priv *priv, } /* - * qi_cache_alloc - Allocate buffers from CAAM-QI cache + * qi_cache_zalloc - Allocate buffers from CAAM-QI cache * - * Allocate data on the hotpath. Instead of using kmalloc, one can use the + * Allocate data on the hotpath. Instead of using kzalloc, one can use the * services of the CAAM QI memory cache (backed by kmem_cache). The buffers * will have a size of CAAM_QI_MEMCACHE_SIZE, which should be sufficient for * hosting 16 SG entries. @@ -127,15 +127,15 @@ void *dpaa2_caam_iova_to_virt(struct dpaa2_caam_priv *priv, * * Returns a pointer to a retrieved buffer on success or NULL on failure. */ -static inline void *qi_cache_alloc(gfp_t flags) +static inline void *qi_cache_zalloc(gfp_t flags) { - return kmem_cache_alloc(qi_cache, flags); + return kmem_cache_zalloc(qi_cache, flags); } /* * qi_cache_free - Frees buffers allocated from CAAM-QI cache * - * @obj - buffer previously allocated by qi_cache_alloc + * @obj - buffer previously allocated by qi_cache_zalloc * * No checking is being done, the call is a passthrough call to * kmem_cache_free(...) @@ -547,7 +547,7 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, enum optype op_type = encrypt ? ENCRYPT : DECRYPT; /* allocate space for base edesc and link tables */ - edesc = qi_cache_alloc(GFP_DMA | flags); + edesc = qi_cache_zalloc(GFP_DMA | flags); if (unlikely(!edesc)) { dev_err(dev, "could not allocate extended descriptor\n"); return ERR_PTR(-ENOMEM); @@ -752,7 +752,7 @@ static struct tls_edesc *tls_edesc_alloc(struct aead_request *req, } /* allocate space for base edesc and link tables */ - edesc = qi_cache_alloc(GFP_DMA | flags); + edesc = qi_cache_zalloc(GFP_DMA | flags); if (unlikely(!edesc)) { dev_err(dev, "could not allocate extended descriptor\n"); return ERR_PTR(-ENOMEM); @@ -1618,7 +1618,7 @@ static struct ablkcipher_edesc *ablkcipher_edesc_alloc(struct ablkcipher_request } /* allocate space for base edesc and link tables */ - edesc = qi_cache_alloc(GFP_DMA | flags); + edesc = qi_cache_zalloc(GFP_DMA | flags); if (unlikely(!edesc)) { dev_err(dev, "could not allocate extended descriptor\n"); caam_unmap(dev, req->src, req->dst, src_nents, dst_nents, @@ -1773,7 +1773,7 @@ static struct ablkcipher_edesc *ablkcipher_giv_edesc_alloc( } /* allocate space for base edesc and link tables */ - edesc = qi_cache_alloc(GFP_DMA | flags); + edesc = qi_cache_zalloc(GFP_DMA | flags); if (!edesc) { dev_err(dev, "could not allocate extended descriptor\n"); caam_unmap(dev, req->src, req->dst, src_nents, dst_nents, |