xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto: nx - fix concurrency issue

Browse Source 
The NX driver uses the transformation context to store several fields
containing data related to the state of the operations in progress.
Since a single tfm can be used by different kernel threads at the same
time, we need to protect the data stored into the context.

This patch makes use of spin locks to protect the data where a race
condition can happen.

Reviewed-by: Fionnuala Gunter <fin@linux.vnet.ibm.com>
Reviewed-by: Joy Latten <jmlatten@linux.vnet.ibm.com>
Signed-off-by: Marcelo Cerri <mhcerri@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Marcelo Cerri
2013-08-12 18:49:37 -03:00
committed by Herbert Xu
parent f22d08111a
commit c849163b80
10 changed files with 87 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
drivers/crypto/nx/nx-aes-ccm.c
View File

@@ -271,10 +271,15 @@ static int ccm_nx_decrypt(struct aead_request *req,
unsigned int nbytes = req->cryptlen;
unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req));
struct nx_ccm_priv *priv = &nx_ctx->priv.ccm;
unsigned long irq_flags;
int rc = -1;
if (nbytes > nx_ctx->ap->databytelen)
return -EINVAL;
spin_lock_irqsave(&nx_ctx->lock, irq_flags);
if (nbytes > nx_ctx->ap->databytelen) {
rc = -EINVAL;
goto out;
}
nbytes -= authsize;
@@ -308,6 +313,7 @@ static int ccm_nx_decrypt(struct aead_request *req,
rc = memcmp(csbcpb->cpb.aes_ccm.out_pat_or_mac, priv->oauth_tag,
authsize) ? -EBADMSG : 0;
out:
spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
return rc;
}
@@ -318,10 +324,15 @@ static int ccm_nx_encrypt(struct aead_request *req,
struct nx_csbcpb *csbcpb = nx_ctx->csbcpb;
unsigned int nbytes = req->cryptlen;
unsigned int authsize = crypto_aead_authsize(crypto_aead_reqtfm(req));
unsigned long irq_flags;
int rc = -1;
if (nbytes > nx_ctx->ap->databytelen)
return -EINVAL;
spin_lock_irqsave(&nx_ctx->lock, irq_flags);
if (nbytes > nx_ctx->ap->databytelen) {
rc = -EINVAL;
goto out;
}
rc = generate_pat(desc->info, req, nx_ctx, authsize, nbytes,
csbcpb->cpb.aes_ccm.in_pat_or_b0);
@@ -350,6 +361,7 @@ static int ccm_nx_encrypt(struct aead_request *req,
req->dst, nbytes, authsize,
SCATTERWALK_TO_SG);
out:
spin_unlock_irqrestore(&nx_ctx->lock, irq_flags);
return rc;
}