• W
    crypto: cavium/nitrox - fix a DMA pool free failure · 0fa6bead
    Wenwen Wang 提交于
    commit 7172122be6a4712d699da4d261f92aa5ab3a78b8 upstream.
    
    In crypto_alloc_context(), a DMA pool is allocated through dma_pool_alloc()
    to hold the crypto context. The meta data of the DMA pool, including the
    pool used for the allocation 'ndev->ctx_pool' and the base address of the
    DMA pool used by the device 'dma', are then stored to the beginning of the
    pool. These meta data are eventually used in crypto_free_context() to free
    the DMA pool through dma_pool_free(). However, given that the DMA pool can
    also be accessed by the device, a malicious device can modify these meta
    data, especially when the device is controlled to deploy an attack. This
    can cause an unexpected DMA pool free failure.
    
    To avoid the above issue, this patch introduces a new structure
    crypto_ctx_hdr and a new field chdr in the structure nitrox_crypto_ctx hold
    the meta data information of the DMA pool after the allocation. Note that
    the original structure ctx_hdr is not changed to ensure the compatibility.
    
    Cc: <stable@vger.kernel.org>
    Signed-off-by: NWenwen Wang <wang6495@umn.edu>
    Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    0fa6bead
nitrox_algs.c 11.7 KB