crypto: talitos - check return value of sg_nents_for_len
The sg_nents_for_len() function could fail, this patch add a check for its return value. Signed-off-by: LABBE Corentin <clabbe.montjoie@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
LABBE Corentin
Herbert Xu
parent
c22dafb3b1
commit
8e409fe106
drivers/crypto
|
|
@ -1216,6 +1216,7 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
|
||||||
struct talitos_private *priv = dev_get_drvdata(dev);
|
struct talitos_private *priv = dev_get_drvdata(dev);
|
||||||
bool is_sec1 = has_ftr_sec1(priv);
|
bool is_sec1 = has_ftr_sec1(priv);
|
||||||
int max_len = is_sec1 ? TALITOS1_MAX_DATA_LEN : TALITOS2_MAX_DATA_LEN;
|
int max_len = is_sec1 ? TALITOS1_MAX_DATA_LEN : TALITOS2_MAX_DATA_LEN;
|
||||||
|
void *err;
|
||||||
|
|
||||||
if (cryptlen + authsize > max_len) {
|
if (cryptlen + authsize > max_len) {
|
||||||
dev_err(dev, "length exceeds h/w max limit\n");
|
dev_err(dev, "length exceeds h/w max limit\n");
|
||||||
|
|
@ -1228,14 +1229,29 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
|
||||||
if (!dst || dst == src) {
|
if (!dst || dst == src) {
|
||||||
src_nents = sg_nents_for_len(src,
|
src_nents = sg_nents_for_len(src,
|
||||||
assoclen + cryptlen + authsize);
|
assoclen + cryptlen + authsize);
|
||||||
|
if (src_nents < 0) {
|
||||||
|
dev_err(dev, "Invalid number of src SG.\n");
|
||||||
|
err = ERR_PTR(-EINVAL);
|
||||||
|
goto error_sg;
|
||||||
|
}
|
||||||
src_nents = (src_nents == 1) ? 0 : src_nents;
|
src_nents = (src_nents == 1) ? 0 : src_nents;
|
||||||
dst_nents = dst ? src_nents : 0;
|
dst_nents = dst ? src_nents : 0;
|
||||||
} else { /* dst && dst != src*/
|
} else { /* dst && dst != src*/
|
||||||
src_nents = sg_nents_for_len(src, assoclen + cryptlen +
|
src_nents = sg_nents_for_len(src, assoclen + cryptlen +
|
||||||
(encrypt ? 0 : authsize));
|
(encrypt ? 0 : authsize));
|
||||||
|
if (src_nents < 0) {
|
||||||
|
dev_err(dev, "Invalid number of src SG.\n");
|
||||||
|
err = ERR_PTR(-EINVAL);
|
||||||
|
goto error_sg;
|
||||||
|
}
|
||||||
src_nents = (src_nents == 1) ? 0 : src_nents;
|
src_nents = (src_nents == 1) ? 0 : src_nents;
|
||||||
dst_nents = sg_nents_for_len(dst, assoclen + cryptlen +
|
dst_nents = sg_nents_for_len(dst, assoclen + cryptlen +
|
||||||
(encrypt ? authsize : 0));
|
(encrypt ? authsize : 0));
|
||||||
|
if (dst_nents < 0) {
|
||||||
|
dev_err(dev, "Invalid number of dst SG.\n");
|
||||||
|
err = ERR_PTR(-EINVAL);
|
||||||
|
goto error_sg;
|
||||||
|
}
|
||||||
dst_nents = (dst_nents == 1) ? 0 : dst_nents;
|
dst_nents = (dst_nents == 1) ? 0 : dst_nents;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1260,11 +1276,9 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
|
||||||
|
|
||||||
edesc = kmalloc(alloc_len, GFP_DMA | flags);
|
edesc = kmalloc(alloc_len, GFP_DMA | flags);
|
||||||
if (!edesc) {
|
if (!edesc) {
|
||||||
if (iv_dma)
|
|
||||||
dma_unmap_single(dev, iv_dma, ivsize, DMA_TO_DEVICE);
|
|
||||||
|
|
||||||
dev_err(dev, "could not allocate edescriptor\n");
|
dev_err(dev, "could not allocate edescriptor\n");
|
||||||
return ERR_PTR(-ENOMEM);
|
err = ERR_PTR(-ENOMEM);
|
||||||
|
goto error_sg;
|
||||||
}
|
}
|
||||||
|
|
||||||
edesc->src_nents = src_nents;
|
edesc->src_nents = src_nents;
|
||||||
|
|
@ -1277,6 +1291,10 @@ static struct talitos_edesc *talitos_edesc_alloc(struct device *dev,
|
||||||
DMA_BIDIRECTIONAL);
|
DMA_BIDIRECTIONAL);
|
||||||
|
|
||||||
return edesc;
|
return edesc;
|
||||||
|
error_sg:
|
||||||
|
if (iv_dma)
|
||||||
|
dma_unmap_single(dev, iv_dma, ivsize, DMA_TO_DEVICE);
|
||||||
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv,
|
static struct talitos_edesc *aead_edesc_alloc(struct aead_request *areq, u8 *iv,
|
||||||
|
|
@ -1830,11 +1848,16 @@ static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes)
|
||||||
unsigned int nbytes_to_hash;
|
unsigned int nbytes_to_hash;
|
||||||
unsigned int to_hash_later;
|
unsigned int to_hash_later;
|
||||||
unsigned int nsg;
|
unsigned int nsg;
|
||||||
|
int nents;
|
||||||
|
|
||||||
if (!req_ctx->last && (nbytes + req_ctx->nbuf <= blocksize)) {
|
if (!req_ctx->last && (nbytes + req_ctx->nbuf <= blocksize)) {
|
||||||
/* Buffer up to one whole block */
|
/* Buffer up to one whole block */
|
||||||
sg_copy_to_buffer(areq->src,
|
nents = sg_nents_for_len(areq->src, nbytes);
|
||||||
sg_nents_for_len(areq->src, nbytes),
|
if (nents < 0) {
|
||||||
|
dev_err(ctx->dev, "Invalid number of src SG.\n");
|
||||||
|
return nents;
|
||||||
|
}
|
||||||
|
sg_copy_to_buffer(areq->src, nents,
|
||||||
req_ctx->buf + req_ctx->nbuf, nbytes);
|
req_ctx->buf + req_ctx->nbuf, nbytes);
|
||||||
req_ctx->nbuf += nbytes;
|
req_ctx->nbuf += nbytes;
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -1867,7 +1890,11 @@ static int ahash_process_req(struct ahash_request *areq, unsigned int nbytes)
|
||||||
req_ctx->psrc = areq->src;
|
req_ctx->psrc = areq->src;
|
||||||
|
|
||||||
if (to_hash_later) {
|
if (to_hash_later) {
|
||||||
int nents = sg_nents_for_len(areq->src, nbytes);
|
nents = sg_nents_for_len(areq->src, nbytes);
|
||||||
|
if (nents < 0) {
|
||||||
|
dev_err(ctx->dev, "Invalid number of src SG.\n");
|
||||||
|
return nents;
|
||||||
|
}
|
||||||
sg_pcopy_to_buffer(areq->src, nents,
|
sg_pcopy_to_buffer(areq->src, nents,
|
||||||
req_ctx->bufnext,
|
req_ctx->bufnext,
|
||||||
to_hash_later,
|
to_hash_later,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue