On Sat, Oct 17, 2015 at 06:38:23PM +0100, Russell King - ARM Linux wrote: > On Fri, Oct 16, 2015 at 04:19:33PM -0700, Victoria Milhoan wrote: > > @@ -1569,6 +1601,10 @@ static int ahash_import(struct ahash_request *req, const void *in) > > struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); > > struct caam_hash_state *state = ahash_request_ctx(req); > > > > + /* Allocate new data buffers to use for this request */ > > + state->buf_0 = kmalloc(CAAM_MAX_HASH_BLOCK_SIZE, GFP_KERNEL | GFP_DMA); > > + state->buf_1 = kmalloc(CAAM_MAX_HASH_BLOCK_SIZE, GFP_KERNEL | GFP_DMA); > > + > > I'm really not sure you can do this at all. What if the previous > digest calculation prior to the accept() cloning the state was for > a non-hash-block aligned size of data. The above will lose that > state, and produce an incorrect hash result. Herbert, can you > confirm please? Well the patch you're responding to is simply bogus. It is making an allocation and then immediately overwriting that pointer value with memcpy from the imported state. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html