On 01/25/2016 01:20 AM, Herbert Xu wrote: > On Fri, Jan 22, 2016 at 11:22:48AM -0600, Tom Lendacky wrote: >> On 01/12/2016 11:17 AM, Tom Lendacky wrote: >>> Commit 8996eafdcbad ("crypto: ahash - ensure statesize is non-zero") >>> added a check to prevent ahash algorithms from successfully registering >>> if the import and export functions were not implemented. This prevents >>> an oops in the hash_accept function of algif_hash. This commit causes >>> the ccp-crypto module SHA support and AES CMAC support from successfully >>> registering and causing the ccp-crypto module load to fail because the >>> ahash import and export functions are not implemented. >>> >>> Update the CCP Crypto API support to provide import and export support >>> for ahash algorithms. >>> >>> Cc: <stable@xxxxxxxxxxxxxxx> # 3.14.x- >>> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> >> >> Herbert, is it possible this patch can be part of Crypto Fixes for 4.5? > > While your patch is probably OK the rctx structure just contains > too much crap for me to feel safe about pushing this in at this > point in time. So I'd like to have it cook for another cycle. > > The reason I'm overly cautious is because import/export is directly > exposed to user-space so if we get this wrong then we may open > up a root hole. Many of the fields in the rctx structure are set during the update operation and don't matter to the driver from an export and import perspective. I included them to make the routines simple, but if user-space exposure is a concern I can pare down the amount of data that is exported and imported. I can send a follow-on patch to do that if you prefer. Thanks, Tom > > Cheers, > -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html