On Thu, Oct 18, 2018 at 07:50:43PM -0500, Wenwen Wang wrote: > In crypto_alloc_context(), a DMA pool is allocated through dma_pool_alloc() > to hold the crypto context. The meta data of the DMA pool, including the > pool used for the allocation 'ndev->ctx_pool' and the base address of the > DMA pool used by the device 'dma', are then stored to the beginning of the > pool. These meta data are eventually used in crypto_free_context() to free > the DMA pool through dma_pool_free(). However, given that the DMA pool can > also be accessed by the device, a malicious device can modify these meta > data, especially when the device is controlled to deploy an attack. This > can cause an unexpected DMA pool free failure. > > To avoid the above issue, this patch introduces a new structure > crypto_ctx_hdr and a new field chdr in the structure nitrox_crypto_ctx hold > the meta data information of the DMA pool after the allocation. Note that > the original structure ctx_hdr is not changed to ensure the compatibility. > > Signed-off-by: Wenwen Wang <wang6495@xxxxxxx> > --- > drivers/crypto/cavium/nitrox/nitrox_algs.c | 12 +++++++----- > drivers/crypto/cavium/nitrox/nitrox_lib.c | 22 +++++++++++++++++----- > drivers/crypto/cavium/nitrox/nitrox_req.h | 7 +++++++ > 3 files changed, 31 insertions(+), 10 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
