Re: [PATCH] crypto: ccp - Validate the the error value used to index error messages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/25/19 6:44 PM, Hook, Gary wrote:
> The error code read from the queue status register is only 6 bits wide,
> but we need to verify its value is within range before indexing the error
> messages.  Also, fill out the array with all possible entries so that any
> unexpected error codes are reported as "unknown".
> 
> Fixes: 81422badb3907 ("crypto: ccp - Make syslog errors human-readable")
> 
> Reported-by: Cfir Cohen <cfir@xxxxxxxxxx>
> Signed-off-by: Gary R Hook <gary.hook@xxxxxxx>
> ---
>   drivers/crypto/ccp/ccp-dev.c |   94 ++++++++++++++++++++++--------------------
>   1 file changed, 50 insertions(+), 44 deletions(-)
> 
> diff --git a/drivers/crypto/ccp/ccp-dev.c b/drivers/crypto/ccp/ccp-dev.c
> index 1b5035d56288..c6853e17cebb 100644
> --- a/drivers/crypto/ccp/ccp-dev.c
> +++ b/drivers/crypto/ccp/ccp-dev.c
> @@ -35,56 +35,62 @@ struct ccp_tasklet_data {
>   };
>   
>   /* Human-readable error strings */
> +#define CCP_MAX_ERROR_CODE	64
>   static char *ccp_error_codes[] = {
>   	"",
> -	"ERR 01: ILLEGAL_ENGINE",
> -	"ERR 02: ILLEGAL_KEY_ID",
> -	"ERR 03: ILLEGAL_FUNCTION_TYPE",
> -	"ERR 04: ILLEGAL_FUNCTION_MODE",
> -	"ERR 05: ILLEGAL_FUNCTION_ENCRYPT",
> -	"ERR 06: ILLEGAL_FUNCTION_SIZE",
> -	"ERR 07: Zlib_MISSING_INIT_EOM",
> -	"ERR 08: ILLEGAL_FUNCTION_RSVD",
> -	"ERR 09: ILLEGAL_BUFFER_LENGTH",
> -	"ERR 10: VLSB_FAULT",
> -	"ERR 11: ILLEGAL_MEM_ADDR",
> -	"ERR 12: ILLEGAL_MEM_SEL",
> -	"ERR 13: ILLEGAL_CONTEXT_ID",
> -	"ERR 14: ILLEGAL_KEY_ADDR",
> -	"ERR 15: 0xF Reserved",
> -	"ERR 16: Zlib_ILLEGAL_MULTI_QUEUE",
> -	"ERR 17: Zlib_ILLEGAL_JOBID_CHANGE",
> -	"ERR 18: CMD_TIMEOUT",
> -	"ERR 19: IDMA0_AXI_SLVERR",
> -	"ERR 20: IDMA0_AXI_DECERR",
> -	"ERR 21: 0x15 Reserved",
> -	"ERR 22: IDMA1_AXI_SLAVE_FAULT",
> -	"ERR 23: IDMA1_AIXI_DECERR",
> -	"ERR 24: 0x18 Reserved",
> -	"ERR 25: ZLIBVHB_AXI_SLVERR",
> -	"ERR 26: ZLIBVHB_AXI_DECERR",
> -	"ERR 27: 0x1B Reserved",
> -	"ERR 27: ZLIB_UNEXPECTED_EOM",
> -	"ERR 27: ZLIB_EXTRA_DATA",
> -	"ERR 30: ZLIB_BTYPE",
> -	"ERR 31: ZLIB_UNDEFINED_SYMBOL",
> -	"ERR 32: ZLIB_UNDEFINED_DISTANCE_S",
> -	"ERR 33: ZLIB_CODE_LENGTH_SYMBOL",
> -	"ERR 34: ZLIB _VHB_ILLEGAL_FETCH",
> -	"ERR 35: ZLIB_UNCOMPRESSED_LEN",
> -	"ERR 36: ZLIB_LIMIT_REACHED",
> -	"ERR 37: ZLIB_CHECKSUM_MISMATCH0",
> -	"ERR 38: ODMA0_AXI_SLVERR",
> -	"ERR 39: ODMA0_AXI_DECERR",
> -	"ERR 40: 0x28 Reserved",
> -	"ERR 41: ODMA1_AXI_SLVERR",
> -	"ERR 42: ODMA1_AXI_DECERR",
> -	"ERR 43: LSB_PARITY_ERR",
> +	"ILLEGAL_ENGINE",
> +	"ILLEGAL_KEY_ID",
> +	"ILLEGAL_FUNCTION_TYPE",
> +	"ILLEGAL_FUNCTION_MODE",
> +	"ILLEGAL_FUNCTION_ENCRYPT",
> +	"ILLEGAL_FUNCTION_SIZE",
> +	"Zlib_MISSING_INIT_EOM",
> +	"ILLEGAL_FUNCTION_RSVD",
> +	"ILLEGAL_BUFFER_LENGTH",
> +	"VLSB_FAULT",
> +	"ILLEGAL_MEM_ADDR",
> +	"ILLEGAL_MEM_SEL",
> +	"ILLEGAL_CONTEXT_ID",
> +	"ILLEGAL_KEY_ADDR",
> +	"0xF Reserved",
> +	"Zlib_ILLEGAL_MULTI_QUEUE",
> +	"Zlib_ILLEGAL_JOBID_CHANGE",
> +	"CMD_TIMEOUT",
> +	"IDMA0_AXI_SLVERR",
> +	"IDMA0_AXI_DECERR",
> +	"0x15 Reserved",
> +	"IDMA1_AXI_SLAVE_FAULT",
> +	"IDMA1_AIXI_DECERR",
> +	"0x18 Reserved",
> +	"ZLIBVHB_AXI_SLVERR",
> +	"ZLIBVHB_AXI_DECERR",
> +	"0x1B Reserved",
> +	"ZLIB_UNEXPECTED_EOM",
> +	"ZLIB_EXTRA_DATA",
> +	"ZLIB_BTYPE",
> +	"ZLIB_UNDEFINED_SYMBOL",
> +	"ZLIB_UNDEFINED_DISTANCE_S",
> +	"ZLIB_CODE_LENGTH_SYMBOL",
> +	"ZLIB _VHB_ILLEGAL_FETCH",
> +	"ZLIB_UNCOMPRESSED_LEN",
> +	"ZLIB_LIMIT_REACHED",
> +	"ZLIB_CHECKSUM_MISMATCH0",
> +	"ODMA0_AXI_SLVERR",
> +	"ODMA0_AXI_DECERR",
> +	"0x28 Reserved",
> +	"ODMA1_AXI_SLVERR",
> +	"ODMA1_AXI_DECERR",
>   };
>   
>   void ccp_log_error(struct ccp_device *d, int e)
>   {
> -	dev_err(d->dev, "CCP error: %s (0x%x)\n", ccp_error_codes[e], e);
> +	if (WARN_ON((e < 0) || (e >= CCP_MAX_ERROR_CODE)))
> +		return;

The cmd_error variable that is used to call this function is a u32, so you
could just change "e" from int to unsigned int and remove this check. The
below check would be all that is needed.

Thanks,
Tom

> +
> +	if (e < ARRAY_SIZE(ccp_error_codes))
> +		dev_err(d->dev, "CCP error %d: %s\n", e, ccp_error_codes[e]);
> +	else
> +		dev_err(d->dev, "CCP error %d: Unknown Error\n", e);
>   }
>   
>   /* List of CCPs, CCP count, read-write access lock, and access functions
> 




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux