On Fri, Nov 29, 2024 at 03:53:29PM +0800, Herbert Xu wrote:
> On Fri, Nov 29, 2024 at 08:46:58AM +0100, Lukas Wunner wrote:
> > @@ -185,6 +187,16 @@ static int rsassa_pkcs1_sign(struct crypto_sig *tfm,
> > if (slen + hash_prefix->size > ctx->key_size - 11)
> > return -EOVERFLOW;
> >
> > + /*
> > + * Only kmalloc virtual addresses shall be used in a scatterlist,
> > + * so duplicate src if it points e.g. into kernel or module rodata.
> > + */
> > + if (!virt_addr_valid(src)) {
>
> Please don't do this. You cannot turn a virtual address into
> an SG list in general. This is just one of the many failure
> scenarios.
>
> The only safe way to do this is for the user to tell us that it's
> OK.
The dmaengine transporting data between memory and crypto accelerator
may have alignment or buswidth requirements not fulfilled by the
src buffer.
The caller cannot predict which crypto implementation (software or
accelerator) is going to be used and thus cannot know whether
location and length of the src buffer works for the dmaengine.
Hence I'm thinking that the sig or akcipher midlayer may need to
determine whether the src buffer is usable, and duplicate it if not.
The proposal above was meant as a step towards such an auto-detection
mechanism.
Thanks,
Lukas
