Re: FAILED: patch "[PATCH] crypto: caam - strip input zeros from RSA input buffer" failed to apply to 4.9-stable tree

Martin Townsend <mtownsend1973@xxxxxxxxx> · Fri, 15 Jun 2018 09:07:24 +0100

On Thu, Jun 14, 2018 at 2:08 PM <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
>
> The patch below does not apply to the 4.9-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@xxxxxxxxxxxxxxx>.
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> From 8a2a0dd35f2e54c023d9041a5428b6c5639af86c Mon Sep 17 00:00:00 2001
> From: =?UTF-8?q?Horia=20Geant=C4=83?= <horia.geanta@xxxxxxx>
> Date: Mon, 16 Apr 2018 08:07:05 -0500
> Subject: [PATCH] crypto: caam - strip input zeros from RSA input buffer
> MIME-Version: 1.0
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 8bit
>
> Sometimes the provided RSA input buffer provided is not stripped
> of leading zeros. This could cause its size to be bigger than that
> of the modulus, making the HW complain:
>
> caam_jr 2142000.jr1: 40000789: DECO: desc idx 7:
> Protocol Size Error - A protocol has seen an error in size. When
> running RSA, pdb size N < (size of F) when no formatting is used; or
> pdb size N < (F + 11) when formatting is used.
>
> Fix the problem by stripping off the leading zero from input data
> before feeding it to the CAAM accelerator.
>
> Fixes: 8c419778ab57e ("crypto: caam - add support for RSA algorithm")
> Cc: <stable@xxxxxxxxxxxxxxx> # 4.8+
> Reported-by: Martin Townsend <mtownsend1973@xxxxxxxxx>
> Link: https://lkml.kernel.org/r/CABatt_ytYORYKtApcB4izhNanEKkGFi9XAQMjHi_n-8YWoCRiw@xxxxxxxxxxxxxx
> Signed-off-by: Horia Geantă <horia.geanta@xxxxxxx>
> Tested-by: Fabio Estevam <fabio.estevam@xxxxxxx>
> Reviewed-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
>
> diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
> index 7a897209f181..979072b25eaa 100644
> --- a/drivers/crypto/caam/caampkc.c
> +++ b/drivers/crypto/caam/caampkc.c
> @@ -166,18 +166,71 @@ static void rsa_priv_f3_done(struct device *dev, u32 *desc, u32 err,
>         akcipher_request_complete(req, err);
>  }
>
> +static int caam_rsa_count_leading_zeros(struct scatterlist *sgl,
> +                                       unsigned int nbytes,
> +                                       unsigned int flags)
> +{
> +       struct sg_mapping_iter miter;
> +       int lzeros, ents;
> +       unsigned int len;
> +       unsigned int tbytes = nbytes;
> +       const u8 *buff;
> +
> +       ents = sg_nents_for_len(sgl, nbytes);
> +       if (ents < 0)
> +               return ents;
> +
> +       sg_miter_start(&miter, sgl, ents, SG_MITER_FROM_SG | flags);
> +
> +       lzeros = 0;
> +       len = 0;
> +       while (nbytes > 0) {
> +               while (len && !*buff) {
> +                       lzeros++;
> +                       len--;
> +                       buff++;
> +               }
> +
> +               if (len && *buff)
> +                       break;
> +
> +               sg_miter_next(&miter);
> +               buff = miter.addr;
> +               len = miter.length;
> +
> +               nbytes -= lzeros;
> +               lzeros = 0;
> +       }
> +
> +       miter.consumed = lzeros;
> +       sg_miter_stop(&miter);
> +       nbytes -= lzeros;
> +
> +       return tbytes - nbytes;
> +}
> +
>  static struct rsa_edesc *rsa_edesc_alloc(struct akcipher_request *req,
>                                          size_t desclen)
>  {
>         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
>         struct caam_rsa_ctx *ctx = akcipher_tfm_ctx(tfm);
>         struct device *dev = ctx->dev;
> +       struct caam_rsa_req_ctx *req_ctx = akcipher_request_ctx(req);
>         struct rsa_edesc *edesc;
>         gfp_t flags = (req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP) ?
>                        GFP_KERNEL : GFP_ATOMIC;
> +       int sg_flags = (flags == GFP_ATOMIC) ? SG_MITER_ATOMIC : 0;
>         int sgc;
>         int sec4_sg_index, sec4_sg_len = 0, sec4_sg_bytes;
>         int src_nents, dst_nents;
> +       int lzeros;
> +
> +       lzeros = caam_rsa_count_leading_zeros(req->src, req->src_len, sg_flags);
> +       if (lzeros < 0)
> +               return ERR_PTR(lzeros);
> +
> +       req->src_len -= lzeros;
> +       req->src = scatterwalk_ffwd(req_ctx->src, req->src, lzeros);
>
>         src_nents = sg_nents_for_len(req->src, req->src_len);
>         dst_nents = sg_nents_for_len(req->dst, req->dst_len);
> @@ -953,6 +1006,7 @@ static struct akcipher_alg caam_rsa = {
>         .max_size = caam_rsa_max_size,
>         .init = caam_rsa_init_tfm,
>         .exit = caam_rsa_exit_tfm,
> +       .reqsize = sizeof(struct caam_rsa_req_ctx),
>         .base = {
>                 .cra_name = "rsa",
>                 .cra_driver_name = "rsa-caam",
> diff --git a/drivers/crypto/caam/caampkc.h b/drivers/crypto/caam/caampkc.h
> index fd145c46eae1..82645bcf8b27 100644
> --- a/drivers/crypto/caam/caampkc.h
> +++ b/drivers/crypto/caam/caampkc.h
> @@ -95,6 +95,14 @@ struct caam_rsa_ctx {
>         struct device *dev;
>  };
>
> +/**
> + * caam_rsa_req_ctx - per request context.
> + * @src: input scatterlist (stripped of leading zeros)
> + */
> +struct caam_rsa_req_ctx {
> +       struct scatterlist src[2];
> +};
> +
>  /**
>   * rsa_edesc - s/w-extended rsa descriptor
>   * @src_nents     : number of segments in input scatterlist
>

I have back ported this to 4.9 and have it running on an i.MX6UL
board. I am happy to submit this if someone can tell me the best way
to do this.

Many Thanks,
Martin.