lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240921163438.25253-1-n.zhandarovich@fintech.ru>
Date: Sat, 21 Sep 2024 09:34:36 -0700
From: Nikita Zhandarovich <n.zhandarovich@...tech.ru>
To: <stable@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CC: Nikita Zhandarovich <n.zhandarovich@...tech.ru>, Antoine Tenart
	<atenart@...nel.org>, Herbert Xu <herbert@...dor.apana.org.au>, "David S.
 Miller" <davem@...emloft.net>, Peter Harliman Liem <pliem@...linear.com>,
	<linux-crypto@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<lvc-project@...uxtesting.org>
Subject: [PATCH 5.10/5.15 0/2] crypto: inside_secure - Avoid dma map if size is zero

The following patch addresses the issue of unchecked calls to
dma_map_sg() in safexcel_send_req() as these macros may return 0 in
case of unsuccessful mapping. This outcome in turn requires
unmapping of previously mapped buffers.

The fix has already been backported to the following stable branches:
v6.6: https://lore.kernel.org/all/20240122235813.608624333@linuxfoundation.org/
v6.1: https://lore.kernel.org/all/20240122235752.938797245@linuxfoundation.org/

The issue in question can be fixed in 5.10 and 5.15 stable branches by
backporting the following 2 upstream commits. Both can be cleanly
applied to kernel versions mentioned above.

[PATCH 5.10/5.15 1/2] crypto: inside_secure - Avoid dma map if size is zero
[PATCH 5.10/5.15 2/2] crypto: safexcel - Add error handling for dma_map_sg() calls

First patch is a prerequisite to main fix and removes warnings in case
of a call to dma_map_sg() with size 0 and allows for clean application
of the main fix.

Second (and main) patch adds proper handling of dma_map_sg() erroneous
behaviour.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ