From nobody Fri Nov 29 11:32:10 2024 Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 735F017B508; Sat, 21 Sep 2024 16:35:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.54.195.159 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726936504; cv=none; b=frxlY2X8MvcxvNg5dG1m5RAt4gE8EjYkJS0dtzQ+AKWJubESahuY1cTUA9MGxIS4RPJ+0oJBlaxCA58NPOcHc8Dx8DTxX3cZxMBQDzvFSX3k0zdENWmn9cdrPX/T4FF86inY96gqTdIBmPGvcSMAGjbTEvrE3TljnkKP0ag/y54= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726936504; c=relaxed/simple; bh=ppiS0CjuFCI4Evv0ivA0ne1NJe2Fo/9CJtxXe5mzEQ0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OIiUpdTgmkDFl17ug4huzNrUpnQbtaibfYUFoaOdR8utUSrEp3dGEWX4jQ8w4h7uSrfjBqAtd8wiMArWDGqCxYWrf90hRia9lGlrWEVEEMf+wubAViwOCBd5kT9jrtN68XMK/a48E2fnfj6UJuWSheLC7MFV130vChYItqApn2Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru; spf=pass smtp.mailfrom=fintech.ru; arc=none smtp.client-ip=195.54.195.159 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fintech.ru Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.169) with Microsoft SMTP Server (TLS) id 14.3.498.0; Sat, 21 Sep 2024 19:34:48 +0300 Received: from localhost (10.0.253.138) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Sat, 21 Sep 2024 19:34:48 +0300 From: Nikita Zhandarovich To: , Greg Kroah-Hartman CC: Nikita Zhandarovich , Antoine Tenart , Herbert Xu , "David S. Miller" , Peter Harliman Liem , , , Subject: [PATCH 5.10/5.15 2/2] crypto: safexcel - Add error handling for dma_map_sg() calls Date: Sat, 21 Sep 2024 09:34:38 -0700 Message-ID: <20240921163438.25253-3-n.zhandarovich@fintech.ru> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240921163438.25253-1-n.zhandarovich@fintech.ru> References: <20240921163438.25253-1-n.zhandarovich@fintech.ru> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: Ex16-02.fintech.ru (10.0.10.19) To Ex16-01.fintech.ru (10.0.10.18) Content-Type: text/plain; charset="utf-8" From: Nikita Zhandarovich commit 87e02063d07708cac5bfe9fd3a6a242898758ac8 upstream. Macro dma_map_sg() may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dma_unmap_sg(). Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 49186a7d9e46 ("crypto: inside_secure - Avoid dma map if size is zero= ") Signed-off-by: Nikita Zhandarovich Reviewed-by: Antoine Tenart Signed-off-by: Herbert Xu Signed-off-by: Nikita Zhandarovich --- .../crypto/inside-secure/safexcel_cipher.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypt= o/inside-secure/safexcel_cipher.c index b1f9deb59da8..5cb673d0fe89 100644 --- a/drivers/crypto/inside-secure/safexcel_cipher.c +++ b/drivers/crypto/inside-secure/safexcel_cipher.c @@ -742,9 +742,9 @@ static int safexcel_send_req(struct crypto_async_reques= t *base, int ring, max(totlen_src, totlen_dst)); return -EINVAL; } - if (sreq->nr_src > 0) - dma_map_sg(priv->dev, src, sreq->nr_src, - DMA_BIDIRECTIONAL); + if (sreq->nr_src > 0 && + !dma_map_sg(priv->dev, src, sreq->nr_src, DMA_BIDIRECTIONAL)) + return -EIO; } else { if (unlikely(totlen_src && (sreq->nr_src <=3D 0))) { dev_err(priv->dev, "Source buffer not large enough (need %d bytes)!", @@ -752,8 +752,9 @@ static int safexcel_send_req(struct crypto_async_reques= t *base, int ring, return -EINVAL; } =20 - if (sreq->nr_src > 0) - dma_map_sg(priv->dev, src, sreq->nr_src, DMA_TO_DEVICE); + if (sreq->nr_src > 0 && + !dma_map_sg(priv->dev, src, sreq->nr_src, DMA_TO_DEVICE)) + return -EIO; =20 if (unlikely(totlen_dst && (sreq->nr_dst <=3D 0))) { dev_err(priv->dev, "Dest buffer not large enough (need %d bytes)!", @@ -762,9 +763,11 @@ static int safexcel_send_req(struct crypto_async_reque= st *base, int ring, goto unmap; } =20 - if (sreq->nr_dst > 0) - dma_map_sg(priv->dev, dst, sreq->nr_dst, - DMA_FROM_DEVICE); + if (sreq->nr_dst > 0 && + !dma_map_sg(priv->dev, dst, sreq->nr_dst, DMA_FROM_DEVICE)) { + ret =3D -EIO; + goto unmap; + } } =20 memcpy(ctx->base.ctxr->data, ctx->key, ctx->key_len); --=20 2.25.1