From: Tom Lendacky <thomas.lendacky@amd.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: <linux-crypto@vger.kernel.org>, Gary Hook <gary.hook@amd.com>,
"David Miller" <davem@davemloft.net>
Subject: Re: [PATCH] crypto: ccp - Fix AES XTS error for request sizes above 4096
Date: Mon, 23 May 2016 08:50:28 -0500 [thread overview]
Message-ID: <57430AA4.70000@amd.com> (raw)
In-Reply-To: <20160520233543.GB18006@gondor.apana.org.au>
On 05/20/2016 06:35 PM, Herbert Xu wrote:
> On Fri, May 20, 2016 at 05:33:03PM -0500, Tom Lendacky wrote:
>> The ccp-crypto module for AES XTS support has a bug that can allow requests
>> greater than 4096 bytes in size to be passed to the CCP hardware. The CCP
>> hardware does not support request sizes larger than 4096, resulting in
>> incorrect output. The request should actually be handled by the fallback
>> mechanism instantiated by the ccp-crypto module.
>>
>> Add a check to insure the request size is less than or equal to the maximum
>> supported size and use the fallback mechanism if it is not.
>>
>> Cc: <stable@vger.kernel.org> # 3.14.x-
>> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
>
> I'm OK with this patch but I think it doesn't always need to go into
> the fallback. I made a test vector split as 4064 bytes + 48 bytes
> and ccp handled it just fine. It appears that the bug is actually
> in the handling of a single SG entry that's longer than a page,
> presumably because sg_next is used unconditionally instead of
> checking whether there is more in the current SG entry.
I'll take a closer look at this. Something obviously isn't right but
the code doesn't do anything related to PAGE size checks and works
on the length specified in the SG entry.
>
> But I'll merge your fix as it fixes a real problem.
Thanks Herbert.
Tom
>
> Thanks,
>
prev parent reply other threads:[~2016-05-23 14:06 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-20 22:33 [PATCH] crypto: ccp - Fix AES XTS error for request sizes above 4096 Tom Lendacky
2016-05-20 23:35 ` Herbert Xu
2016-05-23 13:50 ` Tom Lendacky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57430AA4.70000@amd.com \
--to=thomas.lendacky@amd.com \
--cc=davem@davemloft.net \
--cc=gary.hook@amd.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.