From: Jihong Min <hurryman2212@gmail.com>
To: Herbert Xu <herbert@gondor.apana.org.au>, linux-crypto@vger.kernel.org
Cc: Christian Marangi <ansuelsmth@gmail.com>,
Antoine Tenart <atenart@kernel.org>,
"David S . Miller" <davem@davemloft.net>,
Richard van Schagen <vschagen@icloud.com>,
linux-kernel@vger.kernel.org,
Benjamin Larsson <benjamin.larsson@genexis.eu>,
Mieczyslaw Nalewaj <namiltd@yahoo.com>,
Aleksander Jan Bajkowski <olek2@wp.pl>,
Jihong Min <hurryman2212@gmail.com>
Subject: [PATCH 4/6] crypto: eip93: use request-local SA records for cipher requests
Date: Mon, 25 May 2026 04:45:26 +0900 [thread overview]
Message-ID: <20260524194528.3666383-5-hurryman2212@gmail.com> (raw)
In-Reply-To: <20260524194528.3666383-1-hurryman2212@gmail.com>
Cipher and AEAD requests keep mutable direction and copy flags in the SA
record. Updating the tfm-level SA record for decrypt requests can leak
those settings into concurrent requests using the same transform.
Copy the prepared SA record into the request context and apply the
request-specific flags there. Map that request-local record for DMA, then
unmap it on normal completion and validation failures.
Fixes: 9739f5f93b78 ("crypto: eip93 - Add Inside Secure SafeXcel EIP-93 crypto engine support")
Reported-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Suggested-by: Benjamin Larsson <benjamin.larsson@genexis.eu>
Assisted-by: Codex:gpt-5.5
Signed-off-by: Jihong Min <hurryman2212@gmail.com>
---
.../crypto/inside-secure/eip93/eip93-aead.c | 34 +++++++++++++------
.../crypto/inside-secure/eip93/eip93-cipher.c | 34 ++++++++++++-------
.../crypto/inside-secure/eip93/eip93-cipher.h | 3 +-
.../crypto/inside-secure/eip93/eip93-common.c | 9 +++++
4 files changed, 55 insertions(+), 25 deletions(-)
diff --git a/drivers/crypto/inside-secure/eip93/eip93-aead.c b/drivers/crypto/inside-secure/eip93/eip93-aead.c
index 2bbd0af7b0e0..3b2edb012048 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-aead.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-aead.c
@@ -42,12 +42,18 @@ void eip93_aead_handle_result(struct crypto_async_request *async, int err)
static int eip93_aead_send_req(struct crypto_async_request *async)
{
+ struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(async->tfm);
struct aead_request *req = aead_request_cast(async);
struct eip93_cipher_reqctx *rctx = aead_request_ctx(req);
int err;
err = check_valid_request(rctx);
if (err) {
+ if (rctx->sa_record_base) {
+ dma_unmap_single(ctx->eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ rctx->sa_record_base = 0;
+ }
aead_request_complete(req, err);
return err;
}
@@ -81,8 +87,6 @@ static void eip93_aead_cra_exit(struct crypto_tfm *tfm)
{
struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(tfm);
- dma_unmap_single(ctx->eip93->dev, ctx->sa_record_base,
- sizeof(*ctx->sa_record), DMA_TO_DEVICE);
kfree(ctx->sa_record);
}
@@ -191,11 +195,24 @@ static int eip93_aead_crypt(struct aead_request *req)
struct crypto_aead *aead = crypto_aead_reqtfm(req);
int ret;
- ctx->sa_record_base = dma_map_single(ctx->eip93->dev, ctx->sa_record,
- sizeof(*ctx->sa_record), DMA_TO_DEVICE);
- ret = dma_mapping_error(ctx->eip93->dev, ctx->sa_record_base);
- if (ret)
+ memcpy(&rctx->sa_record, ctx->sa_record, sizeof(rctx->sa_record));
+ if (IS_DECRYPT(rctx->flags)) {
+ rctx->sa_record.sa_cmd0_word |= EIP93_SA_CMD_DIRECTION_IN;
+ rctx->sa_record.sa_cmd1_word &= ~(EIP93_SA_CMD_COPY_PAD |
+ EIP93_SA_CMD_COPY_DIGEST);
+ } else {
+ rctx->sa_record.sa_cmd0_word &= ~EIP93_SA_CMD_DIRECTION_IN;
+ rctx->sa_record.sa_cmd1_word |= EIP93_SA_CMD_COPY_PAD |
+ EIP93_SA_CMD_COPY_DIGEST;
+ }
+
+ rctx->sa_record_base = dma_map_single(ctx->eip93->dev, &rctx->sa_record,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ ret = dma_mapping_error(ctx->eip93->dev, rctx->sa_record_base);
+ if (ret) {
+ rctx->sa_record_base = 0;
return ret;
+ }
rctx->textsize = req->cryptlen;
rctx->blksize = ctx->blksize;
@@ -205,7 +222,6 @@ static int eip93_aead_crypt(struct aead_request *req)
rctx->sg_dst = req->dst;
rctx->ivsize = crypto_aead_ivsize(aead);
rctx->desc_flags = EIP93_DESC_AEAD;
- rctx->sa_record_base = ctx->sa_record_base;
if (IS_DECRYPT(rctx->flags))
rctx->textsize -= rctx->authsize;
@@ -238,10 +254,6 @@ static int eip93_aead_decrypt(struct aead_request *req)
struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
struct eip93_cipher_reqctx *rctx = aead_request_ctx(req);
- ctx->sa_record->sa_cmd0_word |= EIP93_SA_CMD_DIRECTION_IN;
- ctx->sa_record->sa_cmd1_word &= ~(EIP93_SA_CMD_COPY_PAD |
- EIP93_SA_CMD_COPY_DIGEST);
-
rctx->flags = ctx->flags;
rctx->flags |= EIP93_DECRYPT;
if (ctx->set_assoc) {
diff --git a/drivers/crypto/inside-secure/eip93/eip93-cipher.c b/drivers/crypto/inside-secure/eip93/eip93-cipher.c
index 4dd7ab7503e8..66b85781ef93 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-cipher.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-cipher.c
@@ -32,6 +32,7 @@ void eip93_skcipher_handle_result(struct crypto_async_request *async, int err)
static int eip93_skcipher_send_req(struct crypto_async_request *async)
{
+ struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(async->tfm);
struct skcipher_request *req = skcipher_request_cast(async);
struct eip93_cipher_reqctx *rctx = skcipher_request_ctx(req);
int err;
@@ -39,6 +40,11 @@ static int eip93_skcipher_send_req(struct crypto_async_request *async)
err = check_valid_request(rctx);
if (err) {
+ if (rctx->sa_record_base) {
+ dma_unmap_single(ctx->eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ rctx->sa_record_base = 0;
+ }
skcipher_request_complete(req, err);
return err;
}
@@ -72,8 +78,6 @@ static void eip93_skcipher_cra_exit(struct crypto_tfm *tfm)
{
struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(tfm);
- dma_unmap_single(ctx->eip93->dev, ctx->sa_record_base,
- sizeof(*ctx->sa_record), DMA_TO_DEVICE);
kfree(ctx->sa_record);
}
@@ -133,7 +137,7 @@ static int eip93_skcipher_setkey(struct crypto_skcipher *ctfm, const u8 *key,
return 0;
}
-static int eip93_skcipher_crypt(struct skcipher_request *req)
+static int eip93_skcipher_crypt(struct skcipher_request *req, bool encrypt)
{
struct eip93_cipher_reqctx *rctx = skcipher_request_ctx(req);
struct crypto_async_request *async = &req->base;
@@ -153,11 +157,19 @@ static int eip93_skcipher_crypt(struct skcipher_request *req)
crypto_skcipher_blocksize(skcipher)))
return -EINVAL;
- ctx->sa_record_base = dma_map_single(ctx->eip93->dev, ctx->sa_record,
- sizeof(*ctx->sa_record), DMA_TO_DEVICE);
- ret = dma_mapping_error(ctx->eip93->dev, ctx->sa_record_base);
- if (ret)
+ memcpy(&rctx->sa_record, ctx->sa_record, sizeof(rctx->sa_record));
+ if (encrypt)
+ rctx->sa_record.sa_cmd0_word &= ~EIP93_SA_CMD_DIRECTION_IN;
+ else
+ rctx->sa_record.sa_cmd0_word |= EIP93_SA_CMD_DIRECTION_IN;
+
+ rctx->sa_record_base = dma_map_single(ctx->eip93->dev, &rctx->sa_record,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ ret = dma_mapping_error(ctx->eip93->dev, rctx->sa_record_base);
+ if (ret) {
+ rctx->sa_record_base = 0;
return ret;
+ }
rctx->assoclen = 0;
rctx->textsize = req->cryptlen;
@@ -167,7 +179,6 @@ static int eip93_skcipher_crypt(struct skcipher_request *req)
rctx->ivsize = crypto_skcipher_ivsize(skcipher);
rctx->blksize = ctx->blksize;
rctx->desc_flags = EIP93_DESC_SKCIPHER;
- rctx->sa_record_base = ctx->sa_record_base;
return eip93_skcipher_send_req(async);
}
@@ -181,22 +192,19 @@ static int eip93_skcipher_encrypt(struct skcipher_request *req)
rctx->flags = tmpl->flags;
rctx->flags |= EIP93_ENCRYPT;
- return eip93_skcipher_crypt(req);
+ return eip93_skcipher_crypt(req, true);
}
static int eip93_skcipher_decrypt(struct skcipher_request *req)
{
- struct eip93_crypto_ctx *ctx = crypto_tfm_ctx(req->base.tfm);
struct eip93_cipher_reqctx *rctx = skcipher_request_ctx(req);
struct eip93_alg_template *tmpl = container_of(req->base.tfm->__crt_alg,
struct eip93_alg_template, alg.skcipher.base);
- ctx->sa_record->sa_cmd0_word |= EIP93_SA_CMD_DIRECTION_IN;
-
rctx->flags = tmpl->flags;
rctx->flags |= EIP93_DECRYPT;
- return eip93_skcipher_crypt(req);
+ return eip93_skcipher_crypt(req, false);
}
/* Available algorithms in this module */
diff --git a/drivers/crypto/inside-secure/eip93/eip93-cipher.h b/drivers/crypto/inside-secure/eip93/eip93-cipher.h
index 47e4e84ff14e..e9612696c388 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-cipher.h
+++ b/drivers/crypto/inside-secure/eip93/eip93-cipher.h
@@ -9,6 +9,7 @@
#define _EIP93_CIPHER_H_
#include "eip93-main.h"
+#include "eip93-regs.h"
struct eip93_crypto_ctx {
struct eip93_device *eip93;
@@ -16,7 +17,6 @@ struct eip93_crypto_ctx {
struct sa_record *sa_record;
u32 sa_nonce;
int blksize;
- dma_addr_t sa_record_base;
/* AEAD specific */
unsigned int authsize;
unsigned int assoclen;
@@ -32,6 +32,7 @@ struct eip93_cipher_reqctx {
unsigned int textsize;
unsigned int assoclen;
unsigned int authsize;
+ struct sa_record sa_record __aligned(CRYPTO_DMA_ALIGN);
dma_addr_t sa_record_base;
struct sa_state *sa_state;
dma_addr_t sa_state_base;
diff --git a/drivers/crypto/inside-secure/eip93/eip93-common.c b/drivers/crypto/inside-secure/eip93/eip93-common.c
index ed46730c36bc..f422c93748c9 100644
--- a/drivers/crypto/inside-secure/eip93/eip93-common.c
+++ b/drivers/crypto/inside-secure/eip93/eip93-common.c
@@ -637,6 +637,10 @@ int eip93_send_req(struct crypto_async_request *async,
DMA_TO_DEVICE);
free_sa_state:
kfree(rctx->sa_state);
+ if (rctx->sa_record_base)
+ dma_unmap_single(eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ rctx->sa_record_base = 0;
return err;
}
@@ -693,6 +697,11 @@ void eip93_handle_result(struct eip93_device *eip93, struct eip93_cipher_reqctx
sizeof(*rctx->sa_state_ctr),
DMA_FROM_DEVICE);
+ if (rctx->sa_record_base)
+ dma_unmap_single(eip93->dev, rctx->sa_record_base,
+ sizeof(rctx->sa_record), DMA_TO_DEVICE);
+ rctx->sa_record_base = 0;
+
if (rctx->sa_state)
dma_unmap_single(eip93->dev, rctx->sa_state_base,
sizeof(*rctx->sa_state),
--
2.53.0
next prev parent reply other threads:[~2026-05-24 19:45 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-24 19:45 [PATCH 0/6] crypto: eip93: fix request lifetime and completion handling Jihong Min
2026-05-24 19:45 ` [PATCH 1/6] crypto: eip93: return IRQ request errors from probe Jihong Min
2026-05-24 21:09 ` Aleksander Jan Bajkowski
2026-05-24 21:49 ` Jihong Min
2026-05-24 19:45 ` [PATCH 2/6] crypto: eip93: guard DMA cleanup on uninitialized mappings Jihong Min
2026-05-24 19:45 ` [PATCH 3/6] crypto: eip93: reject HMAC requests before setkey Jihong Min
2026-05-24 19:45 ` Jihong Min [this message]
2026-05-24 19:45 ` [PATCH 5/6] crypto: eip93: order result descriptor reads after PE_READY Jihong Min
2026-05-24 19:45 ` [PATCH 6/6] crypto: eip93: handle request ID exhaustion Jihong Min
[not found] ` <e2242046-f08c-4903-a2ea-f21d3bb241cd@wp.pl>
2026-05-24 21:47 ` Jihong Min
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260524194528.3666383-5-hurryman2212@gmail.com \
--to=hurryman2212@gmail.com \
--cc=ansuelsmth@gmail.com \
--cc=atenart@kernel.org \
--cc=benjamin.larsson@genexis.eu \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=namiltd@yahoo.com \
--cc=olek2@wp.pl \
--cc=vschagen@icloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox