Devicetree
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Saravanakrishnan Krishnamoorthy" <skrishnamoorthy@rambus.com>
Cc: robh@kernel.org, conor+dt@kernel.org, devicetree@vger.kernel.org
Subject: Re: [PATCH v2 07/19] crypto: cmh - add SM3 ahash
Date: Thu, 09 Jul 2026 20:47:04 +0000	[thread overview]
Message-ID: <20260709204704.BC0771F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260709203037.1884436-8-skrishnamoorthy@rambus.com>

Thank you for your contribution! Sashiko AI review found 5 potential issue(s) to consider:
- [High] Linearizing arbitrarily large ahash input buffers via kmalloc restricts request sizes and risks deterministic allocation failures.
- [High] DMA mapping an inline array (rctx->checkpoint) potentially on the stack violates the DMA API, causing cacheline sharing and vmap stack corruption.
- [High] An integer overflow when calculating total available data leads to a massive heap buffer overflow.
- [Medium] cmh_sm3_export leaks uninitialized memory into the exported state buffer.
- [Medium] Missing endianness conversions when populating hardware command descriptors.
--

--- Patch [7]: [PATCH v2 07/19] crypto: cmh - add SM3 ahash ---
commit 28c61ed61efa5f206b21de41a5196e656d04ad75
Author: Alex Ousherovitch <aousherovitch@rambus.com>

crypto: cmh - add SM3 ahash

Register the SM3 ahash algorithm using the CMH SM3 core (core ID
0x05).  Supports incremental update/finup/final and export/import.

> diff --git a/drivers/crypto/cmh/cmh_sm3.c b/drivers/crypto/cmh/cmh_sm3.c
> new file mode 100644
> --- /dev/null
> +++ b/drivers/crypto/cmh/cmh_sm3.c
> @@ -0,0 +1,651 @@
[ ... ]
> +struct cmh_sm3_reqctx {
> +	int    error;
> +	u32    hw_started;
> +	u32    buf_len;
> +	u32    has_checkpoint;
> +	u8     checkpoint[SM3_CONTEXT_SIZE]; /* SM3 context from last SAVE */

[Severity: High]
Can this structure be allocated on the stack?

The crypto framework often allocates ahash request contexts on the stack
using AHASH_REQUEST_ON_STACK. If CONFIG_VMAP_STACK is enabled, mapping this
inline checkpoint array for DMA via cmh_dma_map_single() will pass a
vmalloc address, which yields an invalid physical address.

Additionally, since the checkpoint array isn't cacheline aligned, could
DMA operations corrupt adjacent fields in the context on non-coherent
architectures?

> +	/* DMA state for current async operation */
> +	dma_addr_t ckpt_dma;
> +	dma_addr_t save_dma;
[ ... ]
> +static void vcq_add_sm3_update(struct vcq_cmd *slot, u32 core_id, u64 input_phys, u32 len)
> +{
> +	memset(slot, 0, sizeof(*slot));
> +	slot->magic = VCQ_CMD_MAGIC;
> +	slot->id = VCQ_CMD_ID(core_id, 0, 1, SM3_CMD_UPDATE);
> +	slot->hwc.sm3.cmd_update.input = input_phys;
> +	slot->hwc.sm3.cmd_update.inlen = len;
> +}

[Severity: Medium]
Does the hardware expect a specific endianness for these command descriptors?

The CPU-native values are assigned directly to the hardware command structure.
If this driver is built on a Big-Endian architecture and the hardware expects
Little-Endian (which is typical for PCIe/SoCs), will these values be
interpreted correctly without explicit conversions like cpu_to_le64()?

[ ... ]
> +static int cmh_sm3_update(struct ahash_request *req)
> +{
> +	struct cmh_sm3_reqctx *rctx = ahash_request_ctx(req);
> +	struct vcq_cmd cmds[CMH_SM3_MAX_PAYLOAD];
> +	struct core_dispatch d;
> +	u32 total_avail, full_len, tail_len, from_src;
> +	u32 idx;
> +	int ret;
> +	gfp_t gfp;
> +
> +	if (rctx->error)
> +		return rctx->error;
> +
> +	if (!req->nbytes)
> +		return 0;
> +
> +	gfp = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ?
> +	      GFP_KERNEL : GFP_ATOMIC;
> +
> +	total_avail = rctx->buf_len + req->nbytes;
> +
> +	if (total_avail < CMH_SM3_BLOCK_SIZE) {

[Severity: High]
Could this arithmetic wrap around if a caller provides a very large request?

If req->nbytes is close to U32_MAX, total_avail can overflow and become
less than CMH_SM3_BLOCK_SIZE. The code would then bypass the block size
check and execute:

    scatterwalk_map_and_copy(rctx->buf + rctx->buf_len,
                             req->src, 0,
                             req->nbytes, 0);

Would this attempt to copy gigabytes of data into the 64-byte rctx->buf,
causing a massive buffer overflow?

> +		if (req->base.flags & CRYPTO_AHASH_REQ_VIRT)
> +			memcpy(rctx->buf + rctx->buf_len,
> +			       req->svirt, req->nbytes);
> +		else
> +			scatterwalk_map_and_copy(rctx->buf + rctx->buf_len,
> +						 req->src, 0,
> +						 req->nbytes, 0);
> +		rctx->buf_len = total_avail;
> +		return 0;
> +	}
> +
> +	full_len = total_avail - total_avail % CMH_SM3_BLOCK_SIZE;
> +	tail_len = total_avail - full_len;
> +	from_src = full_len - rctx->buf_len;
> +
> +	rctx->data_buf = kmalloc(full_len, gfp);

[Severity: High]
Is it safe to assume the input data will always fit in a contiguous kmalloc
allocation?

The ahash API contract requires drivers to handle arbitrarily large inputs
(e.g., multi-megabyte requests from IPsec or dm-verity). Bouncing the
entire scatterlist into a single contiguous buffer via kmalloc() will fail
deterministically for sizes exceeding KMALLOC_MAX_SIZE, or earlier due to
memory fragmentation.

Should the driver process the scatterlist in bounded chunks instead of
attempting to linearize it entirely?

[ ... ]
> +static int cmh_sm3_export(struct ahash_request *req, void *out)
> +{
> +	struct cmh_sm3_reqctx *rctx = ahash_request_ctx(req);
> +	struct cmh_sm3_export_state *state = out;
> +
> +	if (rctx->hw_started && rctx->has_checkpoint)
> +		memcpy(state->checkpoint, rctx->checkpoint, SM3_CONTEXT_SIZE);
> +	else
> +		memset(state->checkpoint, 0, SM3_CONTEXT_SIZE);
> +
> +	if (rctx->buf_len > 0)
> +		memcpy(state->buf, rctx->buf, rctx->buf_len);

[Severity: Medium]
Does this leave the remainder of the export buffer uninitialized?

If rctx->buf_len is less than CMH_SM3_BLOCK_SIZE, the trailing bytes in
state->buf are never initialized. Since the state buffer is provided by the
caller (e.g., via crypto_ahash_export) and could be an uninitialized socket
allocation from AF_ALG, could this leak kernel memory if the state is later
exposed to userspace?

> +
> +	state->buf_len = rctx->buf_len;
> +	state->hw_started = rctx->hw_started;
> +
> +	return 0;
> +}

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260709203037.1884436-1-skrishnamoorthy@rambus.com?part=7

  reply	other threads:[~2026-07-09 20:47 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-09 20:30 [PATCH v2 00/19] crypto: cmh - add CRI CryptoManager Hub driver Saravanakrishnan Krishnamoorthy
2026-07-09 20:30 ` [PATCH v2 01/19] dt-bindings: crypto: add Rambus CryptoManager Hub Saravanakrishnan Krishnamoorthy
2026-07-09 20:38   ` sashiko-bot
2026-07-10  8:58   ` Conor Dooley
2026-07-10 23:14     ` Ousherovitch, Alex
2026-07-09 20:30 ` [PATCH v2 02/19] crypto: cmh - add core platform driver Saravanakrishnan Krishnamoorthy
2026-07-09 20:49   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 03/19] crypto: cmh - add key provisioning and management Saravanakrishnan Krishnamoorthy
2026-07-09 20:49   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 04/19] crypto: cmh - add SHA-2/SHA-3/SHAKE ahash Saravanakrishnan Krishnamoorthy
2026-07-09 20:45   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 05/19] crypto: cmh - add HMAC ahash Saravanakrishnan Krishnamoorthy
2026-07-09 20:42   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 06/19] crypto: cmh - add CSHAKE/KMAC ahash Saravanakrishnan Krishnamoorthy
2026-07-09 20:47   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 07/19] crypto: cmh - add SM3 ahash Saravanakrishnan Krishnamoorthy
2026-07-09 20:47   ` sashiko-bot [this message]
2026-07-09 20:30 ` [PATCH v2 08/19] crypto: cmh - add AES skcipher/aead/cmac Saravanakrishnan Krishnamoorthy
2026-07-09 20:47   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 09/19] crypto: cmh - add SM4 skcipher/aead/cmac/xcbc Saravanakrishnan Krishnamoorthy
2026-07-09 20:49   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 10/19] crypto: cmh - add ChaCha20-Poly1305 Saravanakrishnan Krishnamoorthy
2026-07-09 20:46   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 11/19] crypto: cmh - add DRBG hwrng Saravanakrishnan Krishnamoorthy
2026-07-09 20:54   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 12/19] crypto: cmh - add RSA akcipher Saravanakrishnan Krishnamoorthy
2026-07-09 20:57   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 13/19] crypto: cmh - add ECDSA/SM2 sig Saravanakrishnan Krishnamoorthy
2026-07-09 21:04   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 14/19] crypto: cmh - add ECDH/X25519 kpp Saravanakrishnan Krishnamoorthy
2026-07-09 21:08   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 15/19] crypto: cmh - add ML-KEM/ML-DSA (QSE) Saravanakrishnan Krishnamoorthy
2026-07-09 21:03   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 16/19] crypto: cmh - add SLH-DSA/LMS/XMSS (HCQ) Saravanakrishnan Krishnamoorthy
2026-07-09 21:02   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 17/19] Documentation: ioctl: add CMH ioctl documentation and register 'J' Saravanakrishnan Krishnamoorthy
2026-07-09 20:54   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 18/19] selftests: crypto: cmh - add kselftest for management ioctl Saravanakrishnan Krishnamoorthy
2026-07-09 20:54   ` sashiko-bot
2026-07-09 20:30 ` [PATCH v2 19/19] MAINTAINERS: add Rambus CryptoManager Hub (CMH) Saravanakrishnan Krishnamoorthy
2026-07-10  1:04   ` Randy Dunlap

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260709204704.BC0771F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=conor+dt@kernel.org \
    --cc=devicetree@vger.kernel.org \
    --cc=robh@kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    --cc=skrishnamoorthy@rambus.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox