There can be many ice instances present in dtsi file but
not all of them will be initialized by storage driver.
Check if crypto instance is initialized before setting
it up for data encryption/decryption usage.
Change-Id: I7c9227007474052513b277dec5963a973781c524
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Remove the out of bound access vulnerability in the qce
driver reachable via ioctl.
Change-Id: I4320cd27334eaae975f4a6ad07fb7b2e5ebccffd
Signed-off-by: Monika Singh <monising@codeaurora.org>
Add a null pointer check on sg_src to avoid a possible
null pointer dereference in qcedev driver.
Change-Id: I9d4f9147ae6c340064110381c98d064f29fd9444
Signed-off-by: Ramandeep Trehan <rtrehan@codeaurora.org>
Reset cipher_req.creq.dst and cipher_req.creq.src pointer to NULL
before returning from the function, and initialize scatterlist
variable before using it.
Change-Id: I5d5eee06a5213a05b20bf459ef0bf0c433fadbdd
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Signed-off-by: Parai Wang <fpwang@codeaurora.org>
qcedev_sha_req_cb() is only called by _sha_complete() during sha
operation, and will copy byte_count value from authdata array.
This array size is two, and only contains two byte_count value
that are used for sha operation. So make change to only copy the
first two elements from this array.
Change-Id: I535f2ec0e358870a9a2163b3c0bf154b2c8d003f
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Even if ICE device is not found it is possible
for list device API to return non NULL pointer
which will pass all NULL checks in code. Ensure
to return proper address or NULL.
Change-Id: I1465614b86f1415376b2adffeec6e4da1a33ddd5
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Check is implemented in required function as part of
new implementation.
Change-Id: I346cd27cb254abe7d9706f01a9b463750614245e
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Check areq before referencing, replace xchg to automic_xchg and
verify return values of set key during SHA operations.
Change-Id: Ife01372ba4990bfefe52b82db4ab33ef76190944
Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
Update the function return value and input scm_ret variable
type for restore secure configuration in scm_restore_sec_cfg() fn.
Adding scm_ret input variable for scm_get_feat_version() fn.
Change-Id: Ideef914ded8dfdb4c780fd27d7273986eeb41f5c
Signed-off-by: Mohammed Khajapasha <mkhaja@codeaurora.org>
Format specifier %p can leak kernel addresses while not valuing the
kptr_restrict system settings. When kptr_restrict is set to (1), kernel
pointers printed using the %pK format specifier will be replaced with 0's
Change-Id: Iff8d82b12e958b938fc767bf3e8c3a3c8fc65c2a
Signed-off-by: mohamed sunfeer <msunfeer@codeaurora.org>
Use put_user API to write the data to userspace from kernel
space to avoid accessing userspace memory directly in
kernel space.
Change-Id: I4dd73872ab8c374793268cef2b9a2dfccf3454c9
Signed-off-by: mohamed sunfeer <msunfeer@codeaurora.org>
Blocking UFS requests while ICE HW is getting
configured is not required as block layer requeues
the requests anyway.
Change-Id: I5aacf772c93eb134a3e48c79b3fbdaefd8378581
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
In newer kernel (msm-4.4 or later), for AEAD ciphering, crypto api has
been re-worked and the assoclen defines the length of association data
and iv together. But for rfc4309(ccm(aes)), iv is not part of AAD.
Therefore, change qcrypto driver to remove the iv, by subtract 8 from
assoclen for rfc4309(ccm(aes)).
Change-Id: I37eb1934d7817b5b5c33440122b68e5d37854960
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Check the digest length to avoid buffer overflow while
doing the SHA operations.
Change-Id: I4d3fb20723f59e905a672edaf84ee5d0865905b1
Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
Add NULL pointer check before accessing the new_req
variable.
Change-Id: I8460115ccb16a2c43c45394275e9519ed3c6b045
Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
In multi-threaded environment diglen variable could be modified
by multiple threads at the same time. Buffer overflow might
happen in current thread if another thread changes the diglen
variable. So add mutex locks to avoid this issue.
Change-Id: I62c63c55c028dedb1dd0eec862851bd8e818a5d3
Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>
src and dst vbuf address and length are provided from userspace,
and they are invalid if vbuf address is NULL but length is not zero.
Add additional checks in qcedev_check_cipher_params to prevent it.
Change-Id: Iadc1a0c1c5b2f7a56acd03a23c08e45b5a671b19
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Read instance type from device tree node to know the storage type
for ICE configuration, which is used to program the corresponding
ICE register during ICE reset.
Change-Id: I0eb423fb84dc89115227abc7c5688df7ae9a4a3c
Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>
TZ is called to restore key configuration in case of UFS reset
Change-Id: Id434e7f9ec6befdce97f52fd350957b66adcb15f
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
While enabling ICE setup and on error conditions, the regulator
is disabled. Before disabling the regulator, check if the
regulator is up and able to access the registers of regulator.
Change-Id: I94dd2b3e25444818f7bdf2f791f4fa9efaefce15
Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
Make sure that `len` is not larger than `count` before copying data
to userspace `buf` in _debug_stats_read().
Change-Id: Iafb7cfa3828653f8c28183c812797c3d9a183da1
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Adding user passed parameters without check might
lead to Integer overflow and unpredictable system
behaviour.
Change-Id: Iaf8259e3c4a157e1790f1447b1b62a646988b7c4
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
qcedev_vbuf_ablk_cipher will calculate total data length. It starts
with the value of "areq->cipher_op_req.byteoffset", which is controlled
by the user. Make change to check if this total data length has integer
overflow issue in qcedev_check_cipher_params.
Change-Id: Ice42dca6d47eb8febfe8a34e566c69e4799fab57
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
remove extraneous parentheses around the comparison to resolve
static analysis warning.
Change-Id: I67c755f028a8bf27e0b924cd636a1cce27e149fc
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
get_ice_device_from_storage_type can return error pointer which is
not NULL in case of error, this was not checked, changes fixes this.
Change-Id: I7dd8a068454a7bd250189ff9467c685af449f81b
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
Make change to fix AEAD operation issues due to incorrect usage of
new aead interface introduced into kernel msm-4.4.
Change-Id: I472449c52bff40d48f7d65b05e145cc47cba9357
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Make the digest length not larger than the size of the buffer
qcedev_areq.sha_op_req.digest; and use the checked variants of
the copy_from/to_user() APIs to avoid small race window of their
unchecked variants.
Change-Id: I3db0c20ac5fa47ed278f3d60368c406f472430c1
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
HLOS Crypto driver needs to set CLR_CNTXT bit for operations with
legacy software key registers
Change-Id: Iff482f726d106e99a4006f7077a171da3c7ca9c3
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Lock out interrupts during issuing dummy request in timeout to prevent from
a potential deadlock happening.
Change-Id: I986d8c36c839a1dee23761465ad331ffc31dd6ac
CRs-Fixed: 1008319
Acked-by: Che-Min Hsieh <cheminh@qti.qualcomm.com>
Signed-off-by: Yasir Malik <ymalik@codeaurora.org>
Source and Destination addresses passed by user space apps/clients
are validated independent of type of operation to mitigate kernel
address space exploitation.
Change-Id: I9ecb0103d7a73eedb2e0d1db1d5613b18dd77e59
Signed-off-by: AnilKumar Chimata <anilc@codeaurora.org>
Integer overflow check is invalid when ULONG_MAX is used,
as ULONG_MAX has typeof 'unsigned long', while areq->assoclen,
q_req->crytlen, and qreq.ivsize are 'unsigned int'. Make change
to use UINT_MAX instead of ULONG_MAX.
Change-Id: If2bb1900c07af1ea162da362c913d4880b0bc755
Signed-off-by: Zhen Kong <zkong@codeaurora.org>
Not all memory are DMA'able. See DMA-API-HOWTO.txt. The dummy hash
request input buffer is changed to be acquired from coherent memory
to kzalloc().
Change-Id: If6961217df08bcf0506eedacb07874dfafd7c1ca
CRs-Fixed: 1064055
Acked-by: Che-Min Hsieh <cheminh@qti.qualcomm.com>
Signed-off-by: Sivanesan Rajapupathi <srajap@codeaurora.org>
iovec memory for each pipe is only accessed by crypto and BAM drivers from
the CPU. It won't be accessed by crypto device. Change allocation of iovec
from coherent memory space to kernel memory space to improve performance.
Change-Id: I97162c00c37716be8b9a20393f67bda8da41e99d
Acked-by: Che-Min Hsieh <cheminh@qti.qualcomm.com>
Signed-off-by: Sivanesan Rajapupathi <srajap@codeaurora.org>
QCOM_ICE_INVALID_CCFG_ERR_STTS is now also dumped in case of error
for ICE 3.0
Change-Id: Ib7f522d0143f5131880c8c1badf4e64461810e72
Signed-off-by: Andrey Markovytch <andreym@codeaurora.org>
