Hi Antoine,
On 30.11.2017 10:29, Antoine Tenart wrote:
> Hi Kamil,
>
> On Thu, Nov 30, 2017 at 10:19:26AM +0100, Kamil Konieczny wrote:
>> On 28.11.2017 16:42, Antoine Tenart wrote:
>>> The patch fixes the ahash support by only updating the result buffer
>>> when provided. Otherwise the driver could crash with NULL pointer
>>> exceptions, because the ahash caller isn't required to supply a result
>>> buffer on all calls.
>>
>> Can you point to bug crush report ?
>
> Do you want the crash dump? (It'll only be a "normal" NULL pointer
> dereference).
Ah I see, in this case not.
>>> Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto
>>> engine driver")
>>> Signed-off-by: Antoine Tenart <[email protected]>
>>> ---
>>> drivers/crypto/inside-secure/safexcel_hash.c | 7 ++++++-
>>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/crypto/inside-secure/safexcel_hash.c
>>> b/drivers/crypto/inside-secure/safexcel_hash.c
>>> index 6135c9f5742c..424f4c5d4d25 100644
>>> --- a/drivers/crypto/inside-secure/safexcel_hash.c
>>> +++ b/drivers/crypto/inside-secure/safexcel_hash.c
>>> @@ -150,7 +150,12 @@ static int safexcel_handle_req_result(struct
>>> safexcel_crypto_priv *priv, int rin
>>>
>>> if (sreq->finish)
>>> result_sz = crypto_ahash_digestsize(ahash);
>>> - memcpy(sreq->state, areq->result, result_sz);
>> [...]
>> can the driver get request for final/finup/digest with null req->result ?
>
> I don't think that can happen. But having an update called without
> req->result provided is a valid call (though it's not well documented).
so maybe:
if (sreq->finish) {
result_sz = crypto_ahash_digestsize(ahash);
memcpy(sreq->state, areq->result, result_sz);
}
--
Best regards,
Kamil Konieczny
Samsung R&D Institute Poland
