[PATCH] crypto: hifn_795x - Fix a memory leak in the error handling path of 'hifn_probe()'

[Christophe JAILLET]

'dev' is leaking in the error handling path of 'hifn_probe()'.

Add a 'kfree(dev)' to match the code in 'hifn_remove()'

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 drivers/crypto/hifn_795x.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c
index e09d4055b19e..a5a36fe7bf2c 100644
--- a/drivers/crypto/hifn_795x.c
+++ b/drivers/crypto/hifn_795x.c
@@ -2579,6 +2579,7 @@ static int hifn_probe(struct pci_dev *pdev, const struct 
pci_device_id *id)
for (i = 0; i < 3; ++i)
if (dev->bar[i])
iounmap(dev->bar[i]);
+   kfree(dev);
 
 err_out_free_regions:
pci_release_regions(pdev);
-- 
2.14.1

Re: [PATCH 1/2] crypto: lrw - Fix an error handling path in 'create()'

[Christophe JAILLET]

Le 09/10/2017 à 23:22, walter harms a écrit :

Am 08.10.2017 11:39, schrieb Christophe JAILLET:

All error handling paths 'goto err_drop_spawn' except this one.
In order to avoid some resources leak, we should do it as well here.

Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
  crypto/lrw.c | 6 --
  1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/lrw.c b/crypto/lrw.c
index a8bfae4451bf..eb681e9fe574 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -610,8 +610,10 @@ static int create(struct crypto_template *tmpl, struct 
rtattr **tb)
ecb_name[len - 1] = 0;
  
  		if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,

-"lrw(%s)", ecb_name) >= CRYPTO_MAX_ALG_NAME)

this check can be done more easy,
the length of ecb_name is len
the length of inst->alg.base.cra_name is CRYPTO_MAX_ALG_NAME
if CRYPTO_MAX_ALG_NAME-len < "lrw()" < 5
no need to involve snprintf()

just my 2 cents
re,
wh

It does not only check for the length, it also copies some data.
The test should be read: "If the copy succeeds (i.e if there is enough 
space for the copy to succeed)", and not "if the string is too long".

IMHO, the snprintf is just fine here.

CJ

-   return -ENAMETOOLONG;
+"lrw(%s)", ecb_name) >= CRYPTO_MAX_ALG_NAME) {
+   err = -ENAMETOOLONG;
+   goto err_drop_spawn;
+   }
}
  
  	inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC;

[PATCH 1/2] crypto: lrw - Fix an error handling path in 'create()'

[Christophe JAILLET]

All error handling paths 'goto err_drop_spawn' except this one.
In order to avoid some resources leak, we should do it as well here.

Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 crypto/lrw.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/lrw.c b/crypto/lrw.c
index a8bfae4451bf..eb681e9fe574 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -610,8 +610,10 @@ static int create(struct crypto_template *tmpl, struct 
rtattr **tb)
ecb_name[len - 1] = 0;
 
if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
-"lrw(%s)", ecb_name) >= CRYPTO_MAX_ALG_NAME)
-   return -ENAMETOOLONG;
+"lrw(%s)", ecb_name) >= CRYPTO_MAX_ALG_NAME) {
+   err = -ENAMETOOLONG;
+   goto err_drop_spawn;
+   }
}
 
inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC;
-- 
2.11.0

[PATCH 2/2] crypto: lrw - Check for incorrect cipher name

[Christophe JAILLET]

If the cipher name does not start with 'ecb(' we should bail out, as done
in the 'create()' function in 'crypto/xts.c'.

Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
This patch is 100% speculative.
It is based on comparison with the 'create()' function from 'crypto/xts.c'
Code looks the same, but this aditionnal test is in xts.c and not in
lrw.c.
The 2 should maybe be consistent?
---
 crypto/lrw.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/lrw.c b/crypto/lrw.c
index eb681e9fe574..92df312b8c6e 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -614,7 +614,8 @@ static int create(struct crypto_template *tmpl, struct 
rtattr **tb)
err = -ENAMETOOLONG;
goto err_drop_spawn;
}
-   }
+   } else
+   goto err_drop_spawn;
 
inst->alg.base.cra_flags = alg->base.cra_flags & CRYPTO_ALG_ASYNC;
inst->alg.base.cra_priority = alg->base.cra_priority;
-- 
2.11.0

[PATCH 0/2] crypto: lrw - Fixes for the 'create()' function

[Christophe JAILLET]

The first patch is the same as the one committed for crypto/xts.c applied a
few days ago.
(commit 5125e4e867ab ("crypto: xts - Fix an error handling path in 'create()'")
in /git/herbert/crypto-2.6.git)

The 2nd one is a pure speculation from me.
The create function in 'crypto/xts.c' and 'crypto/lrw.c' look very
similar.
However, there is one more sanity check in xts. This patch proposes to
add the same test in lrw. Not sure at all if correct!
I just send it for consistency.

Christophe JAILLET (2):
  crypto: lrw - Fix an error handling path in 'create()'
  crypto: lrw - Check for incorrect cipher name

 crypto/lrw.c | 9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

-- 
2.11.0

[PATCH] crypto: xts - Fix an error handling path in 'create()'

[Christophe JAILLET]

All error handling paths 'goto err_drop_spawn' except this one.
In order to avoid some resources leak, we should do it as well here.

Fixes: f1c131b45410 ("crypto: xts - Convert to skcipher")
Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 crypto/xts.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/xts.c b/crypto/xts.c
index d86c11a8c882..e31828ed0046 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -554,8 +554,10 @@ static int create(struct crypto_template *tmpl, struct 
rtattr **tb)
ctx->name[len - 1] = 0;
 
if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
-"xts(%s)", ctx->name) >= CRYPTO_MAX_ALG_NAME)
-   return -ENAMETOOLONG;
+"xts(%s)", ctx->name) >= CRYPTO_MAX_ALG_NAME) {
+   err = -ENAMETOOLONG;
+   goto err_drop_spawn;
+   }
} else
goto err_drop_spawn;
 
-- 
2.11.0

[PATCH] crypto: cavium/nitrox - Fix an error handling path in 'nitrox_probe()'

[Christophe JAILLET]

'err' is known to be 0 at this point.
If 'kzalloc()' fails, returns -ENOMEM instead of 0 which means success.

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 drivers/crypto/cavium/nitrox/nitrox_main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/cavium/nitrox/nitrox_main.c 
b/drivers/crypto/cavium/nitrox/nitrox_main.c
index 9ccefb9b7232..fee7cb2ce747 100644
--- a/drivers/crypto/cavium/nitrox/nitrox_main.c
+++ b/drivers/crypto/cavium/nitrox/nitrox_main.c
@@ -513,8 +513,10 @@ static int nitrox_probe(struct pci_dev *pdev,
pci_set_master(pdev);
 
ndev = kzalloc(sizeof(*ndev), GFP_KERNEL);
-   if (!ndev)
+   if (!ndev) {
+   err = -ENOMEM;
goto ndev_fail;
+   }
 
pci_set_drvdata(pdev, ndev);
ndev->pdev = pdev;
-- 
2.11.0

[PATCH] crypto: inside-secure - fix an error handling path in safexcel_probe()

[Christophe JAILLET]

'ret' is known to be 0 at this point.
If 'safexcel_request_ring_irq()' fails, it returns an error code.
Return this value instead of 0 which means success.

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 drivers/crypto/inside-secure/safexcel.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/inside-secure/safexcel.c 
b/drivers/crypto/inside-secure/safexcel.c
index 1fabd4aee81b..89ba9e85c0f3 100644
--- a/drivers/crypto/inside-secure/safexcel.c
+++ b/drivers/crypto/inside-secure/safexcel.c
@@ -839,9 +839,10 @@ static int safexcel_probe(struct platform_device *pdev)
snprintf(irq_name, 6, "ring%d", i);
irq = safexcel_request_ring_irq(pdev, irq_name, 
safexcel_irq_ring,
ring_irq);
-
-   if (irq < 0)
+   if (irq < 0) {
+   ret = irq;
goto err_clk;
+   }
 
priv->ring[i].work_data.priv = priv;
priv->ring[i].work_data.ring = i;
-- 
2.11.0

[PATCH] crypto: ixp4xx - Fix error handling path in 'aead_perform()'

[Christophe JAILLET]

In commit 0f987e25cb8a, the source processing has been moved in front of
the destination processing, but the error handling path has not been
modified accordingly.
Free resources in the correct order to avoid some leaks.

Fixes: 0f987e25cb8a ("crypto: ixp4xx - Fix false lastlen uninitialised warning")
Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 drivers/crypto/ixp4xx_crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c
index 427cbe012729..1ccbe15b5f16 100644
--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -1088,10 +1088,10 @@ static int aead_perform(struct aead_request *req, int 
encrypt,
BUG_ON(qmgr_stat_overflow(SEND_QID));
return -EINPROGRESS;
 
-free_buf_src:
-   free_buf_chain(dev, req_ctx->src, crypt->src_buf);
 free_buf_dst:
free_buf_chain(dev, req_ctx->dst, crypt->dst_buf);
+free_buf_src:
+   free_buf_chain(dev, req_ctx->src, crypt->src_buf);
crypt->ctl_flags = CTL_FLAG_UNUSED;
return -ENOMEM;
 }
-- 
2.11.0

[PATCH] crypto: crypto4xx - fix an error code

[Christophe JAILLET]

If 'kzalloc' fails, we return 0 which means success.
return -ENOMEM instead as already done a few lines above.

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 drivers/crypto/amcc/crypto4xx_core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/crypto/amcc/crypto4xx_core.c 
b/drivers/crypto/amcc/crypto4xx_core.c
index fdc83a2281ca..65dc78b91dea 100644
--- a/drivers/crypto/amcc/crypto4xx_core.c
+++ b/drivers/crypto/amcc/crypto4xx_core.c
@@ -1179,6 +1179,7 @@ static int crypto4xx_probe(struct platform_device *ofdev)
dev_set_drvdata(dev, core_dev);
core_dev->ofdev = ofdev;
core_dev->dev = kzalloc(sizeof(struct crypto4xx_device), GFP_KERNEL);
+   rc = -ENOMEM;
if (!core_dev->dev)
goto err_alloc_dev;
 
-- 
2.11.0

[PATCH v2] crypto: chcr - Fix error handling related to 'chcr_alloc_shash'

[Christophe JAILLET]

Up to now, 'crypto_alloc_shash()' may return a valid pointer, an error
pointer or NULL (in case of invalid parameter)
Update it to always return an error pointer in case of error. It now
returns ERR_PTR(-EINVAL) instead of NULL in case of invalid parameter.

This simplifies error handling.

Also fix a crash in 'chcr_authenc_setkey()' if 'chcr_alloc_shash()'
returns an error pointer and the "goto out" path is taken.

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
v2: Modify 'chcr_alloc_shash' to return ERR_PTR(-EINVAL) instead of NULL
in case of invalid parameter.
---
 drivers/crypto/chelsio/chcr_algo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 41bc7f4f58cd..1fb1ac9d70b1 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -294,7 +294,7 @@ static inline void get_aes_decrypt_key(unsigned char 
*dec_key,
 
 static struct crypto_shash *chcr_alloc_shash(unsigned int ds)
 {
-   struct crypto_shash *base_hash = NULL;
+   struct crypto_shash *base_hash = ERR_PTR(-EINVAL);
 
switch (ds) {
case SHA1_DIGEST_SIZE:
@@ -2259,7 +2259,7 @@ static int chcr_authenc_setkey(struct crypto_aead 
*authenc, const u8 *key,
int err = 0, i, key_ctx_len = 0;
unsigned char ck_size = 0;
unsigned char pad[CHCR_HASH_MAX_BLOCK_SIZE_128] = { 0 };
-   struct crypto_shash *base_hash = NULL;
+   struct crypto_shash *base_hash = ERR_PTR(-EINVAL);
struct algo_param param;
int align;
u8 *o_ptr = NULL;
@@ -2351,7 +2351,7 @@ static int chcr_authenc_setkey(struct crypto_aead 
*authenc, const u8 *key,
}
 out:
aeadctx->enckey_len = 0;
-   if (base_hash)
+   if (!IS_ERR(base_hash))
chcr_free_shash(base_hash);
return -EINVAL;
 }
-- 
2.11.0

Re: [PATCH 2/2] crypto: chcr - Fix error checking

[Christophe JAILLET]

Le 13/04/2017 à 18:13, Dan Carpenter a écrit :

On Thu, Apr 13, 2017 at 08:37:50PM +0530, Harsh Jain wrote:

On Thu, Apr 13, 2017 at 8:20 PM, Christophe JAILLET
<christophe.jail...@wanadoo.fr> wrote:

Le 13/04/2017 à 16:04, Dan Carpenter a écrit :

On Thu, Apr 13, 2017 at 02:14:30PM +0200, Christophe JAILLET wrote:

If 'chcr_alloc_shash()' a few lines above fails, 'base_hash' can be an
error pointer when we 'goto out'.
So checking for NULL here is not enough because it is likely that
'chcr_free_shash' will crash if we pass an error pointer.

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
Another solution, amybe safer, would be to instrument 'chcr_free_shash'
or
'crypto_free_shash' to accept an error pointer and return immediatelly in
such a case.
---
   drivers/crypto/chelsio/chcr_algo.c | 2 +-
   1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c
b/drivers/crypto/chelsio/chcr_algo.c
index f19590ac8775..41750b97f43c 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2351,7 +2351,7 @@ static int chcr_authenc_setkey(struct crypto_aead
*authenc, const u8 *key,
 }
   out:
 aeadctx->enckey_len = 0;
-   if (base_hash)
+   if (!IS_ERR_OR_NULL(base_hash))
 chcr_free_shash(base_hash);

Ah...  Ok.  Fine, but redo the first patch anyway because it shouldn't
ever be NULL.

regards,
dan carpenter

Hi Dan,

I will update the first patch as you proposed in order to:
- teach 'chcr_alloc_shash' not to return NULL
- initialize 'base_hash' with ERR_PTR(-EINVAL)
- update the above test to !IS_ERR.
The 2 patches will be merged in only 1.

Thanks for your suggestions.

Thanks for pointing the error. or You can simply return instead of
goto. Just like that.

  1.3 @@ -2455,7 +2455,8 @@ static int chcr_authenc_setkey(struct cr
  1.4   base_hash  = chcr_alloc_shash(max_authsize);
  1.5   if (IS_ERR(base_hash)) {
  1.6   pr_err("chcr : Base driver cannot be loaded\n");
  1.7 - goto out;
  1.8 + aeadctx->enckey_len = 0;
  1.9 + return -EINVAL;

Don't do that.  There should be a goto.

regards,
dan carpenter



Agreed.

Having direct return after some other gotos statement puzzles my 
coccinelle scripts and are spurious (at least IMHO).


best regards,
CJ

Re: [PATCH 2/2] crypto: chcr - Fix error checking

[Christophe JAILLET]

Le 13/04/2017 à 16:04, Dan Carpenter a écrit :

On Thu, Apr 13, 2017 at 02:14:30PM +0200, Christophe JAILLET wrote:

If 'chcr_alloc_shash()' a few lines above fails, 'base_hash' can be an
error pointer when we 'goto out'.
So checking for NULL here is not enough because it is likely that
'chcr_free_shash' will crash if we pass an error pointer.

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
Another solution, amybe safer, would be to instrument 'chcr_free_shash' or
'crypto_free_shash' to accept an error pointer and return immediatelly in
such a case.
---
  drivers/crypto/chelsio/chcr_algo.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index f19590ac8775..41750b97f43c 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2351,7 +2351,7 @@ static int chcr_authenc_setkey(struct crypto_aead 
*authenc, const u8 *key,
}
  out:
aeadctx->enckey_len = 0;
-   if (base_hash)
+   if (!IS_ERR_OR_NULL(base_hash))
chcr_free_shash(base_hash);

Ah...  Ok.  Fine, but redo the first patch anyway because it shouldn't
ever be NULL.

regards,
dan carpenter

Hi Dan,

I will update the first patch as you proposed in order to:
   - teach 'chcr_alloc_shash' not to return NULL
   - initialize 'base_hash' with ERR_PTR(-EINVAL)
   - update the above test to !IS_ERR.
The 2 patches will be merged in only 1.

Thanks for your suggestions.

Best regards,
CJ

[PATCH 2/2] crypto: chcr - Fix error checking

[Christophe JAILLET]

If 'chcr_alloc_shash()' a few lines above fails, 'base_hash' can be an
error pointer when we 'goto out'.
So checking for NULL here is not enough because it is likely that
'chcr_free_shash' will crash if we pass an error pointer.

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
Another solution, amybe safer, would be to instrument 'chcr_free_shash' or
'crypto_free_shash' to accept an error pointer and return immediatelly in
such a case.
---
 drivers/crypto/chelsio/chcr_algo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index f19590ac8775..41750b97f43c 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2351,7 +2351,7 @@ static int chcr_authenc_setkey(struct crypto_aead 
*authenc, const u8 *key,
}
 out:
aeadctx->enckey_len = 0;
-   if (base_hash)
+   if (!IS_ERR_OR_NULL(base_hash))
chcr_free_shash(base_hash);
return -EINVAL;
 }
-- 
2.11.0

[PATCH 0/2] Fix/improve some error handling related to 'chcr_alloc_shash'

[Christophe JAILLET]

This serie is divided into 2 patches. They are more or less related to the
same issue, but the first patch is not a bug in itself, just a clean-up
(IMHO).
If I'm correct, the 2nd one, is a real (unlikely) issue.

Christophe JAILLET (2):
  crypto: chcr - Improve error checking
  crypto: chcr - Fix error checking

 drivers/crypto/chelsio/chcr_algo.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.11.0

[PATCH 1/2] crypto: chcr - Improve error checking

[Christophe JAILLET]

'chcr_alloc_shash()' can return NULL. Here it is not possible because this
code is reached only if 'get_alg_config()' a few lines above has succeeded.
So we are garanteed that the value of 'max_authsize' is a correct
parameter.
Anyway, this is harmless to add a check for NULL.

Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 drivers/crypto/chelsio/chcr_algo.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/chelsio/chcr_algo.c 
b/drivers/crypto/chelsio/chcr_algo.c
index 41bc7f4f58cd..f19590ac8775 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -2294,7 +2294,7 @@ static int chcr_authenc_setkey(struct crypto_aead 
*authenc, const u8 *key,
aeadctx->enckey_len << 3);
 
base_hash  = chcr_alloc_shash(max_authsize);
-   if (IS_ERR(base_hash)) {
+   if (IS_ERR_OR_NULL(base_hash)) {
pr_err("chcr : Base driver cannot be loaded\n");
goto out;
}
-- 
2.11.0

[PATCH] crypto: crypto4xx - Fix size used in dma_free_coherent()

[Christophe JAILLET]

The size used in 'dma_free_coherent()' looks un-initialized here.
ctx->sa_len is set a few lines below and is apparently not set by the
caller.
So use 'size' as in the corresponding 'dma_alloc_coherent()' a few lines
above.

This has been spotted with coccinelle, using the following script:

@r@
expression x0, x1, y0, y1, z0, z1, t0, t1, ret;
@@

*   ret = dma_alloc_coherent(x0, y0, z0, t0);
...
*   dma_free_coherent(x1, y1, ret, t1);


@script:python@
y0 << r.y0;
y1 << r.y1;

@@
if y1.find(y0) == -1:
 print "WARNING: sizes look different:  '%s'   vs   '%s'" % (y0, y1)


Signed-off-by: Christophe JAILLET <christophe.jail...@wanadoo.fr>
---
 drivers/crypto/amcc/crypto4xx_core.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/crypto/amcc/crypto4xx_core.c 
b/drivers/crypto/amcc/crypto4xx_core.c
index dae1e39139e9..d10b4ae5e0da 100644
--- a/drivers/crypto/amcc/crypto4xx_core.c
+++ b/drivers/crypto/amcc/crypto4xx_core.c
@@ -135,8 +135,7 @@ int crypto4xx_alloc_sa(struct crypto4xx_ctx *ctx, u32 size)
ctx->sa_out = dma_alloc_coherent(ctx->dev->core_dev->device, size * 4,
 >sa_out_dma_addr, GFP_ATOMIC);
if (ctx->sa_out == NULL) {
-   dma_free_coherent(ctx->dev->core_dev->device,
- ctx->sa_len * 4,
+   dma_free_coherent(ctx->dev->core_dev->device, size * 4,
  ctx->sa_in, ctx->sa_in_dma_addr);
return -ENOMEM;
}
-- 
2.7.4

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] crypto: omap: Free memory in error path

[Christophe Jaillet]

If only one of the 2 __get_free_pages fails, then there is a memory leak

Signed-off-by: Christophe Jaillet christophe.jail...@wanadoo.fr
---
 drivers/crypto/omap-aes.c | 2 ++
 drivers/crypto/omap-des.c | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index f79dd41..c2f9333 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -577,6 +577,8 @@ static int omap_aes_copy_sgs(struct omap_aes_dev *dd)
buf_out = (void *)__get_free_pages(GFP_ATOMIC, pages);
 
if (!buf_in || !buf_out) {
+   free_page((unsigned long)buf_out);
+   free_page((unsigned long)buf_in);
pr_err(Couldn't allocated pages for unaligned cases.\n);
return -1;
}
diff --git a/drivers/crypto/omap-des.c b/drivers/crypto/omap-des.c
index 0b8dcf5..a2f6ca1 100644
--- a/drivers/crypto/omap-des.c
+++ b/drivers/crypto/omap-des.c
@@ -570,6 +570,8 @@ static int omap_des_copy_sgs(struct omap_des_dev *dd)
buf_out = (void *)__get_free_pages(GFP_ATOMIC, pages);
 
if (!buf_in || !buf_out) {
+   free_page((unsigned long)buf_out);
+   free_page((unsigned long)buf_in);
pr_err(Couldn't allocated pages for unaligned cases.\n);
return -1;
}
-- 
2.1.0

--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] crypto: omap: Free memory in error path

[Christophe JAILLET]

Oups,

should be:
 free_pages((unsigned long)buf_out, pages);
 free_pages((unsigned long)buf_in, pages);


CJ

Le 26/01/2015 06:40, Christophe Jaillet a écrit :

If only one of the 2 __get_free_pages fails, then there is a memory leak

Signed-off-by: Christophe Jaillet christophe.jail...@wanadoo.fr
---
  drivers/crypto/omap-aes.c | 2 ++
  drivers/crypto/omap-des.c | 2 ++
  2 files changed, 4 insertions(+)

diff --git a/drivers/crypto/omap-aes.c b/drivers/crypto/omap-aes.c
index f79dd41..c2f9333 100644
--- a/drivers/crypto/omap-aes.c
+++ b/drivers/crypto/omap-aes.c
@@ -577,6 +577,8 @@ static int omap_aes_copy_sgs(struct omap_aes_dev *dd)
buf_out = (void *)__get_free_pages(GFP_ATOMIC, pages);
  
  	if (!buf_in || !buf_out) {

+   free_page((unsigned long)buf_out);
+   free_page((unsigned long)buf_in);
pr_err(Couldn't allocated pages for unaligned cases.\n);
return -1;
}
diff --git a/drivers/crypto/omap-des.c b/drivers/crypto/omap-des.c
index 0b8dcf5..a2f6ca1 100644
--- a/drivers/crypto/omap-des.c
+++ b/drivers/crypto/omap-des.c
@@ -570,6 +570,8 @@ static int omap_des_copy_sgs(struct omap_des_dev *dd)
buf_out = (void *)__get_free_pages(GFP_ATOMIC, pages);
  
  	if (!buf_in || !buf_out) {

+   free_page((unsigned long)buf_out);
+   free_page((unsigned long)buf_in);
pr_err(Couldn't allocated pages for unaligned cases.\n);
return -1;
}


--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] crypto: atmel: Free memory in error path

[Christophe Jaillet]

If only one of the 2 __get_free_pages fails, then there is a memory leak.

Signed-off-by: Christophe Jaillet christophe.jail...@wanadoo.fr
---
 drivers/crypto/atmel-aes.c  | 2 +-
 drivers/crypto/atmel-tdes.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/atmel-aes.c b/drivers/crypto/atmel-aes.c
index 53d1c33..6597aac 100644
--- a/drivers/crypto/atmel-aes.c
+++ b/drivers/crypto/atmel-aes.c
@@ -673,9 +673,9 @@ err_map_out:
dma_unmap_single(dd-dev, dd-dma_addr_in, dd-buflen,
DMA_TO_DEVICE);
 err_map_in:
+err_alloc:
free_page((unsigned long)dd-buf_out);
free_page((unsigned long)dd-buf_in);
-err_alloc:
if (err)
pr_err(error: %d\n, err);
return err;
diff --git a/drivers/crypto/atmel-tdes.c b/drivers/crypto/atmel-tdes.c
index 5e7c896..258772d 100644
--- a/drivers/crypto/atmel-tdes.c
+++ b/drivers/crypto/atmel-tdes.c
@@ -376,9 +376,9 @@ err_map_out:
dma_unmap_single(dd-dev, dd-dma_addr_in, dd-buflen,
DMA_TO_DEVICE);
 err_map_in:
+err_alloc:
free_page((unsigned long)dd-buf_out);
free_page((unsigned long)dd-buf_in);
-err_alloc:
if (err)
pr_err(error: %d\n, err);
return err;
-- 
2.1.0

--
To unsubscribe from this list: send the line unsubscribe linux-crypto in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html