• Thomas Petazzoni's avatar
    crypto: marvell - properly handle CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests · cfcd2271
    Thomas Petazzoni authored
    The mv_cesa_queue_req() function calls crypto_enqueue_request() to
    enqueue a request. In the normal case (i.e the queue isn't full), this
    function returns -EINPROGRESS. The current Marvell CESA crypto driver
    takes this into account and cleans up the request only if an error
    occured, i.e if the return value is not -EINPROGRESS.
    
    Unfortunately this causes problems with
    CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests. When such a request is
    passed to crypto_enqueue_request() and the queue is full,
    crypto_enqueue_request() will return -EBUSY, but will keep the request
    enqueued nonetheless. This situation was not properly handled by the
    Marvell CESA driver, which was anyway cleaning up the request in such
    a situation. When later on the request was taken out of the backlog
    and actually processed, a kernel crash occured due to the internal
    driver data structures for this structure having been cleaned up.
    
    To avoid this situation, this commit adds a
    mv_cesa_req_needs_cleanup() helper function which indicates if the
    request needs to be cleaned up or not after a call to
    crypto_enqueue_request(). This helper allows to do the cleanup only in
    the appropriate cases, and all call sites of mv_cesa_queue_req() are
    fixed to use this new helper function.
    Reported-by: default avatarVincent Donnefort <vdonnefort@gmail.com>
    Fixes: db509a45 ("crypto: marvell/cesa - add TDMA support")
    Cc: <stable@vger.kernel.org> # v4.2+
    Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@free-electrons.com>
    Acked-by: default avatarBoris Brezillon <boris.brezillon@free-electrons.com>
    Tested-by: default avatarVincent Donnefort <vdonnefort@gmail.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    cfcd2271
cesa.h 22 KB