Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.1.2 2022-12-31T12:32:30+00:00 2022-12-31T12:32:30+00:00 Natalia Petrova n.petrova@fintech.ru 2022-09-28T10:25:05+00:00 urn:sha1:51592cf716825faac5149187d7d594bbc1e06ea7 [ Upstream commit 094528b6a5a755b1195a01e10b13597d67d1a0e6 ] If alloc_workqueue() fails in nitrox_mbox_init() it deallocates ndev->iov.vfdev and returns error code, but then nitrox_sriov_init() calls nitrox_sriov_cleanup() where ndev->iov.vfdev is deallocated again. Fix this by nulling ndev->iov.vfdev after the first deallocation. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 9e5de3e06e54 ("crypto: cavium/nitrox - Add mailbox...") Signed-off-by: Natalia Petrova <n.petrova@fintech.ru> Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-09-30T05:57:50+00:00 ye xingchen ye.xingchen@zte.com.cn 2022-09-22T11:27:53+00:00 urn:sha1:4edff849f7a0abca962374512907b3e2151091f4 Return the value directly instead of storing it in another redundant variable. Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: ye xingchen <ye.xingchen@zte.com.cn> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-09-30T05:57:49+00:00 Dan Carpenter dan.carpenter@oracle.com 2022-09-19T06:43:27+00:00 urn:sha1:2526d6bf27d15054bb0778b2f7bc6625fd934905 The "code_length" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we try to limit the damage as much as possible. Also Smatch marks any data read from the filesystem as untrusted and prints warnings if it not capped correctly. The "ntohl(ucode->code_length) * 2" multiplication can have an integer overflow. Fixes: 9e2c7d99941d ("crypto: cavium - Add Support for Octeon-tx CPT Engine") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-08-19T10:39:36+00:00 Jason Wang wangborong@cdjrlc.com 2022-08-11T12:07:05+00:00 urn:sha1:450df3ecef4df9d94f7ca0d68527944418b2d1ed The double `the' is duplicated in the comment, remove one. Signed-off-by: Jason Wang <wangborong@cdjrlc.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-06-30T07:56:57+00:00 Jiang Jian jiangjian@cdjrlc.com 2022-06-22T16:02:22+00:00 urn:sha1:e34525c3975832971451cb0908594c310fc83cd5 Replace 'is' with 'it' file: drivers/crypto/cavium/cpt/cpt_hw_types.h line: 268 * which if the line hits and is is dirty will cause the line to be changed to: * which if the line hits and it is dirty will cause the line to be Signed-off-by: Jiang Jian <jiangjian@cdjrlc.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-04-08T08:26:43+00:00 Jakob Koschel jakobkoschel@gmail.com 2022-03-31T21:59:10+00:00 urn:sha1:7b2206d8809259b0dd297f0ccf017bf2dea98a02 When list_for_each_entry() completes the iteration over the whole list without breaking the loop, the iterator value will be a bogus pointer computed based on the head element. While it is safe to use the pointer to determine if it was computed based on the head element, either with list_entry_is_head() or &pos->member == head, using the iterator variable after the loop should be avoided. In preparation to limit the scope of a list iterator to the list traversal loop, use a dedicated pointer to point to the found element [1]. Link: https://lore.kernel.org/all/CAHk-=wgRr_D8CB-D9Kg-c=EHreAsk5SqXPwr9Y7k9sA6cWXJ6w@mail.gmail.com/ [1] Signed-off-by: Jakob Koschel <jakobkoschel@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-03-02T22:49:21+00:00 Andy Shevchenko andriy.shevchenko@linux.intel.com 2022-02-23T16:26:20+00:00 urn:sha1:959e375464912a32b9d971642d933ae71b9f0267 While in this particular case it would not be a (critical) issue, the pattern itself is bad and error prone in case the location of the parameter is changed. Don't cast parameter to unsigned long pointer in the bit operations. Instead copy to a local variable on stack of a proper type and use. Fixes: cf718eaa8f9b ("crypto: cavium/nitrox - Enabled Mailbox support") Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-03-02T22:46:19+00:00 Corentin Labbe clabbe@baylibre.com 2022-02-21T11:52:34+00:00 urn:sha1:2f5ee72ee950a677069ee8ab75af40cebba3bb3c On my renesas salavator-X, I saw some cavium driver failing crypto self-tests. But salvator does not have such hardware. This is due to cavium/zip driver registering algorithms even if hardware is not present. The solution is to move algorithm registration in the probe function. This permits also to simplify module init/exit by using module_pci_driver. Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2022-02-18T05:21:08+00:00 Corentin Labbe clabbe@baylibre.com 2022-02-09T10:21:58+00:00 urn:sha1:4ba31cdd88c9008777a48d3ac2b045dce5634389 crypto had a typo, fix it. Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2021-12-17T05:59:47+00:00 Gustavo A. R. Silva gustavoars@kernel.org 2021-12-08T01:24:59+00:00 urn:sha1:61a13714a9853fb7b342ecae7ecafad1a950309b Use 2-factor multiplication argument form kcalloc() instead of kzalloc(). Link: https://github.com/KSPP/linux/issues/162 Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>