fix lockup caused by bug in auth

The pms buffer would trigger a BUG() when passed to sg_init_one() because virt_addr_valid() returns false for stack addresses (if built with CONFIG_VMAP_STACK=y). Fix it by allocating the buffer with kmalloc() like it was before. Fixes: 87f538c ("Move buffer allocation from auth to crypto")
medusalix · Sep 17, 2024 · f2cac54 · f2cac54
1 parent 29ec357
commit f2cac54
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/auth/auth.c b/auth/auth.c
@@ -449,13 +449,17 @@ static void gip_auth_exchange_rsa(struct work_struct *work)
 					     work_exchange_rsa);
 	struct gip_auth_pkt_host_secret pkt = {};
 	u8 random[GIP_AUTH_RANDOM_LEN * 2];
-	u8 pms[GIP_AUTH_SECRET_LEN];
+	u8 *pms;
 	int err;
 
 	memcpy(random, auth->random_host, sizeof(auth->random_host));
 	memcpy(random + sizeof(auth->random_host), auth->random_client,
 	       sizeof(auth->random_client));
 
+	pms = kmalloc(GIP_AUTH_SECRET_LEN, GFP_KERNEL);
+	if (!pms)
+		return -ENOMEM;
+
 	/* get random premaster secret */
 	get_random_bytes(pms, sizeof(pms));
 
@@ -466,7 +470,7 @@ static void gip_auth_exchange_rsa(struct work_struct *work)
 	if (err) {
 		dev_err(&auth->client->dev, "%s: encrypt RSA failed: %d\n",
 			__func__, err);
-		return;
+		goto err_free_pms;
 	}
 
 	err = gip_auth_compute_prf(auth->shash_prf, "Master Secret",
@@ -476,14 +480,17 @@ static void gip_auth_exchange_rsa(struct work_struct *work)
 	if (err) {
 		dev_err(&auth->client->dev, "%s: compute PRF failed: %d\n",
 			__func__, err);
-		return;
+		goto err_free_pms;
 	}
 
 	err = gip_auth_send_pkt(auth, GIP_AUTH_CMD_HOST_SECRET,
 				&pkt, sizeof(pkt));
 	if (err)
 		dev_err(&auth->client->dev, "%s: send pkt failed: %d\n",
 			__func__, err);
+
+err_free_pms:
+	kfree(pms);
 }
 
 int gip_auth_send_complete(struct gip_client *client)