From f2cac543ef6f8be65fb68d4b5b54cdc526fbdc66 Mon Sep 17 00:00:00 2001 From: Artur Paszkiewicz Date: Tue, 17 Sep 2024 23:03:14 +0200 Subject: [PATCH] fix lockup caused by bug in auth The pms buffer would trigger a BUG() when passed to sg_init_one() because virt_addr_valid() returns false for stack addresses (if built with CONFIG_VMAP_STACK=y). Fix it by allocating the buffer with kmalloc() like it was before. Fixes: 87f538ca0c31 ("Move buffer allocation from auth to crypto") --- auth/auth.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/auth/auth.c b/auth/auth.c index f12b744..dac4d51 100644 --- a/auth/auth.c +++ b/auth/auth.c @@ -449,13 +449,17 @@ static void gip_auth_exchange_rsa(struct work_struct *work) work_exchange_rsa); struct gip_auth_pkt_host_secret pkt = {}; u8 random[GIP_AUTH_RANDOM_LEN * 2]; - u8 pms[GIP_AUTH_SECRET_LEN]; + u8 *pms; int err; memcpy(random, auth->random_host, sizeof(auth->random_host)); memcpy(random + sizeof(auth->random_host), auth->random_client, sizeof(auth->random_client)); + pms = kmalloc(GIP_AUTH_SECRET_LEN, GFP_KERNEL); + if (!pms) + return -ENOMEM; + /* get random premaster secret */ get_random_bytes(pms, sizeof(pms)); @@ -466,7 +470,7 @@ static void gip_auth_exchange_rsa(struct work_struct *work) if (err) { dev_err(&auth->client->dev, "%s: encrypt RSA failed: %d\n", __func__, err); - return; + goto err_free_pms; } err = gip_auth_compute_prf(auth->shash_prf, "Master Secret", @@ -476,7 +480,7 @@ static void gip_auth_exchange_rsa(struct work_struct *work) if (err) { dev_err(&auth->client->dev, "%s: compute PRF failed: %d\n", __func__, err); - return; + goto err_free_pms; } err = gip_auth_send_pkt(auth, GIP_AUTH_CMD_HOST_SECRET, @@ -484,6 +488,9 @@ static void gip_auth_exchange_rsa(struct work_struct *work) if (err) dev_err(&auth->client->dev, "%s: send pkt failed: %d\n", __func__, err); + +err_free_pms: + kfree(pms); } int gip_auth_send_complete(struct gip_client *client)