[1/1,Bionic] s390/crypto: Fix return code checking in cbc_paes_crypt()

Message ID 20180926143746.5992-2-seth.forshee@canonical.com
State New
Headers show
Series
  • s390/crypto: Fix return code checking in cbc_paes_crypt()
Related show

Commit Message

Seth Forshee Sept. 26, 2018, 2:37 p.m.
From: Ingo Franzki <ifranzki@linux.ibm.com>

BugLink: http://bugs.launchpad.net/bugs/1794294

The return code of cpacf_kmc() is less than the number of
bytes to process in case of an error, not greater.
The crypt routines for the other cipher modes already have
this correctly.

Cc: stable@vger.kernel.org # v4.11+
Fixes: 279378430768 ("s390/crypt: Add protected key AES module")
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Acked-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
(cherry picked from commit b81126e01a8c6048249955feea46c8217ebefa91)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 arch/s390/crypto/paes_s390.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Colin King Sept. 26, 2018, 2:40 p.m. | #1
On 26/09/18 15:37, Seth Forshee wrote:
> From: Ingo Franzki <ifranzki@linux.ibm.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1794294
> 
> The return code of cpacf_kmc() is less than the number of
> bytes to process in case of an error, not greater.
> The crypt routines for the other cipher modes already have
> this correctly.
> 
> Cc: stable@vger.kernel.org # v4.11+
> Fixes: 279378430768 ("s390/crypt: Add protected key AES module")
> Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
> Acked-by: Harald Freudenberger <freude@linux.ibm.com>
> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
> (cherry picked from commit b81126e01a8c6048249955feea46c8217ebefa91)
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> ---
>  arch/s390/crypto/paes_s390.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
> index 80b27294c1de..ab9a0ebecc19 100644
> --- a/arch/s390/crypto/paes_s390.c
> +++ b/arch/s390/crypto/paes_s390.c
> @@ -208,7 +208,7 @@ static int cbc_paes_crypt(struct blkcipher_desc *desc, unsigned long modifier,
>  			      walk->dst.virt.addr, walk->src.virt.addr, n);
>  		if (k)
>  			ret = blkcipher_walk_done(desc, walk, nbytes - k);
> -		if (n < k) {
> +		if (k < n) {
>  			if (__cbc_paes_set_key(ctx) != 0)
>  				return blkcipher_walk_done(desc, walk, -EIO);
>  			memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
> 

Clean upstream cherry pick. Makes sense.

Acked-by: Colin Ian King <colin.king@canonical.com>
Stefan Bader Sept. 27, 2018, 4:34 p.m. | #2
On 26.09.2018 16:37, Seth Forshee wrote:
> From: Ingo Franzki <ifranzki@linux.ibm.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1794294
> 
> The return code of cpacf_kmc() is less than the number of
> bytes to process in case of an error, not greater.
> The crypt routines for the other cipher modes already have
> this correctly.
> 
> Cc: stable@vger.kernel.org # v4.11+
> Fixes: 279378430768 ("s390/crypt: Add protected key AES module")
> Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
> Acked-by: Harald Freudenberger <freude@linux.ibm.com>
> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
> (cherry picked from commit b81126e01a8c6048249955feea46c8217ebefa91)
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
> ---
>  arch/s390/crypto/paes_s390.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
> index 80b27294c1de..ab9a0ebecc19 100644
> --- a/arch/s390/crypto/paes_s390.c
> +++ b/arch/s390/crypto/paes_s390.c
> @@ -208,7 +208,7 @@ static int cbc_paes_crypt(struct blkcipher_desc *desc, unsigned long modifier,
>  			      walk->dst.virt.addr, walk->src.virt.addr, n);
>  		if (k)
>  			ret = blkcipher_walk_done(desc, walk, nbytes - k);
> -		if (n < k) {
> +		if (k < n) {
>  			if (__cbc_paes_set_key(ctx) != 0)
>  				return blkcipher_walk_done(desc, walk, -EIO);
>  			memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);
>

Patch

diff --git a/arch/s390/crypto/paes_s390.c b/arch/s390/crypto/paes_s390.c
index 80b27294c1de..ab9a0ebecc19 100644
--- a/arch/s390/crypto/paes_s390.c
+++ b/arch/s390/crypto/paes_s390.c
@@ -208,7 +208,7 @@  static int cbc_paes_crypt(struct blkcipher_desc *desc, unsigned long modifier,
 			      walk->dst.virt.addr, walk->src.virt.addr, n);
 		if (k)
 			ret = blkcipher_walk_done(desc, walk, nbytes - k);
-		if (n < k) {
+		if (k < n) {
 			if (__cbc_paes_set_key(ctx) != 0)
 				return blkcipher_walk_done(desc, walk, -EIO);
 			memcpy(param.key, ctx->pk.protkey, MAXPROTKEYSIZE);