From 2a6c7922fcfc28f5745c28aa94c0d454361971a1 Mon Sep 17 00:00:00 2001 From: Anoob Joseph Date: Mon, 10 May 2021 15:14:00 +0530 Subject: [PATCH] common/cpt: add checks for offset overflow Add checks to catch overflow of any offsets. Offset control word specifies, 1. 16 bits encryption offset 2. 8 bits IV offset 3. 8 bits auth offset Signed-off-by: Anoob Joseph Acked-by: Akhil Goyal --- drivers/common/cpt/cpt_ucode.h | 59 ++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h index ee6d49aae7..bb3a862fa0 100644 --- a/drivers/common/cpt/cpt_ucode.h +++ b/drivers/common/cpt/cpt_ucode.h @@ -1001,6 +1001,16 @@ cpt_enc_hmac_prep(uint32_t flags, req->ist.ei2 = rptr_dma; } + if (unlikely((encr_offset >> 16) || + (iv_offset >> 8) || + (auth_offset >> 8))) { + CPT_LOG_DP_ERR("Offset not supported"); + CPT_LOG_DP_ERR("enc_offset: %d", encr_offset); + CPT_LOG_DP_ERR("iv_offset : %d", iv_offset); + CPT_LOG_DP_ERR("auth_offset: %d", auth_offset); + return; + } + /* 16 byte aligned cpt res address */ req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr); *req->completion_addr = COMPLETION_CODE_INIT; @@ -1184,6 +1194,16 @@ cpt_dec_hmac_prep(uint32_t flags, dest[1] = src[1]; } + if (unlikely((encr_offset >> 16) || + (iv_offset >> 8) || + (auth_offset >> 8))) { + CPT_LOG_DP_ERR("Offset not supported"); + CPT_LOG_DP_ERR("enc_offset: %d", encr_offset); + CPT_LOG_DP_ERR("iv_offset : %d", iv_offset); + CPT_LOG_DP_ERR("auth_offset: %d", auth_offset); + return; + } + *(uint64_t *)offset_vaddr = rte_cpu_to_be_64(((uint64_t)encr_offset << 16) | ((uint64_t)iv_offset << 8) | @@ -1215,6 +1235,16 @@ cpt_dec_hmac_prep(uint32_t flags, dest[1] = src[1]; } + if (unlikely((encr_offset >> 16) || + (iv_offset >> 8) || + (auth_offset >> 8))) { + CPT_LOG_DP_ERR("Offset not supported"); + CPT_LOG_DP_ERR("enc_offset: %d", encr_offset); + CPT_LOG_DP_ERR("iv_offset : %d", iv_offset); + CPT_LOG_DP_ERR("auth_offset: %d", auth_offset); + return; + } + *(uint64_t *)offset_vaddr = rte_cpu_to_be_64(((uint64_t)encr_offset << 16) | ((uint64_t)iv_offset << 8) | @@ -1492,6 +1522,14 @@ cpt_zuc_snow3g_enc_prep(uint32_t req_flags, offset_ctrl = rte_cpu_to_be_64((uint64_t)encr_offset << 16); } + if (unlikely((encr_offset >> 16) || + (auth_offset >> 8))) { + CPT_LOG_DP_ERR("Offset not supported"); + CPT_LOG_DP_ERR("enc_offset: %d", encr_offset); + CPT_LOG_DP_ERR("auth_offset: %d", auth_offset); + return; + } + /* IV */ iv_s = (flags == 0x1) ? params->auth_iv_buf : params->iv_buf; @@ -1934,6 +1972,12 @@ cpt_zuc_snow3g_dec_prep(uint32_t req_flags, req->ist.ei2 = rptr_dma; } + if (unlikely((encr_offset >> 16))) { + CPT_LOG_DP_ERR("Offset not supported"); + CPT_LOG_DP_ERR("enc_offset: %d", encr_offset); + return; + } + /* 16 byte aligned cpt res address */ req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr); *req->completion_addr = COMPLETION_CODE_INIT; @@ -2068,11 +2112,21 @@ cpt_kasumi_enc_prep(uint32_t req_flags, outputlen = inputlen; /* iv offset is 0 */ *offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16); + if (unlikely((encr_offset >> 16))) { + CPT_LOG_DP_ERR("Offset not supported"); + CPT_LOG_DP_ERR("enc_offset: %d", encr_offset); + return; + } } else { inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8); outputlen = mac_len; /* iv offset is 0 */ *offset_vaddr = rte_cpu_to_be_64((uint64_t)auth_offset); + if (unlikely((auth_offset >> 8))) { + CPT_LOG_DP_ERR("Offset not supported"); + CPT_LOG_DP_ERR("auth_offset: %d", auth_offset); + return; + } } i = fill_sg_comp(gather_comp, i, offset_dma, OFF_CTRL_LEN + iv_len); @@ -2285,6 +2339,11 @@ cpt_kasumi_dec_prep(uint64_t d_offs, /* Offset control word followed by iv */ *offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16); + if (unlikely((encr_offset >> 16))) { + CPT_LOG_DP_ERR("Offset not supported"); + CPT_LOG_DP_ERR("enc_offset: %d", encr_offset); + return; + } i = fill_sg_comp(gather_comp, i, offset_dma, OFF_CTRL_LEN + iv_len); -- 2.20.1