Skip to content

Commit 8ce0a3b

Browse files
philljjphilljj
authored
Merge pull request #8810 from douzzer/20250528-linuxkm-aes-kmemleaks
20250528-linuxkm-aes-kmemleaks
2 parents 5c82757 + 5c0a278 commit 8ce0a3b

1 file changed

Lines changed: 86 additions & 31 deletions

File tree

linuxkm/lkcapi_aes_glue.c

Lines changed: 86 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -557,7 +557,7 @@ static int km_AesCbcEncrypt(struct skcipher_request *req)
557557
struct skcipher_walk walk;
558558
unsigned int nbytes = 0;
559559
int err;
560-
Aes *aes_copy;
560+
Aes *aes_copy = NULL;
561561

562562
tfm = crypto_skcipher_reqtfm(req);
563563
ctx = crypto_skcipher_ctx(tfm);
@@ -569,7 +569,7 @@ static int km_AesCbcEncrypt(struct skcipher_request *req)
569569

570570
err = km_AesGet(ctx, 0 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
571571
if (unlikely(err)) {
572-
return err;
572+
goto out;
573573
}
574574

575575
err = wc_AesSetIV(aes_copy, walk.iv);
@@ -601,6 +601,9 @@ static int km_AesCbcEncrypt(struct skcipher_request *req)
601601

602602
out:
603603

604+
if (err && walk.nbytes)
605+
(void)skcipher_walk_done(&walk, err);
606+
604607
km_AesFree(&aes_copy);
605608

606609
#ifdef WOLFKM_DEBUG_AES
@@ -618,7 +621,7 @@ static int km_AesCbcDecrypt(struct skcipher_request *req)
618621
struct skcipher_walk walk;
619622
unsigned int nbytes = 0;
620623
int err;
621-
Aes *aes_copy;
624+
Aes *aes_copy = NULL;
622625

623626
tfm = crypto_skcipher_reqtfm(req);
624627
ctx = crypto_skcipher_ctx(tfm);
@@ -631,7 +634,7 @@ static int km_AesCbcDecrypt(struct skcipher_request *req)
631634

632635
err = km_AesGet(ctx, 1 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
633636
if (unlikely(err)) {
634-
return err;
637+
goto out;
635638
}
636639

637640
err = wc_AesSetIV(aes_copy, walk.iv);
@@ -664,6 +667,9 @@ static int km_AesCbcDecrypt(struct skcipher_request *req)
664667

665668
out:
666669

670+
if (err && walk.nbytes)
671+
(void)skcipher_walk_done(&walk, err);
672+
667673
km_AesFree(&aes_copy);
668674

669675
#ifdef WOLFKM_DEBUG_AES
@@ -715,7 +721,7 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
715721
struct km_AesCtx * ctx = NULL;
716722
struct skcipher_walk walk;
717723
int err;
718-
Aes *aes_copy;
724+
Aes *aes_copy = NULL;
719725

720726
tfm = crypto_skcipher_reqtfm(req);
721727
ctx = crypto_skcipher_ctx(tfm);
@@ -730,7 +736,7 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
730736

731737
err = km_AesGet(ctx, 0 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
732738
if (unlikely(err)) {
733-
return err;
739+
goto out;
734740
}
735741

736742
err = wc_AesSetIV(aes_copy, walk.iv);
@@ -758,7 +764,7 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
758764
if (unlikely(err)) {
759765
pr_err("%s: skcipher_walk_done failed: %d\n",
760766
crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err);
761-
return err;
767+
goto out;
762768
}
763769
}
764770

@@ -767,6 +773,9 @@ static int km_AesCfbEncrypt(struct skcipher_request *req)
767773

768774
out:
769775

776+
if (err && walk.nbytes)
777+
(void)skcipher_walk_done(&walk, err);
778+
770779
km_AesFree(&aes_copy);
771780

772781
#ifdef WOLFKM_DEBUG_AES
@@ -783,7 +792,7 @@ static int km_AesCfbDecrypt(struct skcipher_request *req)
783792
struct km_AesCtx * ctx = NULL;
784793
struct skcipher_walk walk;
785794
int err;
786-
Aes *aes_copy;
795+
Aes *aes_copy = NULL;
787796

788797
tfm = crypto_skcipher_reqtfm(req);
789798
ctx = crypto_skcipher_ctx(tfm);
@@ -798,7 +807,7 @@ static int km_AesCfbDecrypt(struct skcipher_request *req)
798807

799808
err = km_AesGet(ctx, 1 /* decrypt_p */, 1 /* copy_p */, &aes_copy);
800809
if (unlikely(err)) {
801-
return err;
810+
goto out;
802811
}
803812

804813
err = wc_AesSetIV(aes_copy, walk.iv);
@@ -836,6 +845,9 @@ static int km_AesCfbDecrypt(struct skcipher_request *req)
836845

837846
out:
838847

848+
if (err && walk.nbytes)
849+
(void)skcipher_walk_done(&walk, err);
850+
839851
km_AesFree(&aes_copy);
840852

841853
#ifdef WOLFKM_DEBUG_AES
@@ -1043,7 +1055,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
10431055
unsigned int assoclen = req->assoclen;
10441056
u8 * assoc = NULL;
10451057
u8 * assocmem = NULL;
1046-
Aes *aes_copy;
1058+
Aes *aes_copy = NULL;
10471059

10481060
tfm = crypto_aead_reqtfm(req);
10491061
ctx = crypto_aead_ctx(tfm);
@@ -1069,15 +1081,17 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
10691081

10701082
err = km_AesGet(ctx, decrypt_p, 1 /* copy_p */, &aes_copy);
10711083
if (unlikely(err)) {
1072-
return err;
1084+
goto out;
10731085
}
10741086

10751087
#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
10761088
if (rfc4106_p) {
10771089
byte rfc4106_iv[12];
10781090

1079-
if (unlikely(assoclen != 16 && assoclen != 20))
1080-
return -EINVAL;
1091+
if (unlikely(assoclen != 16 && assoclen != 20)) {
1092+
err = -EINVAL;
1093+
goto out;
1094+
}
10811095
assoclen -= 8;
10821096

10831097
memcpy(rfc4106_iv, ctx->rfc4106_nonce, 4);
@@ -1112,6 +1126,9 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
11121126
pr_err("%s: scatterwalk_map failed: %ld\n",
11131127
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
11141128
PTR_ERR(assoc));
1129+
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0)
1130+
scatterwalk_unmap(&assocSgWalk);
1131+
#endif
11151132
goto out;
11161133
}
11171134
}
@@ -1225,6 +1242,9 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
12251242

12261243
out:
12271244

1245+
if (err && walk.nbytes)
1246+
(void)skcipher_walk_done(&walk, err);
1247+
12281248
km_AesFree(&aes_copy);
12291249

12301250
#ifdef WOLFKM_DEBUG_AES
@@ -1250,7 +1270,7 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
12501270
unsigned int assoclen = req->assoclen;
12511271
u8 * assoc = NULL;
12521272
u8 * sg_buf = NULL;
1253-
Aes *aes_copy;
1273+
Aes *aes_copy = NULL;
12541274
u8 * in_text = NULL;
12551275
u8 * out_text = NULL;
12561276
#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
@@ -1281,13 +1301,15 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
12811301

12821302
err = km_AesGet(ctx, decrypt_p, 1 /* copy_p */, &aes_copy);
12831303
if (unlikely(err)) {
1284-
return err;
1304+
goto out;
12851305
}
12861306

12871307
#ifdef LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106
12881308
if (rfc4106_p) {
1289-
if (unlikely(assoclen != 16 && assoclen != 20))
1290-
return -EINVAL;
1309+
if (unlikely(assoclen != 16 && assoclen != 20)) {
1310+
err = -EINVAL;
1311+
goto out;
1312+
}
12911313
assoclen -= 8;
12921314

12931315
memcpy(rfc4106_iv, ctx->rfc4106_nonce, 4);
@@ -1311,7 +1333,9 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
13111333
pr_err("%s: scatterwalk_map failed: %ld\n",
13121334
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
13131335
PTR_ERR(assoc));
1336+
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 15, 0)
13141337
in_map = NULL;
1338+
#endif
13151339
goto out;
13161340
}
13171341
assoc = in_map;
@@ -1328,7 +1352,9 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
13281352
pr_err("%s: scatterwalk_map failed: %ld\n",
13291353
crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)),
13301354
PTR_ERR(assoc));
1355+
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 15, 0)
13311356
out_map = NULL;
1357+
#endif
13321358
goto out;
13331359
}
13341360
out_text = out_map + req->assoclen;
@@ -1406,6 +1432,9 @@ static int AesGcmCrypt_1(struct aead_request *req, int decrypt_p, int rfc4106_p)
14061432

14071433
out:
14081434

1435+
if (sk_walk.nbytes)
1436+
(void)skcipher_walk_done(&sk_walk, -EINVAL); /* force summary cleanup */
1437+
14091438
if (sg_buf) {
14101439
free(sg_buf);
14111440
}
@@ -1902,7 +1931,7 @@ static int km_AesCtrEncrypt(struct skcipher_request *req)
19021931
struct km_AesCtx * ctx = NULL;
19031932
struct skcipher_walk walk;
19041933
int err;
1905-
Aes *aes_copy;
1934+
Aes *aes_copy = NULL;
19061935

19071936
tfm = crypto_skcipher_reqtfm(req);
19081937
ctx = crypto_skcipher_ctx(tfm);
@@ -1917,8 +1946,10 @@ static int km_AesCtrEncrypt(struct skcipher_request *req)
19171946

19181947
/* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
19191948
aes_copy = (struct Aes *)malloc(sizeof(Aes));
1920-
if (aes_copy == NULL)
1921-
return -ENOMEM;
1949+
if (aes_copy == NULL) {
1950+
err = -ENOMEM;
1951+
goto out;
1952+
}
19221953
XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes));
19231954

19241955
err = wc_AesSetIV(aes_copy, walk.iv);
@@ -1955,6 +1986,9 @@ static int km_AesCtrEncrypt(struct skcipher_request *req)
19551986

19561987
out:
19571988

1989+
if (err && walk.nbytes)
1990+
(void)skcipher_walk_done(&walk, err);
1991+
19581992
km_AesFree(&aes_copy);
19591993

19601994
#ifdef WOLFKM_DEBUG_AES
@@ -1971,7 +2005,7 @@ static int km_AesCtrDecrypt(struct skcipher_request *req)
19712005
struct km_AesCtx * ctx = NULL;
19722006
struct skcipher_walk walk;
19732007
int err;
1974-
Aes *aes_copy;
2008+
Aes *aes_copy = NULL;
19752009

19762010
tfm = crypto_skcipher_reqtfm(req);
19772011
ctx = crypto_skcipher_ctx(tfm);
@@ -1986,8 +2020,10 @@ static int km_AesCtrDecrypt(struct skcipher_request *req)
19862020

19872021
/* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
19882022
aes_copy = (struct Aes *)malloc(sizeof(Aes));
1989-
if (aes_copy == NULL)
1990-
return -ENOMEM;
2023+
if (aes_copy == NULL) {
2024+
err = -ENOMEM;
2025+
goto out;
2026+
}
19912027
XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes)); /* CTR uses the same
19922028
* schedule for encrypt
19932029
* and decrypt.
@@ -2029,6 +2065,9 @@ static int km_AesCtrDecrypt(struct skcipher_request *req)
20292065

20302066
out:
20312067

2068+
if (err && walk.nbytes)
2069+
(void)skcipher_walk_done(&walk, err);
2070+
20322071
km_AesFree(&aes_copy);
20332072

20342073
#ifdef WOLFKM_DEBUG_AES
@@ -2080,7 +2119,7 @@ static int km_AesOfbEncrypt(struct skcipher_request *req)
20802119
struct km_AesCtx * ctx = NULL;
20812120
struct skcipher_walk walk;
20822121
int err;
2083-
Aes *aes_copy;
2122+
Aes *aes_copy = NULL;
20842123

20852124
tfm = crypto_skcipher_reqtfm(req);
20862125
ctx = crypto_skcipher_ctx(tfm);
@@ -2095,8 +2134,10 @@ static int km_AesOfbEncrypt(struct skcipher_request *req)
20952134

20962135
/* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
20972136
aes_copy = (struct Aes *)malloc(sizeof(Aes));
2098-
if (aes_copy == NULL)
2099-
return -ENOMEM;
2137+
if (aes_copy == NULL) {
2138+
err = -ENOMEM;
2139+
goto out;
2140+
}
21002141
XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes));
21012142

21022143
err = wc_AesSetIV(aes_copy, walk.iv);
@@ -2133,6 +2174,9 @@ static int km_AesOfbEncrypt(struct skcipher_request *req)
21332174

21342175
out:
21352176

2177+
if (err && walk.nbytes)
2178+
(void)skcipher_walk_done(&walk, err);
2179+
21362180
km_AesFree(&aes_copy);
21372181

21382182
#ifdef WOLFKM_DEBUG_AES
@@ -2149,7 +2193,7 @@ static int km_AesOfbDecrypt(struct skcipher_request *req)
21492193
struct km_AesCtx * ctx = NULL;
21502194
struct skcipher_walk walk;
21512195
int err;
2152-
Aes *aes_copy;
2196+
Aes *aes_copy = NULL;
21532197

21542198
tfm = crypto_skcipher_reqtfm(req);
21552199
ctx = crypto_skcipher_ctx(tfm);
@@ -2164,8 +2208,10 @@ static int km_AesOfbDecrypt(struct skcipher_request *req)
21642208

21652209
/* Copy the cipher state to mitigate races on Aes.reg and Aes.tmp. */
21662210
aes_copy = (struct Aes *)malloc(sizeof(Aes));
2167-
if (aes_copy == NULL)
2168-
return -ENOMEM;
2211+
if (aes_copy == NULL) {
2212+
err = -ENOMEM;
2213+
goto out;
2214+
}
21692215
XMEMCPY(aes_copy, ctx->aes_encrypt, sizeof(Aes)); /* OFB uses the same
21702216
* schedule for encrypt
21712217
* and decrypt.
@@ -2206,6 +2252,9 @@ static int km_AesOfbDecrypt(struct skcipher_request *req)
22062252

22072253
out:
22082254

2255+
if (err && walk.nbytes)
2256+
(void)skcipher_walk_done(&walk, err);
2257+
22092258
km_AesFree(&aes_copy);
22102259

22112260
#ifdef WOLFKM_DEBUG_AES
@@ -2271,7 +2320,7 @@ static int km_AesEcbEncrypt(struct skcipher_request *req)
22712320

22722321
err = km_AesGet(ctx, 0 /* decrypt_p */, 0 /* copy_p */, &aes);
22732322
if (unlikely(err)) {
2274-
return err;
2323+
goto out;
22752324
}
22762325

22772326
while ((nbytes = walk.nbytes) != 0) {
@@ -2291,6 +2340,9 @@ static int km_AesEcbEncrypt(struct skcipher_request *req)
22912340

22922341
out:
22932342

2343+
if (err && walk.nbytes)
2344+
(void)skcipher_walk_done(&walk, err);
2345+
22942346
#ifdef WOLFKM_DEBUG_AES
22952347
pr_info("info: exiting km_AesEcbEncrypt: err %d, cryptlen %d\n", err,
22962348
req->cryptlen);
@@ -2319,7 +2371,7 @@ static int km_AesEcbDecrypt(struct skcipher_request *req)
23192371

23202372
err = km_AesGet(ctx, 1 /* decrypt_p */, 0 /* copy_p */, &aes);
23212373
if (unlikely(err)) {
2322-
return err;
2374+
goto out;
23232375
}
23242376

23252377
while ((nbytes = walk.nbytes) != 0) {
@@ -2339,6 +2391,9 @@ static int km_AesEcbDecrypt(struct skcipher_request *req)
23392391

23402392
out:
23412393

2394+
if (err && walk.nbytes)
2395+
(void)skcipher_walk_done(&walk, err);
2396+
23422397
#ifdef WOLFKM_DEBUG_AES
23432398
pr_info("info: exiting km_AesEcbDecrypt: err %d, cryptlen %d\n", err,
23442399
req->cryptlen);

0 commit comments

Comments
 (0)