Re: [PATCH v5 2/2] crypto: ti: Add driver for DTHE V2 AES Engine (ECB, CBC)

From: Herbert Xu
Date: Wed Jun 11 2025 - 05:54:05 EST

Next message: Sebastian Andrzej Siewior: "[PATCH v3] sched: Remove a preempt-disable section in rt_mutex_setprio()"
Previous message: Frank Wunderlich: "Aw: Re: [PATCH v3 06/13] arm64: dts: mediatek: mt7988: add basic ethernet-nodes"
In reply to: Herbert Xu: "Re: [PATCH v5 2/2] crypto: ti: Add driver for DTHE V2 AES Engine (ECB, CBC)"
Next in thread: T Pratham: "Re: [PATCH v5 2/2] crypto: ti: Add driver for DTHE V2 AES Engine (ECB, CBC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 03, 2025 at 06:07:29PM +0530, T Pratham wrote:
>
> + // Need to do a timeout to ensure finalise gets called if DMA callback fails for any reason
> + ret = wait_for_completion_timeout(&rctx->aes_compl, msecs_to_jiffies(DTHE_DMA_TIMEOUT_MS));

This doesn't look safe. What if the callback is invoked after a
timeout? That would be a UAF.

Does the DMA engine provide any timeout mechanism? If not, then
you could do it with a delayed work struct. Just make sure that
you cancel the work struct in the normal path callback. Vice versa
you need to terminate the DMA job in the timeout work struct.

Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Next message: Sebastian Andrzej Siewior: "[PATCH v3] sched: Remove a preempt-disable section in rt_mutex_setprio()"
Previous message: Frank Wunderlich: "Aw: Re: [PATCH v3 06/13] arm64: dts: mediatek: mt7988: add basic ethernet-nodes"
In reply to: Herbert Xu: "Re: [PATCH v5 2/2] crypto: ti: Add driver for DTHE V2 AES Engine (ECB, CBC)"
Next in thread: T Pratham: "Re: [PATCH v5 2/2] crypto: ti: Add driver for DTHE V2 AES Engine (ECB, CBC)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]