Re: [PATCH v1 3/3] crypto: ccp - Protect against poorly marked end of sg list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 27, 2015 at 05:43:05PM +0800, Herbert Xu wrote:
> Tom Lendacky <thomas.lendacky@xxxxxxx> wrote:
> > Scatter gather lists can be created with more available entries than are
> > actually used (e.g. using sg_init_table() to reserve a specific number
> > of sg entries, but in actuality using something less than that based on
> > the data length).  The caller sometimes fails to mark the last entry
> > with sg_mark_end().  In these cases, sg_nents() will return the original
> > size of the sg list as opposed to the actual number of sg entries that
> > contain valid data.
> > 
> > On arm64, if the sg_nents() value is used in a call to dma_map_sg() in
> > this situation, then it causes a BUG_ON in lib/swiotlb.c because an
> > "empty" sg list entry results in dma_capable() returning false and
> > swiotlb trying to create a bounce buffer of size 0. This occurred in
> > the userspace crypto interface before being fixed by
> > 
> > 0f477b655a52 ("crypto: algif - Mark sgl end at the end of data")
> > 
> > Protect against this in the future by counting the number of sg entries
> > needed to meet the length requirement and supplying that value to
> > dma_map_sg().
> 
> Is this needed for any reason other than this bug that's already
> been fixed?

Could this be needed if you have a properly marked SG list say of
100 bytes but len is only 10 bytes?

Cheers,
-- 
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux