The sg_nents_for_len() function could fail, this patch add a check for its return value. Signed-off-by: LABBE Corentin <clabbe.montjoie@xxxxxxxxx> --- drivers/crypto/marvell/cipher.c | 8 ++++++++ drivers/crypto/marvell/hash.c | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c index 3df2f4e..78cf6f9 100644 --- a/drivers/crypto/marvell/cipher.c +++ b/drivers/crypto/marvell/cipher.c @@ -400,7 +400,15 @@ static int mv_cesa_ablkcipher_req_init(struct ablkcipher_request *req, return -EINVAL; creq->src_nents = sg_nents_for_len(req->src, req->nbytes); + if (creq->src_nents < 0) { + dev_err(cesa_dev->dev, "Invalid number of src SG"); + return creq->src_nents; + } creq->dst_nents = sg_nents_for_len(req->dst, req->nbytes); + if (creq->dst_nents < 0) { + dev_err(cesa_dev->dev, "Invalid number of dst SG"); + return creq->dst_nents; + } mv_cesa_update_op_cfg(tmpl, CESA_SA_DESC_CFG_OP_CRYPT_ONLY, CESA_SA_DESC_CFG_OP_MSK); diff --git a/drivers/crypto/marvell/hash.c b/drivers/crypto/marvell/hash.c index e8d0d71..250c6e5 100644 --- a/drivers/crypto/marvell/hash.c +++ b/drivers/crypto/marvell/hash.c @@ -710,6 +710,10 @@ static int mv_cesa_ahash_req_init(struct ahash_request *req, bool *cached) creq->req.base.type = CESA_STD_REQ; creq->src_nents = sg_nents_for_len(req->src, req->nbytes); + if (creq->src_nents < 0) { + dev_err(cesa_dev->dev, "Invalid number of src SG"); + return creq->src_nents; + } ret = mv_cesa_ahash_cache_req(req, cached); if (ret) -- 2.4.10 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html