On 05/20/2016 06:35 PM, Herbert Xu wrote: > On Fri, May 20, 2016 at 05:33:03PM -0500, Tom Lendacky wrote: >> The ccp-crypto module for AES XTS support has a bug that can allow requests >> greater than 4096 bytes in size to be passed to the CCP hardware. The CCP >> hardware does not support request sizes larger than 4096, resulting in >> incorrect output. The request should actually be handled by the fallback >> mechanism instantiated by the ccp-crypto module. >> >> Add a check to insure the request size is less than or equal to the maximum >> supported size and use the fallback mechanism if it is not. >> >> Cc: <stable@xxxxxxxxxxxxxxx> # 3.14.x- >> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx> > > I'm OK with this patch but I think it doesn't always need to go into > the fallback. I made a test vector split as 4064 bytes + 48 bytes > and ccp handled it just fine. It appears that the bug is actually > in the handling of a single SG entry that's longer than a page, > presumably because sg_next is used unconditionally instead of > checking whether there is more in the current SG entry. I'll take a closer look at this. Something obviously isn't right but the code doesn't do anything related to PAGE size checks and works on the length specified in the SG entry. > > But I'll merge your fix as it fixes a real problem. Thanks Herbert. Tom > > Thanks, > -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html