On Wed, Aug 30, 2017 at 06:59:07PM +0200, Stephan Müller wrote:
> The SGL is MAX_SGL_ENTS + 1 in size. The last SG entry is used for the
> chaining and is properly updated with the sg_chain invocation. During
> the filling-in of the initial SG entries, sg_mark_end is called for each
> SG entry. This is appropriate as long as no additional SGL is chained
> with the current SGL. However, when a new SGL is chained and the last
> SG entry is updated with sg_chain, the last but one entry still contains
> the end marker from the sg_mark_end. This end marker must be removed as
> otherwise a walk of the chained SGLs will cause a NULL pointer
> dereference at the last but one SG entry, because sg_next will return
> NULL.
>
> Fixes: 8ff590903d5fc ("crypto: algif_skcipher - User-space interface
> for skcipher operations")
> CC: <stable@xxxxxxxxxxxxxxx>
> CC: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
Hmm, this patch does not apply against the current tree. Is this
a stable-only patch?
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
