Re: [PATCH v3] crypto: algif_aead - skip SGL entries with NULL page

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 24. November 2017, 08:37:28 CET schrieb Herbert Xu:

Hi Herbert,

> On Fri, Nov 10, 2017 at 11:04:52AM +0100, Stephan Müller wrote:
> > Hi Herbert,
> > 
> > I missed the termination of the outer loop of list_for_each_entry_safe.
> > 
> > The patch was tested on x86 64 and 32 bit environments.
> > 
> > ---8<---
> > 
> > The TX SGL may contain SGL entries that are assigned a NULL page. This
> > may happen if a multi-stage AIO operation is performed where the data
> > for each stage is pointed to by one SGL entry. Upon completion of that
> > stage, af_alg_pull_tsgl will assign NULL to the SGL entry.
> > 
> > The NULL cipher used to copy the AAD from TX SGL to the destination
> > buffer, however, cannot handle the case where the SGL starts with an SGL
> > entry having a NULL page. Thus, the code needs to advance the start
> > pointer into the SGL to the first non-NULL entry.
> > 
> > This fixes a crash visible on Intel x86 32 bit using the libkcapi test
> > suite.
> > 
> > Fixes: 72548b093ee38 ("crypto: algif_aead - copy AAD from src to dst")
> > Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
> 
> Patch applied.  Thanks.

Would it make sense to feed it to stable?

Ciao
Stephan



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux