> On Nov 8, 2018, at 6:33 PM, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > > On 8 November 2018 at 23:55, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: >> The simd wrapper's skcipher request context structure consists >> of a single subrequest whose size is taken from the subordinate >> skcipher. However, in simd_skcipher_init(), the reqsize that is >> retrieved is not from the subordinate skcipher but from the >> cryptd request structure, whose size is completely unrelated to >> the actual wrapped skcipher. >> >> Reported-by: Qian Cai <cai@xxxxxx> >> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> >> --- >> crypto/simd.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/crypto/simd.c b/crypto/simd.c >> index ea7240be3001..2f3d6e897afc 100644 >> --- a/crypto/simd.c >> +++ b/crypto/simd.c >> @@ -125,7 +125,7 @@ static int simd_skcipher_init(struct crypto_skcipher *tfm) >> ctx->cryptd_tfm = cryptd_tfm; >> >> reqsize = sizeof(struct skcipher_request); >> - reqsize += crypto_skcipher_reqsize(&cryptd_tfm->base); >> + reqsize += crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm)); >> > > This should be > > reqsize += max(crypto_skcipher_reqsize(&cryptd_tfm->base); > crypto_skcipher_reqsize(cryptd_skcipher_child(cryptd_tfm))); > > since the cryptd path in simd still needs some space in the subreq for > the completion. Tested-by: Qian Cai <cai@xxxxxx>
