On Tue, Nov 20, 2018 at 07:09:53AM +0000, gongchen (E) wrote:
> Hi Dear Herbert,
>
> Sorry to bother you , but we’ve met a problem in crypto module, would you please kindly help us look into it ? Thank you very much.
>
> In the below function chain, scatterwalk_start() doesn't check the result of sg_next(), so the kernel will crash if sg_next() returns a null pointer, which is our case. (The full stack is at the end of letter)
> blkcipher_walk_done()->scatterwalk_done()->scatterwalk_pagedone()->scatterwalk_start(walk, sg_next(walk->sg));
>
> Should we add a null-pointer-check in scatterwalk_start()? Or is there any process can ensure that there should be a valid sg pointer if the condition (walk->offset >= walk->sg->offset + walk->sg->length) is true?
>
> We are really looking forward to your reply, any information will be appreciated , thanks again.
Did you apply the following patch?
commit 0868def3e4100591e7a1fdbf3eed1439cc8f7ca3
Author: Eric Biggers <ebiggers@xxxxxxxxxx>
Date: Mon Jul 23 10:54:57 2018 -0700
crypto: blkcipher - fix crash flushing dcache in error path
Cheers,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
