On Fri, 6 Sep 2019 at 18:19, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > On Fri, Sep 06, 2019 at 05:52:56PM -0700, Ard Biesheuvel wrote: > > > > With this change, we still copy out the output in the > > SKCIPHER_WALK_COPY or SKCIPHER_WALK_SLOW cases. I'd expect the failure > > case to only do the kunmap()s, but otherwise not make any changes that > > are visible to the caller. > > I don't think it matters. After all, for the fast/common path > whatever changes that have been made will be visible to the caller. > I don't see the point in making the slow-path different in this > respect. It also makes no sense to optimise specifically for the > uncommon error case on the slow-path. > The point is that doing skcipher_walk_virt(&walk, ...); skcipher_walk_done(&walk, -EFOO); may clobber your data if you are executing in place (unless I am missing something) If skcipher_walk_done() is called with an error, it should really just clean up after it self, but not copy back the unknown contents of temporary buffers.