On Tue, Jul 4, 2023 at 5:56 PM David Howells <dhowells@xxxxxxxxxx> wrote: > af_alg_sendmsg() takes data-to-be-copied that's provided by write(), > send(), sendmsg() and similar into pages that it allocates and will merge > new data into the last page in the list, based on the value of ctx->merge. > > Now that af_alg_sendmsg() accepts MSG_SPLICE_PAGES, it adds spliced pages > directly into the list and then incorrectly appends data to them if there's > space left because ctx->merge says that it can. This was cleared by > af_alg_sendpage(), but that got lost. > > Fix this by skipping the merge if MSG_SPLICE_PAGES is specified and > clearing ctx->merge after MSG_SPLICE_PAGES has added stuff to the list. > > Fixes: bf63e250c4b1 ("crypto: af_alg: Support MSG_SPLICE_PAGES") > Reported-by: Ondrej Mosnáček <omosnacek@xxxxxxxxx> > Link: https://lore.kernel.org/r/CAAUqJDvFuvms55Td1c=XKv6epfRnnP78438nZQ-JKyuCptGBiQ@xxxxxxxxxxxxxx/ > Signed-off-by: David Howells <dhowells@xxxxxxxxxx> > cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > cc: Paolo Abeni <pabeni@xxxxxxxxxx> > cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > cc: Eric Dumazet <edumazet@xxxxxxxxxx> > cc: Jakub Kicinski <kuba@xxxxxxxxxx> > cc: linux-crypto@xxxxxxxxxxxxxxx > cc: netdev@xxxxxxxxxxxxxxx > --- > crypto/af_alg.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) Thanks for the fix! I can confirm that it fixes the reported issue. There remains some kernel panic on s390x that I hadn't noticed in the results earlier, but that's probably a different issue. I'll investigate and send a report/patch when I have more information.