From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Patrick McHardy <kaber@trash.net>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [patch 15/16] CRYPTO: authenc: Fix async crypto crash in crypto_authenc_genicv()
Date: Thu, 8 May 2008 10:42:31 -0700 [thread overview]
Message-ID: <20080508174231.GP855@suse.de> (raw)
In-Reply-To: <20080508174122.GA855@suse.de>
[-- Attachment #1: crypto-authenc-fix-async-crypto-crash-in-crypto_authenc_genicv.patch --]
[-- Type: text/plain, Size: 2710 bytes --]
2.6.25-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Patrick McHardy <kaber@trash.net>
[CRYPTO] authenc: Fix async crypto crash in crypto_authenc_genicv()
[ Upstream commit: 161613293fd4b7d5ceb1faab788f47e688e07a67 ]
crypto_authenc_givencrypt_done uses req->data as struct aead_givcrypt_request,
while it really points to a struct aead_request, causing this crash:
BUG: unable to handle kernel paging request at 6b6b6b6b
IP: [<dc87517b>] :authenc:crypto_authenc_genicv+0x23/0x109
*pde = 00000000
Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC
Modules linked in: hifn_795x authenc esp4 aead xfrm4_mode_tunnel sha1_generic hmac crypto_hash]
Pid: 3074, comm: ping Not tainted (2.6.25 #4)
EIP: 0060:[<dc87517b>] EFLAGS: 00010296 CPU: 0
EIP is at crypto_authenc_genicv+0x23/0x109 [authenc]
EAX: daa04690 EBX: daa046e0 ECX: dab0a100 EDX: daa046b0
ESI: 6b6b6b6b EDI: dc872054 EBP: c033ff60 ESP: c033ff0c
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
Process ping (pid: 3074, ti=c033f000 task=db883a80 task.ti=dab6c000)
Stack: 00000000 daa046b0 c0215a3e daa04690 dab0a100 00000000 ffffffff db9fd7f0
dba208c0 dbbb1720 00000001 daa04720 00000001 c033ff54 c0119ca9 dc852a75
c033ff60 c033ff60 daa046e0 00000000 00000001 c033ff6c dc87527b 00000001
Call Trace:
[<c0215a3e>] ? dev_alloc_skb+0x14/0x29
[<c0119ca9>] ? printk+0x15/0x17
[<dc87527b>] ? crypto_authenc_givencrypt_done+0x1a/0x27 [authenc]
[<dc850cca>] ? hifn_process_ready+0x34a/0x352 [hifn_795x]
[<dc8353c7>] ? rhine_napipoll+0x3f2/0x3fd [via_rhine]
[<dc851a56>] ? hifn_check_for_completion+0x4d/0xa6 [hifn_795x]
[<dc851ab9>] ? hifn_tasklet_callback+0xa/0xc [hifn_795x]
[<c011d046>] ? tasklet_action+0x3f/0x66
[<c011d230>] ? __do_softirq+0x38/0x7a
[<c0105a5f>] ? do_softirq+0x3e/0x71
[<c011d17c>] ? irq_exit+0x2c/0x65
[<c010e0c0>] ? smp_apic_timer_interrupt+0x5f/0x6a
[<c01042e4>] ? apic_timer_interrupt+0x28/0x30
[<dc851640>] ? hifn_handle_req+0x44a/0x50d [hifn_795x]
...
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
crypto/authenc.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -217,9 +217,10 @@ static void crypto_authenc_givencrypt_do
int err)
{
if (!err) {
- struct aead_givcrypt_request *greq = req->data;
+ struct aead_request *areq = req->data;
+ struct skcipher_givcrypt_request *greq = aead_request_ctx(areq);
- err = crypto_authenc_genicv(&greq->areq, greq->giv, 0);
+ err = crypto_authenc_genicv(areq, greq->giv, 0);
}
aead_request_complete(req->data, err);
--
next prev parent reply other threads:[~2008-05-08 17:50 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080508173436.454278564@mini.kroah.org>
2008-05-08 17:41 ` [patch 00/16] Linux 2.6.25 -stable review Greg KH
2008-05-08 17:41 ` [patch 01/16] 2.6.25 regression: powertop says 120K wakeups/sec Greg KH
2008-05-08 17:41 ` [patch 02/16] mm: fix usemap initialization Greg KH
2008-05-08 17:42 ` [patch 03/16] md: fix use after free when removing rdev via sysfs Greg KH
2008-05-08 17:42 ` [patch 04/16] vfs: fix permission checking in sys_utimensat Greg KH
2008-05-08 17:42 ` [patch 05/16] sched: fix hrtick_start_fair and CPU-Hotplug Greg KH
2008-05-08 17:42 ` [patch 06/16] reiserfs: Unpack tails on quota files Greg KH
2008-05-08 17:42 ` [patch 07/16] POWERPC: mpc5200: Fix unterminated of_device_id table Greg KH
2008-05-08 17:42 ` [patch 08/16] b43: Fix dual-PHY devices Greg KH
2008-05-08 17:42 ` Greg KH
2008-05-08 19:38 ` John W. Linville
2008-05-08 17:42 ` [patch 09/16] kprobes/arm: fix cache flush address for instruction stub Greg KH
2008-05-08 17:42 ` [patch 10/16] kprobes/arm: fix decoding of arithmetic immediate instructions Greg KH
2008-05-08 17:42 ` [patch 11/16] b43: Fix some TX/RX locking issues Greg KH
2008-05-08 17:42 ` Greg KH
2008-05-08 20:04 ` John W. Linville
2008-05-08 17:42 ` [patch 12/16] x86 PCI: call dmi_check_pciprobe() Greg KH
2008-05-08 17:42 ` [patch 13/16] CRYPTO: api: Fix scatterwalk_sg_chain Greg KH
2008-05-08 17:42 ` [patch 14/16] CRYPTO: cryptd: Correct kzalloc error test Greg KH
2008-05-08 17:42 ` Greg KH [this message]
2008-05-08 17:42 ` [patch 16/16] CRYPTO: eseqiv: Fix off-by-one encryption Greg KH
2008-05-08 17:51 ` [patch 00/16] Linux 2.6.25 -stable review Willy Tarreau
2008-05-08 18:20 ` Greg KH
2008-05-08 18:25 ` Greg KH
2008-05-08 18:13 ` Willy Tarreau
2008-05-08 18:22 ` Greg KH
2008-05-08 18:33 ` Willy Tarreau
2008-05-08 19:16 ` Len Brown
2008-05-08 19:43 ` Greg KH
2008-05-09 0:51 ` Li Zefan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080508174231.GP855@suse.de \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jmforbes@linuxtx.org \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.