From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [patch 13/16] CRYPTO: api: Fix scatterwalk_sg_chain
Date: Thu, 8 May 2008 10:42:26 -0700 [thread overview]
Message-ID: <20080508174226.GN855@suse.de> (raw)
In-Reply-To: <20080508174122.GA855@suse.de>
[-- Attachment #1: crypto-api-fix-scatterwalk_sg_chain.patch --]
[-- Type: text/plain, Size: 1496 bytes --]
2.6.25-stable review patch. If anyone has any objections, please let us
know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
[CRYPTO] api: Fix scatterwalk_sg_chain
[ Upstream commit: 8ec970d8561abb5645d4602433b772e268c96d05 ]
When I backed out of using the generic sg chaining (as it isn't currently
portable) and introduced scatterwalk_sg_chain/scatterwalk_sg_next I left
out the sg_is_last check in the latter. This causes it to potentially
dereference beyond the end of the sg array.
As most uses of scatterwalk_sg_next are bound by an overall length, this
only affected the chaining code in authenc and eseqiv. Thanks to Patrick
McHardy for identifying this problem.
This patch also clears the "last" bit on the head of the chained list as
it's no longer last. This also went missing in scatterwalk_sg_chain and
is present in sg_chain.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
include/crypto/scatterwalk.h | 4 ++++
1 file changed, 4 insertions(+)
--- a/include/crypto/scatterwalk.h
+++ b/include/crypto/scatterwalk.h
@@ -57,10 +57,14 @@ static inline void scatterwalk_sg_chain(
struct scatterlist *sg2)
{
sg_set_page(&sg1[num - 1], (void *)sg2, 0, 0);
+ sg1[num - 1].page_link &= ~0x02;
}
static inline struct scatterlist *scatterwalk_sg_next(struct scatterlist *sg)
{
+ if (sg_is_last(sg))
+ return NULL;
+
return (++sg)->length ? sg : (void *)sg_page(sg);
}
--
next prev parent reply other threads:[~2008-05-08 17:49 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080508173436.454278564@mini.kroah.org>
2008-05-08 17:41 ` [patch 00/16] Linux 2.6.25 -stable review Greg KH
2008-05-08 17:41 ` [patch 01/16] 2.6.25 regression: powertop says 120K wakeups/sec Greg KH
2008-05-08 17:41 ` [patch 02/16] mm: fix usemap initialization Greg KH
2008-05-08 17:42 ` [patch 03/16] md: fix use after free when removing rdev via sysfs Greg KH
2008-05-08 17:42 ` [patch 04/16] vfs: fix permission checking in sys_utimensat Greg KH
2008-05-08 17:42 ` [patch 05/16] sched: fix hrtick_start_fair and CPU-Hotplug Greg KH
2008-05-08 17:42 ` [patch 06/16] reiserfs: Unpack tails on quota files Greg KH
2008-05-08 17:42 ` [patch 07/16] POWERPC: mpc5200: Fix unterminated of_device_id table Greg KH
2008-05-08 17:42 ` [patch 08/16] b43: Fix dual-PHY devices Greg KH
2008-05-08 19:38 ` John W. Linville
2008-05-08 17:42 ` [patch 09/16] kprobes/arm: fix cache flush address for instruction stub Greg KH
2008-05-08 17:42 ` [patch 10/16] kprobes/arm: fix decoding of arithmetic immediate instructions Greg KH
2008-05-08 17:42 ` [patch 11/16] b43: Fix some TX/RX locking issues Greg KH
2008-05-08 20:04 ` John W. Linville
2008-05-08 17:42 ` [patch 12/16] x86 PCI: call dmi_check_pciprobe() Greg KH
2008-05-08 17:42 ` Greg KH [this message]
2008-05-08 17:42 ` [patch 14/16] CRYPTO: cryptd: Correct kzalloc error test Greg KH
2008-05-08 17:42 ` [patch 15/16] CRYPTO: authenc: Fix async crypto crash in crypto_authenc_genicv() Greg KH
2008-05-08 17:42 ` [patch 16/16] CRYPTO: eseqiv: Fix off-by-one encryption Greg KH
2008-05-08 17:51 ` [patch 00/16] Linux 2.6.25 -stable review Willy Tarreau
2008-05-08 18:20 ` Greg KH
2008-05-08 18:25 ` Greg KH
2008-05-08 18:13 ` Willy Tarreau
2008-05-08 18:22 ` Greg KH
2008-05-08 18:33 ` Willy Tarreau
2008-05-08 19:16 ` Len Brown
2008-05-08 19:43 ` Greg KH
2008-05-09 0:51 ` Li Zefan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080508174226.GN855@suse.de \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox