review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Stephan Mueller <smueller@chronox.de>
	Fri, 10 Nov 2017 10:04:52 +0000 (11:04 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 5 Dec 2017 10:26:30 +0000 (11:26 +0100)
commit	721872a1997c4b8aae80ed2e6ef9dc05c53383f6
tree	3cf0c0b7785dc760cd7fcfde62e0bd4a252d46d7	tree \| snapshot
parent	b78da96d2882bea2ec7184dc1eba3e07e829364d	commit \| diff

crypto: algif_aead - skip SGL entries with NULL page

commit 8e1fa89aa8bc2870009b4486644e4a58f2e2a4f5 upstream.

The TX SGL may contain SGL entries that are assigned a NULL page. This
may happen if a multi-stage AIO operation is performed where the data
for each stage is pointed to by one SGL entry. Upon completion of that
stage, af_alg_pull_tsgl will assign NULL to the SGL entry.

The NULL cipher used to copy the AAD from TX SGL to the destination
buffer, however, cannot handle the case where the SGL starts with an SGL
entry having a NULL page. Thus, the code needs to advance the start
pointer into the SGL to the first non-NULL entry.

This fixes a crash visible on Intel x86 32 bit using the libkcapi test
suite.

Fixes: 72548b093ee38 ("crypto: algif_aead - copy AAD from src to dst")
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>