Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2589843imm; Thu, 16 Aug 2018 12:02:04 -0700 (PDT) X-Google-Smtp-Source: AA+uWPxEup3ZvdD1VvJRXp8VkJ9onLL1sY3jBLfeLNJ3uTMgXUUQQmmMMhPnx9wCPDObaqgWqSXG X-Received: by 2002:a17:902:561:: with SMTP id 88-v6mr29888699plf.320.1534446124913; Thu, 16 Aug 2018 12:02:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534446124; cv=none; d=google.com; s=arc-20160816; b=Cd70Me7z1QwwdPd3B/itcWdjgLeHjiQManc+UI9wHOpCQLzosApUbq6u4+1Jjfwoq2 dU31+JoU+yNhNDczmBQnviLLZ7P18Eurp1DeK9GlpwI1E12aXyOEKFgBLovjoQkAAjtu 6fPYo26THr8kzkjZVIShsep9jRMt3mFXfRYYz2EImLsFwOmfnxFNy+D5ZERU/UOAd5iT DPH3LUUCnz07jFkbKPuadqFPlKJ2XDujZAkwFygIo5+dSZntelNihVltdoUUXEsiP5M1 ITnzUKmuamry1FXcLiqF9APcck/9Dbe+hw0Ys73E34QdtgK2p6Akq7htXJe+bjWGAvV1 ZaHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=PftlkDA2lLW1PdvjsOXKACHMzl5YOhX6bgrk9FrVSZs=; b=cnAAbI9oBGG5mxJzwufmc7FmrERmsw43hwGQlXwHLi0DmOfcLLQ8pURoib5o9KWVzQ RlvKgV7N+NvvOM6IFjslmxX9ozKOW0F8R7+EpykzfC+3+3vzoM7swO2ENzq/Rh9CUh9+ FdZGlblKTurQIp1VDOG1pJku0vsLhiC+gl+uDIcBhRhJJaw1LLdB6P+AjeMPiO3hIH38 XepYew2Pl4Jj32fPfPk4RfPU8oE+QKZv29n9TqDeovg9fW5uiE+h8l5IhhnUysT0eYnE J1ulvj6F/gia5FlEq1PG66JvbIiQOiQcmQDako4+3gpoIe233H37JVHSR9M/nRtF+uQ/ QftQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a1-v6si50182pgq.387.2018.08.16.12.01.48; Thu, 16 Aug 2018 12:02:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728397AbeHPVma (ORCPT + 99 others); Thu, 16 Aug 2018 17:42:30 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:56060 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728344AbeHPVm3 (ORCPT ); Thu, 16 Aug 2018 17:42:29 -0400 Received: from localhost (unknown [194.244.16.108]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 7B9A3CC4; Thu, 16 Aug 2018 18:42:20 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Liu Chao , Eric Biggers , Herbert Xu Subject: [PATCH 3.18 14/15] crypto: ablkcipher - fix crash flushing dcache in error path Date: Thu, 16 Aug 2018 20:41:51 +0200 Message-Id: <20180816171634.099522281@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180816171633.546734046@linuxfoundation.org> References: <20180816171633.546734046@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Eric Biggers commit 318abdfbe708aaaa652c79fb500e9bd60521f9dc upstream. Like the skcipher_walk and blkcipher_walk cases: scatterwalk_done() is only meant to be called after a nonzero number of bytes have been processed, since scatterwalk_pagedone() will flush the dcache of the *previous* page. But in the error case of ablkcipher_walk_done(), e.g. if the input wasn't an integer number of blocks, scatterwalk_done() was actually called after advancing 0 bytes. This caused a crash ("BUG: unable to handle kernel paging request") during '!PageSlab(page)' on architectures like arm and arm64 that define ARCH_IMPLEMENTS_FLUSH_DCACHE_PAGE, provided that the input was page-aligned as in that case walk->offset == 0. Fix it by reorganizing ablkcipher_walk_done() to skip the scatterwalk_advance() and scatterwalk_done() if an error has occurred. Reported-by: Liu Chao Fixes: bf06099db18a ("crypto: skcipher - Add ablkcipher_walk interfaces") Cc: # v2.6.35+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/ablkcipher.c | 57 +++++++++++++++++++++++----------------------------- 1 file changed, 26 insertions(+), 31 deletions(-) --- a/crypto/ablkcipher.c +++ b/crypto/ablkcipher.c @@ -72,11 +72,9 @@ static inline u8 *ablkcipher_get_spot(u8 return max(start, end_page); } -static inline unsigned int ablkcipher_done_slow(struct ablkcipher_walk *walk, - unsigned int bsize) +static inline void ablkcipher_done_slow(struct ablkcipher_walk *walk, + unsigned int n) { - unsigned int n = bsize; - for (;;) { unsigned int len_this_page = scatterwalk_pagelen(&walk->out); @@ -88,17 +86,13 @@ static inline unsigned int ablkcipher_do n -= len_this_page; scatterwalk_start(&walk->out, scatterwalk_sg_next(walk->out.sg)); } - - return bsize; } -static inline unsigned int ablkcipher_done_fast(struct ablkcipher_walk *walk, - unsigned int n) +static inline void ablkcipher_done_fast(struct ablkcipher_walk *walk, + unsigned int n) { scatterwalk_advance(&walk->in, n); scatterwalk_advance(&walk->out, n); - - return n; } static int ablkcipher_walk_next(struct ablkcipher_request *req, @@ -108,39 +102,40 @@ int ablkcipher_walk_done(struct ablkciph struct ablkcipher_walk *walk, int err) { struct crypto_tfm *tfm = req->base.tfm; - unsigned int nbytes = 0; + unsigned int n; /* bytes processed */ + bool more; - if (likely(err >= 0)) { - unsigned int n = walk->nbytes - err; + if (unlikely(err < 0)) + goto finish; - if (likely(!(walk->flags & ABLKCIPHER_WALK_SLOW))) - n = ablkcipher_done_fast(walk, n); - else if (WARN_ON(err)) { + n = walk->nbytes - err; + walk->total -= n; + more = (walk->total != 0); + + if (likely(!(walk->flags & ABLKCIPHER_WALK_SLOW))) { + ablkcipher_done_fast(walk, n); + } else { + if (WARN_ON(err)) { + /* unexpected case; didn't process all bytes */ err = -EINVAL; - goto err; - } else - n = ablkcipher_done_slow(walk, n); - - nbytes = walk->total - n; - err = 0; + goto finish; + } + ablkcipher_done_slow(walk, n); } - scatterwalk_done(&walk->in, 0, nbytes); - scatterwalk_done(&walk->out, 1, nbytes); + scatterwalk_done(&walk->in, 0, more); + scatterwalk_done(&walk->out, 1, more); -err: - walk->total = nbytes; - walk->nbytes = nbytes; - - if (nbytes) { + if (more) { crypto_yield(req->base.flags); return ablkcipher_walk_next(req, walk); } - + err = 0; +finish: + walk->nbytes = 0; if (walk->iv != req->info) memcpy(req->info, walk->iv, tfm->crt_ablkcipher.ivsize); kfree(walk->iv_buffer); - return err; } EXPORT_SYMBOL_GPL(ablkcipher_walk_done);