Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp2096587ybd;
        Mon, 24 Jun 2019 00:21:15 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxyC6vXBmFjFphQkI0PpW3ncwYviAw+4hW3dBrB4AGghNj9UEErme7iQ3iP/UPgOWfmZzBx
X-Received: by 2002:a65:6089:: with SMTP id t9mr30927518pgu.170.1561360875134;
        Mon, 24 Jun 2019 00:21:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561360875; cv=none;
        d=google.com; s=arc-20160816;
        b=si93QR5fPMFAJSc1PzL0oF1DdzzLlcXQ4nvzy6Vr1Jm/uxPsMXysI39WtwnnJrHhD/
         Li7Qha5uoD3C8a7v5/dG0Wx505u0ko+BN5vDKRiiLmnxB6s9dBg1XKfpFJPu6kQeaeGb
         BPJiyogUFXoTZheDMJW/GZFRyLq7QL2tm4VX/N16alsU9V5oGHw6lL4AtJajKULCFoCn
         z4E4PTLB4Bi0yhLud0HODbVp+c2ab293kqRUnONjxbkzvoJ5kyaBlmffq+SwQDf4h2J8
         JE/MTw5yDqk2VqCkZW2xRghLA4vczFE8gvVwAge2u6HYhaYkkKd4VwUhGOqhvJRKhmx2
         6TXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:cc:to:subject:from:references
         :in-reply-to:message-id:dkim-signature;
        bh=qtRDjQOmzU0jcEi1abEzapHHsVFqfQHgt0aZqDG8tp8=;
        b=Mv67Zxb0PhYe8X6cCtDQKS7zyIPPWKIgn3meUn2gl7vb9BbnMXp63jdU0DgoFM+K7H
         8SAYnc4DYTzJ1/wz9s+1YBE+quS0LpmCPu3/HwWYuD7LxvL7t9RSCH5QnoCYV6zzDFl1
         16HFsmX0szQQ0c4hXtiQi6eQK0m/8+M//bu2BL1Tlne2l9AlY4JoJ/RpSLJxmrKlZHRL
         Lo5istexbI8V4wAcAX07aWKux3ilCt0tktA6mGbEr7SnnSeVE7jYOUHUle3oxM3L3KNN
         LnFEH0RW0dZNR8kbhAF4l2qT9/mY1nWF4d/SftwE5lCGbKmhZdjIojs0MYVJqtiTrnMz
         NGag==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b=DJ7VtSfE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id l193si5046558pge.406.2019.06.24.00.20.59;
        Mon, 24 Jun 2019 00:21:15 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b=DJ7VtSfE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727711AbfFXHUT (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Mon, 24 Jun 2019 03:20:19 -0400
Received: from pegase1.c-s.fr ([93.17.236.30]:64013 "EHLO pegase1.c-s.fr"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726909AbfFXHUQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Jun 2019 03:20:16 -0400
Received: from localhost (mailhub1-int [192.168.12.234])
        by localhost (Postfix) with ESMTP id 45XLKQ1dzlz9vBmm;
        Mon, 24 Jun 2019 09:20:10 +0200 (CEST)
Authentication-Results: localhost; dkim=pass
        reason="1024-bit key; insecure key"
        header.d=c-s.fr header.i=@c-s.fr header.b=DJ7VtSfE; dkim-adsp=pass;
        dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at c-s.fr
Received: from pegase1.c-s.fr ([192.168.12.234])
        by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024)
        with ESMTP id EVGMQM8g4W45; Mon, 24 Jun 2019 09:20:10 +0200 (CEST)
Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192])
        by pegase1.c-s.fr (Postfix) with ESMTP id 45XLKQ0cdBz9vBmR;
        Mon, 24 Jun 2019 09:20:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail;
        t=1561360810; bh=qtRDjQOmzU0jcEi1abEzapHHsVFqfQHgt0aZqDG8tp8=;
        h=In-Reply-To:References:From:Subject:To:Cc:Date:From;
        b=DJ7VtSfEndHazbdObGLIennmW//Bzzp8tAt34vhHuMOl+sPiynwkGgZzcCD1LEWuz
         JwVSzq6TFKybaFKNrYmhojmmxGaucIpAFYL7xQ4IlWcxdVjYv2V7Z9zS6WMU4J7WBX
         uhb5ECl6I1ciWOzRGZTHr1a+dtViu5BNrRar8cWE=
Received: from localhost (localhost [127.0.0.1])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id A4AE68B787;
        Mon, 24 Jun 2019 09:20:14 +0200 (CEST)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
        by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
        with ESMTP id fI-BdEW2J8X1; Mon, 24 Jun 2019 09:20:14 +0200 (CEST)
Received: from po16838vm.idsi0.si.c-s.fr (po15451.idsi0.si.c-s.fr [172.25.230.101])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 832AD8B74C;
        Mon, 24 Jun 2019 09:20:14 +0200 (CEST)
Received: by po16838vm.idsi0.si.c-s.fr (Postfix, from userid 0)
        id 86A6A67424; Mon, 24 Jun 2019 07:20:14 +0000 (UTC)
Message-Id: <5271b86a5b6bea0bec068c01e1124fb0a3cfa750.1561360551.git.christophe.leroy@c-s.fr>
In-Reply-To: <cover.1561360551.git.christophe.leroy@c-s.fr>
References: <cover.1561360551.git.christophe.leroy@c-s.fr>
From:   Christophe Leroy <christophe.leroy@c-s.fr>
Subject: [PATCH v5 1/4] lib/scatterlist: Fix mapping iterator when sg->offset
 is greater than PAGE_SIZE
To:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>, horia.geanta@nxp.com
Cc:     linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        linuxppc-dev@lists.ozlabs.org
Date:   Mon, 24 Jun 2019 07:20:14 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

All mapping iterator logic is based on the assumption that sg->offset
is always lower than PAGE_SIZE.

But there are situations where sg->offset is such that the SG item
is on the second page. In that case sg_copy_to_buffer() fails
properly copying the data into the buffer. One of the reason is
that the data will be outside the kmapped area used to access that
data.

This patch fixes the issue by adjusting the mapping iterator
offset and pgoffset fields such that offset is always lower than
PAGE_SIZE.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Fixes: 4225fc8555a9 ("lib/scatterlist: use page iterator in the mapping iterator")
Cc: stable@vger.kernel.org
---
 lib/scatterlist.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index 739dc9fe2c55..f0757a67affe 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -678,17 +678,18 @@ static bool sg_miter_get_next_page(struct sg_mapping_iter *miter)
 {
 	if (!miter->__remaining) {
 		struct scatterlist *sg;
-		unsigned long pgoffset;
 
 		if (!__sg_page_iter_next(&miter->piter))
 			return false;
 
 		sg = miter->piter.sg;
-		pgoffset = miter->piter.sg_pgoffset;
 
-		miter->__offset = pgoffset ? 0 : sg->offset;
+		miter->__offset = miter->piter.sg_pgoffset ? 0 : sg->offset;
+		miter->piter.sg_pgoffset += miter->__offset >> PAGE_SHIFT;
+		miter->__offset &= PAGE_SIZE - 1;
 		miter->__remaining = sg->offset + sg->length -
-				(pgoffset << PAGE_SHIFT) - miter->__offset;
+				     (miter->piter.sg_pgoffset << PAGE_SHIFT) -
+				     miter->__offset;
 		miter->__remaining = min_t(unsigned long, miter->__remaining,
 					   PAGE_SIZE - miter->__offset);
 	}
-- 
2.13.3