Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp2994052ybi; Mon, 17 Jun 2019 14:15:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqx6uKl2fWCHw6llUPwxTVMrdSv8tZsKu9A7UGI0bSAn7dGPRSzWVWnpy+uyi7wIHeK7PVRM X-Received: by 2002:a17:90a:35e5:: with SMTP id r92mr1154413pjb.34.1560806133356; Mon, 17 Jun 2019 14:15:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560806133; cv=none; d=google.com; s=arc-20160816; b=rtyb4wHkV1dDc5vYY7JNBgokeQYpakCU4ozEH9OiFK/I38HVgz4PrzdX2sju+b/OD4 GnEwnqdMrkTHx8Q2zoitPKSlFoV3yZ5mWHqTS245VtysG4lbLOhaxPDw4cCnbCt0Or8H LXLubXgSPi9UBkSSy0yDtjcCd1SNG39qP3mETMHp2g9lzHaWPh35D6e3EnDzW8jdKhp+ nL8LUvYKjlyI5NiqL8ePSEs+K5Jc9lxGD0+HTaemlPRm4NRb53o/pYq8I5c3TOzN1ucg i8o3IlmVdp1gRnpl1j+kojSoUi1dOGokXdfKHQiPvo86blp4MFwcccwu74ulYbhRtR1g FpEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:date:cc:to:subject:from:references :in-reply-to:message-id:dkim-signature; bh=h+ZeQk8T0DIMrL4PtUsQo0eqmuBm6tn3duZFRsoT3nA=; b=lvZKZbYXXpmVFFWUM+hSrPDUQXhQEG9nwH+PeX4jUhKXUfSTXZEvC2+dMGVPMvQASn 3vzkgkd8BSM7OoYpDmc3vwLNSWACbJ5PA0TcKhnQBzSNeueKKR6XVSN1tcApVpQP+Oqn zkDpYD5IoET3cOIctwNX3O/3/Edm380Fxb352fnUkx/0LC7xjEhwWroCDXir+huczdf4 SSbi5a4V9jNxGAJRzEy96GJG6SBQbuhsmXOfOfH7b4hWZh3JuzZaEbu9zXggh2qqC/4g hM7fWSLABmM8FyajvXCZBCsYptvGJwWpw+V/69rr7B5+UI4Q2KD2gai9LKbOHBXihGYG NkSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@c-s.fr header.s=mail header.b=cHaP85JJ; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g7si11632459pgd.32.2019.06.17.14.15.17; Mon, 17 Jun 2019 14:15:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@c-s.fr header.s=mail header.b=cHaP85JJ; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727439AbfFQVPG (ORCPT + 99 others); Mon, 17 Jun 2019 17:15:06 -0400 Received: from pegase1.c-s.fr ([93.17.236.30]:6514 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726116AbfFQVPF (ORCPT ); Mon, 17 Jun 2019 17:15:05 -0400 Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 45SP9z2b63z9v32h; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) Authentication-Results: localhost; dkim=pass reason="1024-bit key; insecure key" header.d=c-s.fr header.i=@c-s.fr header.b=cHaP85JJ; dkim-adsp=pass; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id jJiF0moyPnzY; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 45SP9z1XXdz9v32f; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail; t=1560806103; bh=h+ZeQk8T0DIMrL4PtUsQo0eqmuBm6tn3duZFRsoT3nA=; h=In-Reply-To:References:From:Subject:To:Cc:Date:From; b=cHaP85JJUAYa0hVFkS5OGdG0kjU6cP9iBcFi3rlBF0zfEVXoOkw9C+UIDR3rnwMyv ZY23E67E0/6ZhAweHqiohmXnhjDyLkgswY1jPcD6OCXOiRLxv1d0cBoSxVDJO2swaA AFUp+2aFXcDisz7uCsm9CYNhvBV8AZHOribWoj1o= Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 6C21C8B84B; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id JwolBjh4sAp6; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) Received: from po16838vm.idsi0.si.c-s.fr (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 3B9028B7FF; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) Received: by localhost.localdomain (Postfix, from userid 0) id EA5CC682B3; Mon, 17 Jun 2019 21:15:02 +0000 (UTC) Message-Id: In-Reply-To: References: From: Christophe Leroy Subject: [PATCH v4 1/4] lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE To: Herbert Xu , "David S. Miller" , horia.geanta@nxp.com Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Date: Mon, 17 Jun 2019 21:15:02 +0000 (UTC) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org All mapping iterator logic is based on the assumption that sg->offset is always lower than PAGE_SIZE. But there are situations where sg->offset is such that the SG item is on the second page. In that case sg_copy_to_buffer() fails properly copying the data into the buffer. One of the reason is that the data will be outside the kmapped area used to access that data. This patch fixes the issue by adjusting the mapping iterator offset and pgoffset fields such that offset is always lower than PAGE_SIZE. Signed-off-by: Christophe Leroy Fixes: 4225fc8555a9 ("lib/scatterlist: use page iterator in the mapping iterator") Cc: stable@vger.kernel.org --- lib/scatterlist.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/scatterlist.c b/lib/scatterlist.c index 739dc9fe2c55..39f00659898f 100644 --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -678,7 +678,7 @@ static bool sg_miter_get_next_page(struct sg_mapping_iter *miter) { if (!miter->__remaining) { struct scatterlist *sg; - unsigned long pgoffset; + unsigned long pgoffset, offset; if (!__sg_page_iter_next(&miter->piter)) return false; @@ -686,7 +686,12 @@ static bool sg_miter_get_next_page(struct sg_mapping_iter *miter) sg = miter->piter.sg; pgoffset = miter->piter.sg_pgoffset; - miter->__offset = pgoffset ? 0 : sg->offset; + offset = pgoffset ? 0 : sg->offset; + while (offset >= PAGE_SIZE) { + miter->piter.sg_pgoffset = ++pgoffset; + offset -= PAGE_SIZE; + } + miter->__offset = offset; miter->__remaining = sg->offset + sg->length - (pgoffset << PAGE_SHIFT) - miter->__offset; miter->__remaining = min_t(unsigned long, miter->__remaining, -- 2.13.3