Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp2994052ybi;
        Mon, 17 Jun 2019 14:15:33 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx6uKl2fWCHw6llUPwxTVMrdSv8tZsKu9A7UGI0bSAn7dGPRSzWVWnpy+uyi7wIHeK7PVRM
X-Received: by 2002:a17:90a:35e5:: with SMTP id r92mr1154413pjb.34.1560806133356;
        Mon, 17 Jun 2019 14:15:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1560806133; cv=none;
        d=google.com; s=arc-20160816;
        b=rtyb4wHkV1dDc5vYY7JNBgokeQYpakCU4ozEH9OiFK/I38HVgz4PrzdX2sju+b/OD4
         GnEwnqdMrkTHx8Q2zoitPKSlFoV3yZ5mWHqTS245VtysG4lbLOhaxPDw4cCnbCt0Or8H
         LXLubXgSPi9UBkSSy0yDtjcCd1SNG39qP3mETMHp2g9lzHaWPh35D6e3EnDzW8jdKhp+
         nL8LUvYKjlyI5NiqL8ePSEs+K5Jc9lxGD0+HTaemlPRm4NRb53o/pYq8I5c3TOzN1ucg
         i8o3IlmVdp1gRnpl1j+kojSoUi1dOGokXdfKHQiPvo86blp4MFwcccwu74ulYbhRtR1g
         FpEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:cc:to:subject:from:references
         :in-reply-to:message-id:dkim-signature;
        bh=h+ZeQk8T0DIMrL4PtUsQo0eqmuBm6tn3duZFRsoT3nA=;
        b=lvZKZbYXXpmVFFWUM+hSrPDUQXhQEG9nwH+PeX4jUhKXUfSTXZEvC2+dMGVPMvQASn
         3vzkgkd8BSM7OoYpDmc3vwLNSWACbJ5PA0TcKhnQBzSNeueKKR6XVSN1tcApVpQP+Oqn
         zkDpYD5IoET3cOIctwNX3O/3/Edm380Fxb352fnUkx/0LC7xjEhwWroCDXir+huczdf4
         SSbi5a4V9jNxGAJRzEy96GJG6SBQbuhsmXOfOfH7b4hWZh3JuzZaEbu9zXggh2qqC/4g
         hM7fWSLABmM8FyajvXCZBCsYptvGJwWpw+V/69rr7B5+UI4Q2KD2gai9LKbOHBXihGYG
         NkSw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b=cHaP85JJ;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g7si11632459pgd.32.2019.06.17.14.15.17;
        Mon, 17 Jun 2019 14:15:33 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@c-s.fr header.s=mail header.b=cHaP85JJ;
       spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727439AbfFQVPG (ORCPT <rfc822;nullstelllensatz@gmail.com>
        + 99 others); Mon, 17 Jun 2019 17:15:06 -0400
Received: from pegase1.c-s.fr ([93.17.236.30]:6514 "EHLO pegase1.c-s.fr"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726116AbfFQVPF (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 17 Jun 2019 17:15:05 -0400
Received: from localhost (mailhub1-int [192.168.12.234])
        by localhost (Postfix) with ESMTP id 45SP9z2b63z9v32h;
        Mon, 17 Jun 2019 23:15:03 +0200 (CEST)
Authentication-Results: localhost; dkim=pass
        reason="1024-bit key; insecure key"
        header.d=c-s.fr header.i=@c-s.fr header.b=cHaP85JJ; dkim-adsp=pass;
        dkim-atps=neutral
X-Virus-Scanned: Debian amavisd-new at c-s.fr
Received: from pegase1.c-s.fr ([192.168.12.234])
        by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024)
        with ESMTP id jJiF0moyPnzY; Mon, 17 Jun 2019 23:15:03 +0200 (CEST)
Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192])
        by pegase1.c-s.fr (Postfix) with ESMTP id 45SP9z1XXdz9v32f;
        Mon, 17 Jun 2019 23:15:03 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail;
        t=1560806103; bh=h+ZeQk8T0DIMrL4PtUsQo0eqmuBm6tn3duZFRsoT3nA=;
        h=In-Reply-To:References:From:Subject:To:Cc:Date:From;
        b=cHaP85JJUAYa0hVFkS5OGdG0kjU6cP9iBcFi3rlBF0zfEVXoOkw9C+UIDR3rnwMyv
         ZY23E67E0/6ZhAweHqiohmXnhjDyLkgswY1jPcD6OCXOiRLxv1d0cBoSxVDJO2swaA
         AFUp+2aFXcDisz7uCsm9CYNhvBV8AZHOribWoj1o=
Received: from localhost (localhost [127.0.0.1])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 6C21C8B84B;
        Mon, 17 Jun 2019 23:15:03 +0200 (CEST)
X-Virus-Scanned: amavisd-new at c-s.fr
Received: from messagerie.si.c-s.fr ([127.0.0.1])
        by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023)
        with ESMTP id JwolBjh4sAp6; Mon, 17 Jun 2019 23:15:03 +0200 (CEST)
Received: from po16838vm.idsi0.si.c-s.fr (unknown [192.168.4.90])
        by messagerie.si.c-s.fr (Postfix) with ESMTP id 3B9028B7FF;
        Mon, 17 Jun 2019 23:15:03 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 0)
        id EA5CC682B3; Mon, 17 Jun 2019 21:15:02 +0000 (UTC)
Message-Id: <f28c6b0e2f9510f42ca934f19c4315084e668c21.1560805614.git.christophe.leroy@c-s.fr>
In-Reply-To: <cover.1560805614.git.christophe.leroy@c-s.fr>
References: <cover.1560805614.git.christophe.leroy@c-s.fr>
From:   Christophe Leroy <christophe.leroy@c-s.fr>
Subject: [PATCH v4 1/4] lib/scatterlist: Fix mapping iterator when sg->offset
 is greater than PAGE_SIZE
To:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>, horia.geanta@nxp.com
Cc:     linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        linuxppc-dev@lists.ozlabs.org
Date:   Mon, 17 Jun 2019 21:15:02 +0000 (UTC)
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

All mapping iterator logic is based on the assumption that sg->offset
is always lower than PAGE_SIZE.

But there are situations where sg->offset is such that the SG item
is on the second page. In that case sg_copy_to_buffer() fails
properly copying the data into the buffer. One of the reason is
that the data will be outside the kmapped area used to access that
data.

This patch fixes the issue by adjusting the mapping iterator
offset and pgoffset fields such that offset is always lower than
PAGE_SIZE.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Fixes: 4225fc8555a9 ("lib/scatterlist: use page iterator in the mapping iterator")
Cc: stable@vger.kernel.org
---
 lib/scatterlist.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index 739dc9fe2c55..39f00659898f 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -678,7 +678,7 @@ static bool sg_miter_get_next_page(struct sg_mapping_iter *miter)
 {
 	if (!miter->__remaining) {
 		struct scatterlist *sg;
-		unsigned long pgoffset;
+		unsigned long pgoffset, offset;
 
 		if (!__sg_page_iter_next(&miter->piter))
 			return false;
@@ -686,7 +686,12 @@ static bool sg_miter_get_next_page(struct sg_mapping_iter *miter)
 		sg = miter->piter.sg;
 		pgoffset = miter->piter.sg_pgoffset;
 
-		miter->__offset = pgoffset ? 0 : sg->offset;
+		offset = pgoffset ? 0 : sg->offset;
+		while (offset >= PAGE_SIZE) {
+			miter->piter.sg_pgoffset = ++pgoffset;
+			offset -= PAGE_SIZE;
+		}
+		miter->__offset = offset;
 		miter->__remaining = sg->offset + sg->length -
 				(pgoffset << PAGE_SHIFT) - miter->__offset;
 		miter->__remaining = min_t(unsigned long, miter->__remaining,
-- 
2.13.3