www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Tom Lendacky <thomas.lendacky@amd.com>
	Mon, 1 Jun 2015 16:15:53 +0000 (11:15 -0500)
committer	Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
	Thu, 24 Aug 2017 17:52:49 +0000 (10:52 -0700)
commit	bdcf542a0be5ca7db2bfd097d17947ba77a16610
tree	9744ec79a118b7efbeb107e499aa7ed57444cf93	tree
parent	1bbc83ae7084081e0ff33724aa8bcba8a1fa73aa	commit \| diff

crypto: ccp - Protect against poorly marked end of sg list

Orabug: 26644685

Scatter gather lists can be created with more available entries than are
actually used (e.g. using sg_init_table() to reserve a specific number
of sg entries, but in actuality using something less than that based on
the data length). The caller sometimes fails to mark the last entry
with sg_mark_end(). In these cases, sg_nents() will return the original
size of the sg list as opposed to the actual number of sg entries that
contain valid data.

On arm64, if the sg_nents() value is used in a call to dma_map_sg() in
this situation, then it causes a BUG_ON in lib/swiotlb.c because an
"empty" sg list entry results in dma_capable() returning false and
swiotlb trying to create a bounce buffer of size 0. This occurred in
the userspace crypto interface before being fixed by

0f477b655a52 ("crypto: algif - Mark sgl end at the end of data")

Protect against this by using the new sg_nents_for_len() function which
returns only the number of sg entries required to meet the desired
length and supplying that value to dma_map_sg().

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit fb43f69401fef8ed2f72d7ea4a25910a0f2138bc)
Signed-off-by: Somasundaram Krishnasamy <somasundaram.krishnasamy@oracle.com>
Reviewed-by: Jack Vogel <jack.vogel@oracle.com>