crypto: algif_skcipher - sendmsg SG marking is off by one

Orabug: 23330766

[ Upstream commit 202736d99b7f29279db9da61587f11a08a04a9c6 ]

We mark the end of the SG list in sendmsg and sendpage and unmark
it on the next send call.  Unfortunately the unmarking in sendmsg
is off-by-one, leading to an SG list that is too short.

Fixes: 0f477b655a52 ("crypto: algif - Mark sgl end at the end of data")
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
(cherry picked from commit a9c56fd066f9b5d222e0813b732908dabd721867)

Signed-off-by: Dan Duval <dan.duval@oracle.com>

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 945075292bc9584e57f4612bb1b7549a8e9e9b22..5bc42f9b23f0d3909d6151d14cf26064a00a0fa1 100644 (file)
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -387,7 +387,8 @@ static int skcipher_sendmsg(struct socket *sock, struct msghdr *msg,
 
                sgl = list_entry(ctx->tsgl.prev, struct skcipher_sg_list, list);
                sg = sgl->sg;
-               sg_unmark_end(sg + sgl->cur);
+               if (sgl->cur)
+                       sg_unmark_end(sg + sgl->cur - 1);
                do {
                        i = sgl->cur;
                        plen = min_t(int, len, PAGE_SIZE);