diff options
author | Herbert Xu <herbert@gondor.apana.org.au> | 2007-09-09 03:45:21 -0400 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2007-09-09 03:45:21 -0400 |
commit | e4630f9fd8cdc14eb1caa08dafe649eb5ae09985 (patch) | |
tree | 301b4b69b5780ecfa39c9c1f508d57e47da8af29 | |
parent | b21010ed6498391c0f359f2a89c907533fe07fec (diff) |
[CRYPTO] blkcipher: Fix handling of kmalloc page straddling
The function blkcipher_get_spot tries to return a buffer of
the specified length that does not straddle a page. It has
an off-by-one bug so it may advance a page unnecessarily.
What's worse, one of its callers doesn't provide a buffer
that's sufficiently long for this operation.
This patch fixes both problems. Thanks to Bob Gilligan for
diagnosing this problem and providing a fix.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/blkcipher.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 7755834b8846..97586afbe63b 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c | |||
@@ -59,11 +59,13 @@ static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk) | |||
59 | scatterwalk_unmap(walk->dst.virt.addr, 1); | 59 | scatterwalk_unmap(walk->dst.virt.addr, 1); |
60 | } | 60 | } |
61 | 61 | ||
62 | /* Get a spot of the specified length that does not straddle a page. | ||
63 | * The caller needs to ensure that there is enough space for this operation. | ||
64 | */ | ||
62 | static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len) | 65 | static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len) |
63 | { | 66 | { |
64 | if (offset_in_page(start + len) < len) | 67 | u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK); |
65 | return (u8 *)((unsigned long)(start + len) & PAGE_MASK); | 68 | return start < end_page ? start : end_page; |
66 | return start; | ||
67 | } | 69 | } |
68 | 70 | ||
69 | static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm, | 71 | static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm, |
@@ -155,7 +157,8 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc, | |||
155 | if (walk->buffer) | 157 | if (walk->buffer) |
156 | goto ok; | 158 | goto ok; |
157 | 159 | ||
158 | n = bsize * 2 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); | 160 | n = bsize * 3 - (alignmask + 1) + |
161 | (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); | ||
159 | walk->buffer = kmalloc(n, GFP_ATOMIC); | 162 | walk->buffer = kmalloc(n, GFP_ATOMIC); |
160 | if (!walk->buffer) | 163 | if (!walk->buffer) |
161 | return blkcipher_walk_done(desc, walk, -ENOMEM); | 164 | return blkcipher_walk_done(desc, walk, -ENOMEM); |