aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2009-08-29 06:44:04 -0400
committerHerbert Xu <herbert@gondor.apana.org.au>2009-08-29 06:44:04 -0400
commit0c7d400fafaeab6014504a6a6249f01bac7f7db4 (patch)
tree1bce003eb85e15de168dc92ef09d7e94da24fcc5
parentb6f34d44cb341ad32f08717d1a2c418e6053a031 (diff)
crypto: skcipher - Fix skcipher_dequeue_givcrypt NULL test
As struct skcipher_givcrypt_request includes struct crypto_request at a non-zero offset, testing for NULL after converting the pointer returned by crypto_dequeue_request does not work. This can result in IPsec crashes when the queue is depleted. This patch fixes it by doing the pointer conversion only when the return value is non-NULL. In particular, we create a new function __crypto_dequeue_request that does the pointer conversion. Reported-by: Brad Bosch <bradbosch@comcast.net> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r--crypto/algapi.c11
-rw-r--r--include/crypto/algapi.h1
-rw-r--r--include/crypto/internal/skcipher.h4
3 files changed, 12 insertions, 4 deletions
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 56c62e2858d5..df0863d56995 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -692,7 +692,7 @@ out:
692} 692}
693EXPORT_SYMBOL_GPL(crypto_enqueue_request); 693EXPORT_SYMBOL_GPL(crypto_enqueue_request);
694 694
695struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue) 695void *__crypto_dequeue_request(struct crypto_queue *queue, unsigned int offset)
696{ 696{
697 struct list_head *request; 697 struct list_head *request;
698 698
@@ -707,7 +707,14 @@ struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue)
707 request = queue->list.next; 707 request = queue->list.next;
708 list_del(request); 708 list_del(request);
709 709
710 return list_entry(request, struct crypto_async_request, list); 710 return (char *)list_entry(request, struct crypto_async_request, list) -
711 offset;
712}
713EXPORT_SYMBOL_GPL(__crypto_dequeue_request);
714
715struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue)
716{
717 return __crypto_dequeue_request(queue, 0);
711} 718}
712EXPORT_SYMBOL_GPL(crypto_dequeue_request); 719EXPORT_SYMBOL_GPL(crypto_dequeue_request);
713 720
diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h
index 010545436efa..5a2bd1cc9656 100644
--- a/include/crypto/algapi.h
+++ b/include/crypto/algapi.h
@@ -137,6 +137,7 @@ struct crypto_instance *crypto_alloc_instance(const char *name,
137void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen); 137void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen);
138int crypto_enqueue_request(struct crypto_queue *queue, 138int crypto_enqueue_request(struct crypto_queue *queue,
139 struct crypto_async_request *request); 139 struct crypto_async_request *request);
140void *__crypto_dequeue_request(struct crypto_queue *queue, unsigned int offset);
140struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue); 141struct crypto_async_request *crypto_dequeue_request(struct crypto_queue *queue);
141int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm); 142int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm);
142 143
diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h
index 2ba42cd7d6aa..3a748a6bf772 100644
--- a/include/crypto/internal/skcipher.h
+++ b/include/crypto/internal/skcipher.h
@@ -79,8 +79,8 @@ static inline int skcipher_enqueue_givcrypt(
79static inline struct skcipher_givcrypt_request *skcipher_dequeue_givcrypt( 79static inline struct skcipher_givcrypt_request *skcipher_dequeue_givcrypt(
80 struct crypto_queue *queue) 80 struct crypto_queue *queue)
81{ 81{
82 return container_of(ablkcipher_dequeue_request(queue), 82 return __crypto_dequeue_request(
83 struct skcipher_givcrypt_request, creq); 83 queue, offsetof(struct skcipher_givcrypt_request, creq.base));
84} 84}
85 85
86static inline void *skcipher_givcrypt_reqctx( 86static inline void *skcipher_givcrypt_reqctx(