aboutsummaryrefslogtreecommitdiffstats
path: root/net/rxrpc/rxkad.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2007-10-31 00:29:29 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-31 00:29:29 -0400
commit51c739d1f484b2562040a3e496dc8e1670d4e279 (patch)
tree87b12c2330f2951deb1a435367907d15a5d938c3 /net/rxrpc/rxkad.c
parent07afa040252eb41f91f46f8e538b434a63122999 (diff)
[NET]: Fix incorrect sg_mark_end() calls.
This fixes scatterlist corruptions added by commit 68e3f5dd4db62619fdbe520d36c9ebf62e672256 [CRYPTO] users: Fix up scatterlist conversion errors The issue is that the code calls sg_mark_end() which clobbers the sg_page() pointer of the final scatterlist entry. The first part fo the fix makes skb_to_sgvec() do __sg_mark_end(). After considering all skb_to_sgvec() call sites the most correct solution is to call __sg_mark_end() in skb_to_sgvec() since that is what all of the callers would end up doing anyways. I suspect this might have fixed some problems in virtio_net which is the sole non-crypto user of skb_to_sgvec(). Other similar sg_mark_end() cases were converted over to __sg_mark_end() as well. Arguably sg_mark_end() is a poorly named function because it doesn't just "mark", it clears out the page pointer as a side effect, which is what led to these bugs in the first place. The one remaining plain sg_mark_end() call is in scsi_alloc_sgtable() and arguably it could be converted to __sg_mark_end() if only so that we can delete this confusing interface from linux/scatterlist.h Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/rxrpc/rxkad.c')
-rw-r--r--net/rxrpc/rxkad.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index eebefb6ef139..c387cf68a08c 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -237,7 +237,8 @@ static int rxkad_secure_packet_encrypt(const struct rxrpc_call *call,
237 len = data_size + call->conn->size_align - 1; 237 len = data_size + call->conn->size_align - 1;
238 len &= ~(call->conn->size_align - 1); 238 len &= ~(call->conn->size_align - 1);
239 239
240 sg_init_table(sg, skb_to_sgvec(skb, sg, 0, len)); 240 sg_init_table(sg, nsg);
241 skb_to_sgvec(skb, sg, 0, len);
241 crypto_blkcipher_encrypt_iv(&desc, sg, sg, len); 242 crypto_blkcipher_encrypt_iv(&desc, sg, sg, len);
242 243
243 _leave(" = 0"); 244 _leave(" = 0");
@@ -344,7 +345,7 @@ static int rxkad_verify_packet_auth(const struct rxrpc_call *call,
344 goto nomem; 345 goto nomem;
345 346
346 sg_init_table(sg, nsg); 347 sg_init_table(sg, nsg);
347 sg_mark_end(sg, skb_to_sgvec(skb, sg, 0, 8)); 348 skb_to_sgvec(skb, sg, 0, 8);
348 349
349 /* start the decryption afresh */ 350 /* start the decryption afresh */
350 memset(&iv, 0, sizeof(iv)); 351 memset(&iv, 0, sizeof(iv));
@@ -426,7 +427,7 @@ static int rxkad_verify_packet_encrypt(const struct rxrpc_call *call,
426 } 427 }
427 428
428 sg_init_table(sg, nsg); 429 sg_init_table(sg, nsg);
429 sg_mark_end(sg, skb_to_sgvec(skb, sg, 0, skb->len)); 430 skb_to_sgvec(skb, sg, 0, skb->len);
430 431
431 /* decrypt from the session key */ 432 /* decrypt from the session key */
432 payload = call->conn->key->payload.data; 433 payload = call->conn->key->payload.data;
@@ -701,7 +702,7 @@ static void rxkad_sg_set_buf2(struct scatterlist sg[2],
701 nsg++; 702 nsg++;
702 } 703 }
703 704
704 sg_mark_end(sg, nsg); 705 __sg_mark_end(&sg[nsg - 1]);
705 706
706 ASSERTCMP(sg[0].length + sg[1].length, ==, buflen); 707 ASSERTCMP(sg[0].length + sg[1].length, ==, buflen);
707} 708}