diff options
| author | David S. Miller <davem@sunset.davemloft.net> | 2007-10-31 00:29:29 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-31 00:29:29 -0400 |
| commit | 51c739d1f484b2562040a3e496dc8e1670d4e279 (patch) | |
| tree | 87b12c2330f2951deb1a435367907d15a5d938c3 /net/sunrpc | |
| parent | 07afa040252eb41f91f46f8e538b434a63122999 (diff) | |
[NET]: Fix incorrect sg_mark_end() calls.
This fixes scatterlist corruptions added by
commit 68e3f5dd4db62619fdbe520d36c9ebf62e672256
[CRYPTO] users: Fix up scatterlist conversion errors
The issue is that the code calls sg_mark_end() which clobbers the
sg_page() pointer of the final scatterlist entry.
The first part fo the fix makes skb_to_sgvec() do __sg_mark_end().
After considering all skb_to_sgvec() call sites the most correct
solution is to call __sg_mark_end() in skb_to_sgvec() since that is
what all of the callers would end up doing anyways.
I suspect this might have fixed some problems in virtio_net which is
the sole non-crypto user of skb_to_sgvec().
Other similar sg_mark_end() cases were converted over to
__sg_mark_end() as well.
Arguably sg_mark_end() is a poorly named function because it doesn't
just "mark", it clears out the page pointer as a side effect, which is
what led to these bugs in the first place.
The one remaining plain sg_mark_end() call is in scsi_alloc_sgtable()
and arguably it could be converted to __sg_mark_end() if only so that
we can delete this confusing interface from linux/scatterlist.h
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sunrpc')
| -rw-r--r-- | net/sunrpc/auth_gss/gss_krb5_crypto.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c index 91cd8f0d1e10..ab7cbd6575c4 100644 --- a/net/sunrpc/auth_gss/gss_krb5_crypto.c +++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c | |||
| @@ -211,8 +211,8 @@ encryptor(struct scatterlist *sg, void *data) | |||
| 211 | if (thislen == 0) | 211 | if (thislen == 0) |
| 212 | return 0; | 212 | return 0; |
| 213 | 213 | ||
| 214 | sg_mark_end(desc->infrags, desc->fragno); | 214 | __sg_mark_end(&desc->infrags[desc->fragno - 1]); |
| 215 | sg_mark_end(desc->outfrags, desc->fragno); | 215 | __sg_mark_end(&desc->outfrags[desc->fragno - 1]); |
| 216 | 216 | ||
| 217 | ret = crypto_blkcipher_encrypt_iv(&desc->desc, desc->outfrags, | 217 | ret = crypto_blkcipher_encrypt_iv(&desc->desc, desc->outfrags, |
| 218 | desc->infrags, thislen); | 218 | desc->infrags, thislen); |
| @@ -293,7 +293,7 @@ decryptor(struct scatterlist *sg, void *data) | |||
| 293 | if (thislen == 0) | 293 | if (thislen == 0) |
| 294 | return 0; | 294 | return 0; |
| 295 | 295 | ||
| 296 | sg_mark_end(desc->frags, desc->fragno); | 296 | __sg_mark_end(&desc->frags[desc->fragno - 1]); |
| 297 | 297 | ||
| 298 | ret = crypto_blkcipher_decrypt_iv(&desc->desc, desc->frags, | 298 | ret = crypto_blkcipher_decrypt_iv(&desc->desc, desc->frags, |
| 299 | desc->frags, thislen); | 299 | desc->frags, thislen); |