Hi Dear Herbert,
Sorry to bother you , but we’ve met a problem in crypto module,
would you please kindly help us look into it ? Thank you very much.
In the below function chain, scatterwalk_start() doesn't check the
result of sg_next(), so the kernel will crash if sg_next() returns a null
pointer, which is our case. (The full stack is at the end of letter)
blkcipher_walk_done()->scatterwalk_done()->scatterwalk_pagedone()->scatterwalk_start(walk,
sg_next(walk->sg));
Should we add a null-pointer-check in scatterwalk_start()? Or is
there any process can ensure that there should be a valid sg pointer if the
condition (walk->offset >= walk->sg->offset + walk->sg->length) is true?
We are really looking forward to your reply, any information will
be appreciated , thanks again.
Best regards
Chen Gong
2018.11.20
---
Full Stack:
<1>[395491.178009s][pid:29501,cpu4,Binder:708_A]Unable to handle kernel NULL
pointer dereference at virtual address 0008
<1>[395491.178039s][pid:29501,cpu4,Binder:708_A]pgd = ffc112c27000
<1>[395491.178039s][pid:29501,cpu4,Binder:708_A][0008]
*pgd=, *pud=
<0>[395491.178070s][pid:29501,cpu4,Binder:708_A]Internal error: Oops: 9605
[#1] PREEMPT SMP
<4>[395491.178070s][pid:29501,cpu4,Binder:708_A]Modules linked in: hisi_dummy_ko
<4>[395491.178100s][pid:29501,cpu4,Binder:708_A]CPU: 4 PID: 29501 Comm:
Binder:708_A VIP: 00 Tainted: GW 4.9.111 #1
<4>[395491.178100s][pid:29501,cpu4,Binder:708_A]TGID: 708 Comm: Binder:708_2
<4>[395491.178100s][pid:29501,cpu4,Binder:708_A]Hardware name: hi3660 (DT)
<4>[395491.178100s][pid:29501,cpu4,Binder:708_A]task: ffc1d43ec880
task.stack: ffc3007e
<4>[395491.178100s][pid:29501,cpu4,Binder:708_A]PC is at
blkcipher_walk_done+0x210/0x354
<4>[395491.178131s][pid:29501,cpu4,Binder:708_A]LR is at
blkcipher_walk_done+0x20c/0x354
<4>[395491.178131s][pid:29501,cpu4,Binder:708_A]pc : [] lr :
[] pstate: 6145
<4>[395491.178131s][pid:29501,cpu4,Binder:708_A]sp : ffc3007e3950
<4>[395491.178131s][pid:29501,cpu4,Binder:708_A]x29: ffc3007e3950 x28:
<4>[395491.178161s][pid:29501,cpu4,Binder:708_A]x27: ffc1c6ef501e x26:
0100
<4>[395491.178161s][pid:29501,cpu4,Binder:708_A]x25: ffc3007e3b40 x24:
ffc3007e3be8
<4>[395491.178161s][pid:29501,cpu4,Binder:708_A]x23: 0001 x22:
0500
<4>[395491.178161s][pid:29501,cpu4,Binder:708_A]x21: ffc3007e3a90 x20:
ffc3007e3a10
<4>[395491.178192s][pid:29501,cpu4,Binder:708_A]x19: ffc3007e39d8 x18:
0001
<4>[395491.178192s][pid:29501,cpu4,Binder:708_A]x17: 0075aca06934 x16:
ff9c1b032d10
<4>[395491.178192s][pid:29501,cpu4,Binder:708_A]x15: 0075aaffe5b8 x14:
<4>[395491.178222s][pid:29501,cpu4,Binder:708_A]x13: 0075ac08642d x12:
0001
<4>[395491.178222s][pid:29501,cpu4,Binder:708_A]x11: x10:
ffc3175e1680
<4>[395491.178222s][pid:29501,cpu4,Binder:708_A]x9 : ff9c1d408000 x8 :
<4>[395491.178253s][pid:29501,cpu4,Binder:708_A]x7 : ff9c1c28 x6 :
0001
<4>[395491.178253s][pid:29501,cpu4,Binder:708_A]x5 : ffc3007e3be8 x4 :
<4>[395491.178253s][pid:29501,cpu4,Binder:708_A]x3 : 0100 x2 :
0500
<4>[395491.178253s][pid:29501,cpu4,Binder:708_A]x1 : ffc31aa934c2 x0 :
<4>[395491.180725s][pid:29501,cpu4,Binder:708_A][]
blkcipher_walk_done+0x210/0x354
<4>[395491.180755s][pid:29501,cpu4,Binder:708_A][]
cbc_decrypt+0xa0/0xe8
<4>[395491.180755s][pid:29501,cpu4,Binder:708_A][]
ablk_decrypt+0x78/0xf4
<4>[395491.180755s][pid:29501,cpu4,Binder:708_A][]
skcipher_decrypt_ablkcipher+0x70/0x80
<4>[395491.180786s][pid:29501,cpu4,Binder:708_A][]
crypto_cts_decrypt+0xf0/0x184
<4>[395491.180786s][pid:29501,cpu4,Binder:708_A][]
fname_decrypt.isra.1+0x110/0x1d8
<4>[395491.180786s][pid:29501,cpu4,Binder:708_A][]
fscrypt_fname_disk_to_usr+0x1d8/0x264
<4>[395491.180816s][pid:29501,cpu4,Binder:708_A][]
f2fs_fill_dentries+0x13c/0x1d4
<4>[395491.180816s][pid: