Re: [PATCH v2 1/2] crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
<20200123101000.GB24255@Red> References: <20200526031956.1897-2-longpe...@huawei.com> <20200123101000.GB24255@Red> Hi [This is an automated email] This commit has been processed because it contains a "Fixes:" tag fixing commit: dbaf0624ffa5 ("crypto: add virtio-crypto driver"). The bot has tested the following trees: v5.6.14, v5.4.42, v4.19.124, v4.14.181. v5.6.14: Build OK! v5.4.42: Failed to apply! Possible dependencies: eee1d6fca0a0 ("crypto: virtio - switch to skcipher API") v4.19.124: Failed to apply! Possible dependencies: eee1d6fca0a0 ("crypto: virtio - switch to skcipher API") v4.14.181: Failed to apply! Possible dependencies: 500e6807ce93 ("crypto: virtio - implement missing support for output IVs") 67189375bb3a ("crypto: virtio - convert to new crypto engine API") d0d859bb87ac ("crypto: virtio - Register an algo only if it's supported") e02b8b43f55a ("crypto: virtio - pr_err() strings should end with newlines") eee1d6fca0a0 ("crypto: virtio - switch to skcipher API") NOTE: The patch will not be queued to stable trees until it is upstream. How should we proceed with this patch? -- Thanks Sasha
Re: [PATCH v2 1/2] crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
Hi Markus, On 2020/5/26 15:03, Markus Elfring wrote: >> Fix it by sg_next() on calculation of src/dst scatterlist. > > Wording adjustment: > … by calling the function “sg_next” … > OK, thanks. > > … >> +++ b/drivers/crypto/virtio/virtio_crypto_algs.c >> @@ -350,13 +350,18 @@ __virtio_crypto_skcipher_do_req(struct >> virtio_crypto_sym_request *vc_sym_req, > … >> src_nents = sg_nents_for_len(req->src, req->cryptlen); >> +if (src_nents < 0) { >> +pr_err("Invalid number of src SG.\n"); >> +return src_nents; >> +} >> + >> dst_nents = sg_nents(req->dst); > … > > I suggest to move the addition of such input parameter validation > to a separate update step. > Um...The 'src_nents' will be used as a loop condition, so validate it here is needed ? ''' /* Source data */ - for (i = 0; i < src_nents; i++) - sgs[num_out++] = &req->src[i]; + for (sg = req->src; src_nents; sg = sg_next(sg), src_nents--) + sgs[num_out++] = sg; ''' > Regards, > Markus > -- --- Regards, Longpeng(Mike)
Re: [PATCH v2 1/2] crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
> Fix it by sg_next() on calculation of src/dst scatterlist. Wording adjustment: … by calling the function “sg_next” … … > +++ b/drivers/crypto/virtio/virtio_crypto_algs.c > @@ -350,13 +350,18 @@ __virtio_crypto_skcipher_do_req(struct > virtio_crypto_sym_request *vc_sym_req, … > src_nents = sg_nents_for_len(req->src, req->cryptlen); > + if (src_nents < 0) { > + pr_err("Invalid number of src SG.\n"); > + return src_nents; > + } > + > dst_nents = sg_nents(req->dst); … I suggest to move the addition of such input parameter validation to a separate update step. Regards, Markus
[PATCH v2 1/2] crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
The system will crash when the users insmod crypto/tcrypt.ko with mode=38 ( testing "cts(cbc(aes))" ). Usually the next entry of one sg will be @sg@ + 1, but if this sg element is part of a chained scatterlist, it could jump to the start of a new scatterlist array. Fix it by sg_next() on calculation of src/dst scatterlist. Fixes: dbaf0624ffa5 ("crypto: add virtio-crypto driver") Reported-by: LABBE Corentin Cc: Herbert Xu Cc: "Michael S. Tsirkin" Cc: Jason Wang Cc: "David S. Miller" Cc: Markus Elfring Cc: virtualizat...@lists.linux-foundation.org Cc: linux-kernel@vger.kernel.org Cc: sta...@vger.kernel.org Message-Id: <20200123101000.GB24255@Red> Signed-off-by: Gonglei Signed-off-by: Longpeng(Mike) --- drivers/crypto/virtio/virtio_crypto_algs.c | 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c b/drivers/crypto/virtio/virtio_crypto_algs.c index fd045e64972a..5f8243563009 100644 --- a/drivers/crypto/virtio/virtio_crypto_algs.c +++ b/drivers/crypto/virtio/virtio_crypto_algs.c @@ -350,13 +350,18 @@ __virtio_crypto_skcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req, int err; unsigned long flags; struct scatterlist outhdr, iv_sg, status_sg, **sgs; - int i; u64 dst_len; unsigned int num_out = 0, num_in = 0; int sg_total; uint8_t *iv; + struct scatterlist *sg; src_nents = sg_nents_for_len(req->src, req->cryptlen); + if (src_nents < 0) { + pr_err("Invalid number of src SG.\n"); + return src_nents; + } + dst_nents = sg_nents(req->dst); pr_debug("virtio_crypto: Number of sgs (src_nents: %d, dst_nents: %d)\n", @@ -442,12 +447,12 @@ __virtio_crypto_skcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req, vc_sym_req->iv = iv; /* Source data */ - for (i = 0; i < src_nents; i++) - sgs[num_out++] = &req->src[i]; + for (sg = req->src; src_nents; sg = sg_next(sg), src_nents--) + sgs[num_out++] = sg; /* Destination data */ - for (i = 0; i < dst_nents; i++) - sgs[num_out + num_in++] = &req->dst[i]; + for (sg = req->dst; sg; sg = sg_next(sg)) + sgs[num_out + num_in++] = sg; /* Status */ sg_init_one(&status_sg, &vc_req->status, sizeof(vc_req->status)); -- 2.23.0