On Mon, Nov 28, 2016 at 02:39:09PM +0100, Stephan Mueller wrote:
>
> @@ -1737,15 +1750,22 @@ static int drbg_kcapi_sym_ctr(struct drbg_state *drbg,
> u8 *outbuf, u32 outlen)
> {
> struct scatterlist sg_in;
> + bool virt_addr_valid = virt_addr_valid(outbuf);
>
When using SGs, only heap memory (memory that is valid as per
virt_addr_valid) is allowed to be referenced. The CTR DRBG used to
reference the caller-provided memory directly in an SG. In case the
caller provided stack memory pointers, the SG mapping is not considered
to be valid. In some cases,
