Message ID | 1612449.5GibSviISC@positron.chronox.de (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Herbert Xu |
Headers | show |
Hello, syzbot has tested the proposed patch and the reproducer did not trigger crash: Reported-and-tested-by: syzbot+9c251bdd09f83b92ba95@syzkaller.appspotmail.com Tested on: commit: a00de5aa4da3 kmsan: delete some dead code git tree: https://github.com/google/kmsan.git/master kernel config: https://syzkaller.appspot.com/x/.config?x=b11f4cfb262ee607 compiler: clang version 7.0.0 (trunk 334104) patch: https://syzkaller.appspot.com/x/patch.diff?x=17a9badc400000 Note: testing is done by a robot and is best-effort only.
On Sat, Jul 07, 2018 at 08:41:47PM +0200, Stephan Müller wrote: > Changes v4: > * Add Fixes and CC line > > Changes v3: > * Fix syz testing line > > Changes v2: > * Addition of syz testing line > > ---8<--- > > The RX SGL in processing is already registered with the RX SGL tracking > list to support proper cleanup. The cleanup code path uses the > sg_num_bytes variable which must therefore be always initialized, even > in the error code path. > > Signed-off-by: Stephan Mueller <smueller@chronox.de> > Reported-by: syzbot+9c251bdd09f83b92ba95@syzkaller.appspotmail.com > #syz test: https://github.com/google/kmsan.git master > CC: <stable@vger.kernel.org> #4.14 > Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management") > Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management") Patch applied. Thanks.
diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 49fa8582138b..bd6795ff406a 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -1148,8 +1148,10 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *msg, int flags, /* make one iovec available as scatterlist */ err = af_alg_make_sg(&rsgl->sgl, &msg->msg_iter, seglen); - if (err < 0) + if (err < 0) { + rsgl->sg_num_bytes = 0; return err; + } /* chain the new scatterlist with previous one */ if (areq->last_rsgl)
Changes v4: * Add Fixes and CC line Changes v3: * Fix syz testing line Changes v2: * Addition of syz testing line ---8<--- The RX SGL in processing is already registered with the RX SGL tracking list to support proper cleanup. The cleanup code path uses the sg_num_bytes variable which must therefore be always initialized, even in the error code path. Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+9c251bdd09f83b92ba95@syzkaller.appspotmail.com #syz test: https://github.com/google/kmsan.git master CC: <stable@vger.kernel.org> #4.14 Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management") Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management") --- crypto/af_alg.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)