From patchwork Thu Oct 27 14:29:51 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Ryabinin X-Patchwork-Id: 9399967 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 961BD60231 for ; Thu, 27 Oct 2016 17:04:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7F6D72A171 for ; Thu, 27 Oct 2016 17:04:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 742C22A228; Thu, 27 Oct 2016 17:04:09 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 53ABB2A171 for ; Thu, 27 Oct 2016 17:04:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752786AbcJ0REF (ORCPT ); Thu, 27 Oct 2016 13:04:05 -0400 Received: from mail-eopbgr20124.outbound.protection.outlook.com ([40.107.2.124]:11744 "EHLO EUR02-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751613AbcJ0REE (ORCPT ); Thu, 27 Oct 2016 13:04:04 -0400 X-Greylist: delayed 7225 seconds by postgrey-1.27 at vger.kernel.org; Thu, 27 Oct 2016 13:04:03 EDT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=btZOaE2sJbOfpCiF3SQWhq0B/GOAMQamZ/XP8o9vOTM=; b=ZF8uGJNwZDVJTdpLq7X7/lm86McVz1rHyJba+ctFwEq3dNva2jiQvszuELtnJF2QZIb3UxOcfXfiECsdAGe0bphIvjtAo6eFGHokw1+FtkerrPyAY5l32mnM/70iHJwANBKldVFc6D5vV6pkMdMcTh+h8w7NI30H6eK/kqgp0gY= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=aryabinin@virtuozzo.com; Received: from localhost.sw.ru (195.214.232.10) by HE1PR0802MB2555.eurprd08.prod.outlook.com (10.175.35.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.12; Thu, 27 Oct 2016 14:30:03 +0000 From: Andrey Ryabinin To: Willy Tarreau , CC: Herbert Xu , , Andrey Ryabinin Subject: [PATCH stable 3.10.y 18/18] crypto: skcipher - Fix blkcipher walk OOM crash Date: Thu, 27 Oct 2016 17:29:51 +0300 Message-ID: <1477578591-28924-19-git-send-email-aryabinin@virtuozzo.com> X-Mailer: git-send-email 2.7.3 In-Reply-To: <1477578591-28924-1-git-send-email-aryabinin@virtuozzo.com> References: <1477578591-28924-1-git-send-email-aryabinin@virtuozzo.com> MIME-Version: 1.0 X-Originating-IP: [195.214.232.10] X-ClientProxiedBy: AM4PR0501CA0035.eurprd05.prod.outlook.com (10.167.83.173) To HE1PR0802MB2555.eurprd08.prod.outlook.com (10.175.35.148) X-MS-Office365-Filtering-Correlation-Id: 89bbbd77-6d4c-4c66-b0e4-08d3fe75bdd9 X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2555; 2:ekJxi8ik5uNveQqxdICkVwkZMe64hroKYvlYSCGPntcjDZl1MnDnl4eANWWy7o/uDmFztl+5T33et2F9pXfb1ZkJ6xbZif7rWwW5imTeEcnB03v2Hh1lPrQq873xJwRJedKbGnnF30jV3F2nbEiq0co8PqGNqPyutd6AUBab17M6RIdFMmtZpPfXYfqmz8wpHsdhRubpZ8uR0MqTN1xbPg==; 3:URc6dHnjs1UhZ9wrs1dqIYEVjQcOg9MJzr704LebskOuxonmBLFz3rh/WX5SWUbMau04kHBdNMy1s/bo90Bqw4TNeLCw/Wz8NAFjnJM7jxpq00UQ5mHy9DiaTBRkGZat3uQBUE6v3jxrciO3dskXag== X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0802MB2555; X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2555; 25:Ha1G3HM53+0H+mNsMNjZO97pw3OJQFamUIdsSR+8fyPaiPc+T4kxdNaAcnaAb/VlEfj9mRYjiL4XHGTh/2G4gLzvdz5yy8P68zMVFJfRPzlWmcpd2Zbo56nf0oYJAUsq+73cfCwZ0s9sHTB9YxnwPNeNPa37syZb4x25YqeshloFqCMJeGy0s+fM9hpeMFCWYpmIOAPNHn1LOOpRgCklv2lkoTlzfTlJD8WRWbh0U0+uIqb3pbt0ZbAfRlAoYZWM87fekPAwyE4cIV/F/pAwgrGf7Ktrw5LCvuQoobrR0ODHylMz1FaAtXnizwaIudYir1srUs9fT+R9NaQ69QsE66e797m/8HzFF+EJ82hVKkYIgjPDvAlS/e+lEtVdAvyXovH3O+NCtQgvcpvEgsKwbpmGC/b3TBpV+PyXps4nyDqUm1q6EtpapNmrtCNzUhht7r7F/8dOJ9ikjacnepId8P+X4m8bbkRHmBSqmT9e2fMZUfIV7uT6kuYQNR/6dd8YbHVsCveWGTL2jY9uO7EntDyukefZHHchnm+20A19g2PrnOhCuLkPlYyeBhYAcJF536EfE+BUK3Y9ojKsWcaQphkltG2l5KQkAsbEvpNldEwMxCLlPf69kCCumyl6BUZG29uo2rXCBDIVbB/VEKJEFhmZKkvDBf0kYIYrIPPtnwoQsRFMqKrQItchtcTG3UncqQgttMwFIxQNbn2fcS4StYD7iy+zJiHxV1CWLGqhXV0CfK63wtWrLB65Eq8ItEaE X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2555; 31:07elSM8qnHaLK3oGxYTno5JZy5B0n5OyK639uzN4Oo+M7vYbn1TPre8fehZEilIz7KThFF/6gCNJTDhOgBnJI7hZUZy2ejlaiUKvf1t7LNTBVyUHI7smHkFjEM/1uhO8OMB7YoLxQvD+i5igTw3SuThq7BsLv/0Z8HcWzyyMR3xehBa2i8RwuOWtWMdw5YWbJcuyhQWdag6ddaEHeSdEzdytAnmK4oTe5fgiyCJ1opGCEN/6xZT7/PKEs234pJQte+4pKNmGQX6TPtdlRWruAA==; 4:qtWRiUrkmU9NsJmG//9jYXWv647Xz6FXuWaIJ3eswnvgFonuLme73l7TE2BLTx5AogHii9raYyjQp7Hm0G0OIGKCYaYDOdJA6lGso3/m4wTNzbCWblUrYzow+czFk0tEhCVYP20wxEIWhL1DIAHPuLYAzeOslXbpUkz1+YCG0EuWk0fXzkDaeNww5CQMI5w917oADbnSh6pnNyhhgGUAdisFMh2Vx6Y3FvrA9a8VHyyv0HLek+n+RSIsKxhMewkXeY2nrpgFt9EZI0tap1R8Aldf6Dd1B13nEYz7VYJxfBoVlkKrJed8t4hgh284juTz2op+KBRmJPDMEVU4nhkeWB1yOivr5nosjulGZjSpmgM1Sy0FnmbHrw6vlxZykEhztt4l4VZL5ugby0bolA7TJSbQzmNLlZ/DtbcdlXbRz7pFcgtGEJQ/fwHnzZ9jCAzzAKfS1KhkFcDOf0RfjOMnOSCNhUlle0/GoEeEIcmB1rLkFQG0tiAaACJs876YAAmTNlAwsC2qfjJ2KwHEO1RdZQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(50582790962513); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6043046)(6042046); SRVR:HE1PR0802MB2555; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0802MB2555; X-Forefront-PRVS: 0108A997B2 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(4630300001)(6069001)(6009001)(7916002)(189002)(199003)(2906002)(81166006)(53416004)(76506005)(8676002)(81156014)(42186005)(305945005)(7846002)(76176999)(48376002)(19580395003)(50986999)(7736002)(19580405001)(2950100002)(105586002)(86362001)(575784001)(229853001)(586003)(6666003)(6116002)(3846002)(4001430100002)(33646002)(50466002)(36756003)(4326007)(69596002)(189998001)(77096005)(47776003)(5001770100001)(66066001)(107886002)(92566002)(5660300001)(50226002)(5003940100001)(101416001)(68736007)(106356001)(97736004)(781001); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0802MB2555; H:localhost.sw.ru; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; HE1PR0802MB2555; 23:ePTfjulbZwfCnP68mkC4qvkNn2GOC2cAw8fDIuq?= =?us-ascii?Q?16bUY03q5wwQJG7R2Fu+JpxxwshFti3dxsZLIeeI71vnrLZydC7g5J2iBaku?= =?us-ascii?Q?6pmGAt/ugVmGUIi3VbNrI++sbUKvhwJog11oOL9Ow5hhRu8fhfiXAhRWD99b?= =?us-ascii?Q?7kDgf0ioPCNmwf2EIn2oZiSvJ2hrJWUnW8HMtw3FqRu8U0yjoJI4DwRxK3b4?= =?us-ascii?Q?ATqiX2Izo3s2leo71Ln3kNLH5L78/knnlACdmuFHzJqOARiDaP4dh9lOavr1?= =?us-ascii?Q?s/vn3yZc5tOckC/4712JPkNeFOK2+PAUkivWiP+yGBZHwNQz1pnYeBLjSae0?= =?us-ascii?Q?p6bPuQMwLBw4iOynxKQ17yRjrPhI2+erf/0USnnjnyF9SGngvKBzSgVf3GB6?= =?us-ascii?Q?bD7iWWCKfR1Qrti4QrZWlJyPP14Yeqfew0oGshdIF4QnfbCPng+VVrao3Is3?= =?us-ascii?Q?Eh8/oKkZEICpBzwPc4BF4KkIuS+/EfPKaGom9jNghtyDs//sP1usnjUaB0No?= =?us-ascii?Q?AgYHj8I/rUSfic2Chz+iQ/6VwPX7H5j72Q8FAfr+vN/nlIeNdh4LlbqRsNnw?= =?us-ascii?Q?h04dg0BMuKUvHsfsikRLTbKbM8cdFDO91skvGSe2YOButNVPvfEgibiERHJ3?= =?us-ascii?Q?JrDsL0GD0y+1G0p8sBxNEIjHkaTnQ7Yx+TidpmmLr9yvHjutR2O/pO1bYECg?= =?us-ascii?Q?wqvgbI3JM9lqpBtDdK5xUXbQYXg70p8s6ofWIoCSI5w+1xidfba1dC/+21XA?= =?us-ascii?Q?uVHXSJL+8Gy1YKTNmIBdLy6wFTZ/2btr6Cg+pRTk3vpS5yPXWxsa/rWNpxpg?= =?us-ascii?Q?do+vdSeDFQMjn2G9xeoNetLf2V3aDzLNYr2HPmwuYXRdlx/OLKdF8+y1Pu8G?= =?us-ascii?Q?oklVL4QHb0f8wsiy53151UQCh21OGk80TTS5oPvo0G8XwPmabCZptOQHpJXy?= =?us-ascii?Q?U20LigURPh/kP6npYbqZioIt4x1wbI133wVbkzJr7x3oWrGet+p06G7dmRQa?= =?us-ascii?Q?m6ufuUbjQj9rjO/I0QyDjbZmMgzl7fbBiZiT4xNXTRqOY8tw0HkESxgdISoI?= =?us-ascii?Q?LAOCnPD6/SPaG8el+7Pw6NsbQVvcxsYbClORVVdfMO4akqM9ty2HdfBUNaEM?= =?us-ascii?Q?ddzkTHrJKaRcT581fhT2K328yJPOJpiT3k+oDwhVDdA/ecZqXAvOwY4V9FO6?= =?us-ascii?Q?XzN3KemnWP8cpKFFGTAeHHG9oT3O1RavLzZnnNlfNlxHYJK3zHtV4eq0SxyF?= =?us-ascii?Q?eQWDgVDjbCV28QkLAdhVvDIDpihWGHhNtKRWuwfs9hIhvUlE+aBJJoNTSs8e?= =?us-ascii?Q?edg=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2555; 6:Mdk+NVvlpBv2Ax5wFMWfXuvGKYlMrAqk4irgz0ERHwJe2R1LTWHePuoXz4g0my1fzZtYdxWF8WKeVYr64zL8dQylyD5Lu0NwYNPgVYaTWIZFBDOL5GGi/S5/HsInehO3ODifKup+WKbwQhL1705zmv8fMvmCNVDOCSx6t67Lz2SQ9H62mEmY6boqWMtLNbOAJJmilf4biCJkV5EWORToumhm0nlw5t1eoTjKqVfKMMsnXLY1wckBcoGR62NA7Ie8jtGId/8IiEhHcbGIi8XXVnMu1tFjWKXbMWnRKG+hFef0MxsB8sIiiqh33SRCKU2Xh2jN0AoWxvvrk9pIAa9p8Q==; 5:YfK1JTEx2YNqcHjxMSjswPpq0bCLt1UvFPgRbgcYwoHY3z0AAenpgPTyj8+MrU1vhWQJ2gG8vsZhNRYh/Q3StwgOfBp+nGAqmbb8kkSLACKQFETVxhfHKk+SxOKANvsopghVxvr36LrBovJ2S7geUw==; 24:skTr41/ZZEnJ/XIIH2UYFmqiobjM7CQamVlklqlvqHvcWJZLrf6+IKR2mXnHqSTmwqfzkHMDWC2EwnL9sthH2IH+sO2aeAFHNhdAMRCYjgc= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; HE1PR0802MB2555; 7:AIkWfBkdvk4w4CLWdktRKxtZFGqDCotxzvtbt6CEY3OzuPJs7KPFE+tbmUm/9qR0i02MSDLJ3ZS2AfH3tI5tk4R5deQtl5F7h47GSb05RBUKNUWgXzkclpMxCx3TAX6LPKvjLlUe6V8zUfjNga5ggGcCdjvHxpqnpflbyh0aoMik+Zb/DB8Rf249cdHd6aa6Zx+1lkMqfdzQJS8jAgFHmR5MmRU0tMFEnh6Meazq/H11sNL/YB8HKGNn8C6g7dDHKCaxXjVSoZTYrel4So4Ve8+Nu2H3BtVsZq+AYcXOmvxXk12OGsz4X1eut8ZxKsa61kvDWIOJ2g/f+uaDHsTjB1vAXBe1wTEuylD9VhYsCyU=; 20:kv4Xnmaebv0HcoE2FB4OsUgGEWPy8vIbdxJaEBjrNV3uz7tK6z/+NsyiuJeyfJyaCNkldZvQGPdRcXiHKuYAAHl74wQLm0bhRUtHCdBlnFeiaKTGmid6UBCh7J5C6EvQB9WruqYnHBxZ2OoIROlVjDnRGSzwv2ED6YFN5hDcuoE= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Oct 2016 14:30:03.3656 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2555 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Herbert Xu commit acdb04d0b36769b3e05990c488dc74d8b7ac8060 upstream. When we need to allocate a temporary blkcipher_walk_next and it fails, the code is supposed to take the slow path of processing the data block by block. However, due to an unrelated change we instead end up dereferencing the NULL pointer. This patch fixes it by moving the unrelated bsize setting out of the way so that we enter the slow path as inteded. Fixes: 7607bd8ff03b ("[CRYPTO] blkcipher: Added blkcipher_walk_virt_block") Cc: stable@vger.kernel.org Reported-by: xiakaixu Reported-by: Ard Biesheuvel Signed-off-by: Herbert Xu Tested-by: Ard Biesheuvel Signed-off-by: Andrey Ryabinin --- crypto/blkcipher.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 37af08e..39b09f25 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -238,6 +238,8 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc, return blkcipher_walk_done(desc, walk, -EINVAL); } + bsize = min(walk->blocksize, n); + walk->flags &= ~(BLKCIPHER_WALK_SLOW | BLKCIPHER_WALK_COPY | BLKCIPHER_WALK_DIFF); if (!scatterwalk_aligned(&walk->in, alignmask) || @@ -250,7 +252,6 @@ static int blkcipher_walk_next(struct blkcipher_desc *desc, } } - bsize = min(walk->blocksize, n); n = scatterwalk_clamp(&walk->in, n); n = scatterwalk_clamp(&walk->out, n);