From patchwork Mon Jun 17 21:15:02 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christophe Leroy X-Patchwork-Id: 11000549 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6CB621398 for ; Mon, 17 Jun 2019 21:15:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5FC8C2891F for ; Mon, 17 Jun 2019 21:15:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5358A28936; Mon, 17 Jun 2019 21:15:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F00F42891F for ; Mon, 17 Jun 2019 21:15:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727439AbfFQVPG (ORCPT ); Mon, 17 Jun 2019 17:15:06 -0400 Received: from pegase1.c-s.fr ([93.17.236.30]:6514 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726116AbfFQVPF (ORCPT ); Mon, 17 Jun 2019 17:15:05 -0400 Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 45SP9z2b63z9v32h; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) Authentication-Results: localhost; dkim=pass reason="1024-bit key; insecure key" header.d=c-s.fr header.i=@c-s.fr header.b=cHaP85JJ; dkim-adsp=pass; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id jJiF0moyPnzY; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 45SP9z1XXdz9v32f; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail; t=1560806103; bh=h+ZeQk8T0DIMrL4PtUsQo0eqmuBm6tn3duZFRsoT3nA=; h=In-Reply-To:References:From:Subject:To:Cc:Date:From; b=cHaP85JJUAYa0hVFkS5OGdG0kjU6cP9iBcFi3rlBF0zfEVXoOkw9C+UIDR3rnwMyv ZY23E67E0/6ZhAweHqiohmXnhjDyLkgswY1jPcD6OCXOiRLxv1d0cBoSxVDJO2swaA AFUp+2aFXcDisz7uCsm9CYNhvBV8AZHOribWoj1o= Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 6C21C8B84B; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id JwolBjh4sAp6; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) Received: from po16838vm.idsi0.si.c-s.fr (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 3B9028B7FF; Mon, 17 Jun 2019 23:15:03 +0200 (CEST) Received: by localhost.localdomain (Postfix, from userid 0) id EA5CC682B3; Mon, 17 Jun 2019 21:15:02 +0000 (UTC) Message-Id: In-Reply-To: References: From: Christophe Leroy Subject: [PATCH v4 1/4] lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE To: Herbert Xu , "David S. Miller" , horia.geanta@nxp.com Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Date: Mon, 17 Jun 2019 21:15:02 +0000 (UTC) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP All mapping iterator logic is based on the assumption that sg->offset is always lower than PAGE_SIZE. But there are situations where sg->offset is such that the SG item is on the second page. In that case sg_copy_to_buffer() fails properly copying the data into the buffer. One of the reason is that the data will be outside the kmapped area used to access that data. This patch fixes the issue by adjusting the mapping iterator offset and pgoffset fields such that offset is always lower than PAGE_SIZE. Signed-off-by: Christophe Leroy Fixes: 4225fc8555a9 ("lib/scatterlist: use page iterator in the mapping iterator") Cc: stable@vger.kernel.org --- lib/scatterlist.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/scatterlist.c b/lib/scatterlist.c index 739dc9fe2c55..39f00659898f 100644 --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -678,7 +678,7 @@ static bool sg_miter_get_next_page(struct sg_mapping_iter *miter) { if (!miter->__remaining) { struct scatterlist *sg; - unsigned long pgoffset; + unsigned long pgoffset, offset; if (!__sg_page_iter_next(&miter->piter)) return false; @@ -686,7 +686,12 @@ static bool sg_miter_get_next_page(struct sg_mapping_iter *miter) sg = miter->piter.sg; pgoffset = miter->piter.sg_pgoffset; - miter->__offset = pgoffset ? 0 : sg->offset; + offset = pgoffset ? 0 : sg->offset; + while (offset >= PAGE_SIZE) { + miter->piter.sg_pgoffset = ++pgoffset; + offset -= PAGE_SIZE; + } + miter->__offset = offset; miter->__remaining = sg->offset + sg->length - (pgoffset << PAGE_SHIFT) - miter->__offset; miter->__remaining = min_t(unsigned long, miter->__remaining,