提交 fb43f694 编写于 作者: T Tom Lendacky 提交者: Herbert Xu

crypto: ccp - Protect against poorly marked end of sg list

Scatter gather lists can be created with more available entries than are
actually used (e.g. using sg_init_table() to reserve a specific number
of sg entries, but in actuality using something less than that based on
the data length).  The caller sometimes fails to mark the last entry
with sg_mark_end().  In these cases, sg_nents() will return the original
size of the sg list as opposed to the actual number of sg entries that
contain valid data.

On arm64, if the sg_nents() value is used in a call to dma_map_sg() in
this situation, then it causes a BUG_ON in lib/swiotlb.c because an
"empty" sg list entry results in dma_capable() returning false and
swiotlb trying to create a bounce buffer of size 0. This occurred in
the userspace crypto interface before being fixed by

0f477b65 ("crypto: algif - Mark sgl end at the end of data")

Protect against this by using the new sg_nents_for_len() function which
returns only the number of sg entries required to meet the desired
length and supplying that value to dma_map_sg().
Signed-off-by: NTom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
上级 cfaed10d
...@@ -52,7 +52,7 @@ struct ccp_dm_workarea { ...@@ -52,7 +52,7 @@ struct ccp_dm_workarea {
struct ccp_sg_workarea { struct ccp_sg_workarea {
struct scatterlist *sg; struct scatterlist *sg;
unsigned int nents; int nents;
struct scatterlist *dma_sg; struct scatterlist *dma_sg;
struct device *dma_dev; struct device *dma_dev;
...@@ -495,7 +495,10 @@ static int ccp_init_sg_workarea(struct ccp_sg_workarea *wa, struct device *dev, ...@@ -495,7 +495,10 @@ static int ccp_init_sg_workarea(struct ccp_sg_workarea *wa, struct device *dev,
if (!sg) if (!sg)
return 0; return 0;
wa->nents = sg_nents(sg); wa->nents = sg_nents_for_len(sg, len);
if (wa->nents < 0)
return wa->nents;
wa->bytes_left = len; wa->bytes_left = len;
wa->sg_used = 0; wa->sg_used = 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册