From e4630f9fd8cdc14eb1caa08dafe649eb5ae09985 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Sun, 9 Sep 2007 08:45:21 +0100 Subject: [CRYPTO] blkcipher: Fix handling of kmalloc page straddling The function blkcipher_get_spot tries to return a buffer of the specified length that does not straddle a page. It has an off-by-one bug so it may advance a page unnecessarily. What's worse, one of its callers doesn't provide a buffer that's sufficiently long for this operation. This patch fixes both problems. Thanks to Bob Gilligan for diagnosing this problem and providing a fix. Signed-off-by: Herbert Xu --- crypto/blkcipher.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 7755834b884..97586afbe63 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -59,11 +59,13 @@ static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk) scatterwalk_unmap(walk->dst.virt.addr, 1); } +/* Get a spot of the specified length that does not straddle a page. + * The caller needs to ensure that there is enough space for this operation. + */ static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len) { - if (offset_in_page(start + len) < len) - return (u8 *)((unsigned long)(start + len) & PAGE_MASK); - return start; + u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK); + return start < end_page ? start : end_page; } static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm, @@ -155,7 +157,8 @@ static inline int blkcipher_next_slow(struct blkcipher_desc *desc, if (walk->buffer) goto ok; - n = bsize * 2 + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); + n = bsize * 3 - (alignmask + 1) + + (alignmask & ~(crypto_tfm_ctx_alignment() - 1)); walk->buffer = kmalloc(n, GFP_ATOMIC); if (!walk->buffer) return blkcipher_walk_done(desc, walk, -ENOMEM); -- cgit v1.2.3-18-g5258 From 32528d0fbda1093eeeaa7d0a2c498bbb5154099d Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Mon, 10 Sep 2007 15:51:11 +0800 Subject: [CRYPTO] blkcipher: Fix inverted test in blkcipher_get_spot The previous patch had the conditional inverted. This patch fixes it so that we return the original position if it does not straddle a page. Thanks to Bob Gilligan for spotting this. Signed-off-by: Herbert Xu --- crypto/blkcipher.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c index 97586afbe63..d8f8ec32021 100644 --- a/crypto/blkcipher.c +++ b/crypto/blkcipher.c @@ -65,7 +65,7 @@ static inline void blkcipher_unmap_dst(struct blkcipher_walk *walk) static inline u8 *blkcipher_get_spot(u8 *start, unsigned int len) { u8 *end_page = (u8 *)(((unsigned long)(start + len - 1)) & PAGE_MASK); - return start < end_page ? start : end_page; + return start > end_page ? start : end_page; } static inline unsigned int blkcipher_done_slow(struct crypto_blkcipher *tfm, -- cgit v1.2.3-18-g5258