From 054640e012028f0c10d7e7ed7a601016c9251ca5 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Tue, 6 May 2008 14:01:22 +0800 Subject: CRYPTO: authenc: Fix async crypto crash in crypto_authenc_genicv() [CRYPTO] authenc: Fix async crypto crash in crypto_authenc_genicv() [ Upstream commit: 161613293fd4b7d5ceb1faab788f47e688e07a67 ] crypto_authenc_givencrypt_done uses req->data as struct aead_givcrypt_request, while it really points to a struct aead_request, causing this crash: BUG: unable to handle kernel paging request at 6b6b6b6b IP: [] :authenc:crypto_authenc_genicv+0x23/0x109 *pde = 00000000 Oops: 0000 [#1] PREEMPT DEBUG_PAGEALLOC Modules linked in: hifn_795x authenc esp4 aead xfrm4_mode_tunnel sha1_generic hmac crypto_hash] Pid: 3074, comm: ping Not tainted (2.6.25 #4) EIP: 0060:[] EFLAGS: 00010296 CPU: 0 EIP is at crypto_authenc_genicv+0x23/0x109 [authenc] EAX: daa04690 EBX: daa046e0 ECX: dab0a100 EDX: daa046b0 ESI: 6b6b6b6b EDI: dc872054 EBP: c033ff60 ESP: c033ff0c DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 Process ping (pid: 3074, ti=c033f000 task=db883a80 task.ti=dab6c000) Stack: 00000000 daa046b0 c0215a3e daa04690 dab0a100 00000000 ffffffff db9fd7f0 dba208c0 dbbb1720 00000001 daa04720 00000001 c033ff54 c0119ca9 dc852a75 c033ff60 c033ff60 daa046e0 00000000 00000001 c033ff6c dc87527b 00000001 Call Trace: [] ? dev_alloc_skb+0x14/0x29 [] ? printk+0x15/0x17 [] ? crypto_authenc_givencrypt_done+0x1a/0x27 [authenc] [] ? hifn_process_ready+0x34a/0x352 [hifn_795x] [] ? rhine_napipoll+0x3f2/0x3fd [via_rhine] [] ? hifn_check_for_completion+0x4d/0xa6 [hifn_795x] [] ? hifn_tasklet_callback+0xa/0xc [hifn_795x] [] ? tasklet_action+0x3f/0x66 [] ? __do_softirq+0x38/0x7a [] ? do_softirq+0x3e/0x71 [] ? irq_exit+0x2c/0x65 [] ? smp_apic_timer_interrupt+0x5f/0x6a [] ? apic_timer_interrupt+0x28/0x30 [] ? hifn_handle_req+0x44a/0x50d [hifn_795x] ... Signed-off-by: Patrick McHardy Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/authenc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'crypto/authenc.c') diff --git a/crypto/authenc.c b/crypto/authenc.c index ed8ac5a6fa5..4b226768752 100644 --- a/crypto/authenc.c +++ b/crypto/authenc.c @@ -217,9 +217,10 @@ static void crypto_authenc_givencrypt_done(struct crypto_async_request *req, int err) { if (!err) { - struct aead_givcrypt_request *greq = req->data; + struct aead_request *areq = req->data; + struct skcipher_givcrypt_request *greq = aead_request_ctx(areq); - err = crypto_authenc_genicv(&greq->areq, greq->giv, 0); + err = crypto_authenc_genicv(areq, greq->giv, 0); } aead_request_complete(req->data, err); -- cgit v1.2.3-18-g5258