• Ard Biesheuvel's avatar
    crypto: skcipher - fix crash in skcipher_walk_aead() · 3cbf61fb
    Ard Biesheuvel authored
    The new skcipher_walk_aead() may crash in the following way due to
    the walk flag SKCIPHER_WALK_PHYS not being cleared at the start of the
    walk:
    
    Unable to handle kernel NULL pointer dereference at virtual address 00000001
    [..]
    Internal error: Oops: 96000044 [#1] PREEMPT SMP
    [..]
    PC is at skcipher_walk_next+0x208/0x450
    LR is at skcipher_walk_next+0x1e4/0x450
    pc : [<ffff2b93b7104e20>] lr : [<ffff2b93b7104dfc>] pstate: 40000045
    sp : ffffb925fa517940
    [...]
    [<ffff2b93b7104e20>] skcipher_walk_next+0x208/0x450
    [<ffff2b93b710535c>] skcipher_walk_first+0x54/0x148
    [<ffff2b93b7105664>] skcipher_walk_aead+0xd4/0x108
    [<ffff2b93b6e77928>] ccm_encrypt+0x68/0x158
    
    So clear the flag at the appropriate time.
    Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    3cbf61fb
skcipher.c 23.8 KB