• Tom Lendacky's avatar
    crypto: ccp - Protect against poorly marked end of sg list · fb43f694
    Tom Lendacky authored
    Scatter gather lists can be created with more available entries than are
    actually used (e.g. using sg_init_table() to reserve a specific number
    of sg entries, but in actuality using something less than that based on
    the data length).  The caller sometimes fails to mark the last entry
    with sg_mark_end().  In these cases, sg_nents() will return the original
    size of the sg list as opposed to the actual number of sg entries that
    contain valid data.
    
    On arm64, if the sg_nents() value is used in a call to dma_map_sg() in
    this situation, then it causes a BUG_ON in lib/swiotlb.c because an
    "empty" sg list entry results in dma_capable() returning false and
    swiotlb trying to create a bounce buffer of size 0. This occurred in
    the userspace crypto interface before being fixed by
    
    0f477b65 ("crypto: algif - Mark sgl end at the end of data")
    
    Protect against this by using the new sg_nents_for_len() function which
    returns only the number of sg entries required to meet the desired
    length and supplying that value to dma_map_sg().
    Signed-off-by: default avatarTom Lendacky <thomas.lendacky@amd.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    fb43f694
ccp-ops.c 51.6 KB