projects
/
GitHub
/
LineageOS
/
android_kernel_motorola_exynos9610.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
10bb087
)
crypto: vmx - fix null dereference in p8_aes_xts_crypt
author
Li Zhong
<zhong@linux.vnet.ibm.com>
Wed, 24 Aug 2016 07:34:40 +0000
(15:34 +0800)
committer
Herbert Xu
<herbert@gondor.apana.org.au>
Wed, 24 Aug 2016 12:51:20 +0000
(20:51 +0800)
walk.iv is not assigned a value in blkcipher_walk_init. It makes iv uninitialized.
It is possibly a null value(as shown below), which is then used by aes_p8_encrypt.
This patch moves iv = walk.iv after blkcipher_walk_virt, in which walk.iv is set.
[17856.268050] Unable to handle kernel paging request for data at address 0x00000000
[17856.268212] Faulting instruction address: 0xd000000002ff04bc
7:mon> t
[link register ]
d000000002ff47b8
p8_aes_xts_crypt+0x168/0x2a0 [vmx_crypto] (938)
[
c000000013b77960
]
d000000002ff4794
p8_aes_xts_crypt+0x144/0x2a0 [vmx_crypto] (unreliable)
[
c000000013b77a70
]
c000000000544d64
skcipher_decrypt_blkcipher+0x64/0x80
[
c000000013b77ac0
]
d000000003c0175c
crypt_convert+0x53c/0x620 [dm_crypt]
[
c000000013b77ba0
]
d000000003c043fc
kcryptd_crypt+0x3cc/0x440 [dm_crypt]
[
c000000013b77c50
]
c0000000000f3070
process_one_work+0x1e0/0x590
[
c000000013b77ce0
]
c0000000000f34c8
worker_thread+0xa8/0x660
[
c000000013b77d80
]
c0000000000fc0b0
kthread+0x110/0x130
[
c000000013b77e30
]
c0000000000098f0
ret_from_kernel_thread+0x5c/0x6c
Signed-off-by: Li Zhong <zhong@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/vmx/aes_xts.c
patch
|
blob
|
blame
|
history
diff --git
a/drivers/crypto/vmx/aes_xts.c
b/drivers/crypto/vmx/aes_xts.c
index cfb25413917c380e997d497fe82343cab03a88fc..24353ec336c5bc815e499fb1a38b08d21ec12ebd 100644
(file)
--- a/
drivers/crypto/vmx/aes_xts.c
+++ b/
drivers/crypto/vmx/aes_xts.c
@@
-129,8
+129,8
@@
static int p8_aes_xts_crypt(struct blkcipher_desc *desc,
blkcipher_walk_init(&walk, dst, src, nbytes);
- iv = (u8 *)walk.iv;
ret = blkcipher_walk_virt(desc, &walk);
+ iv = walk.iv;
memset(tweak, 0, AES_BLOCK_SIZE);
aes_p8_encrypt(iv, tweak, &ctx->tweak_key);