summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@citi.umich.edu>2007-03-28 17:50:11 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2007-04-06 03:43:17 -0700
commit46113c80a92c0bd9ccc7be765e3d487e3e86dac0 (patch)
tree7c5291a4bd64edaeacf1a6ddb206b175d656cff1
parenta59c449be72f920b795385fd8a3b5a1cec0b9f48 (diff)
downloadlinux-stable-46113c80a92c0bd9ccc7be765e3d487e3e86dac0.tar.gz
linux-stable-46113c80a92c0bd9ccc7be765e3d487e3e86dac0.tar.bz2
linux-stable-46113c80a92c0bd9ccc7be765e3d487e3e86dac0.zip
CRYPTO: api: scatterwalk_copychunks() fails to advance through scatterlist
[CRYPTO] api: scatterwalk_copychunks() fails to advance through scatterlist In the loop in scatterwalk_copychunks(), if walk->offset is zero, then scatterwalk_pagedone rounds that up to the nearest page boundary: walk->offset += PAGE_SIZE - 1; walk->offset &= PAGE_MASK; which is a no-op in this case, so we don't advance to the next element of the scatterlist array: if (walk->offset >= walk->sg->offset + walk->sg->length) scatterwalk_start(walk, sg_next(walk->sg)); and we end up copying the same data twice. It appears that other callers of scatterwalk_{page}done first advance walk->offset, so I believe that's the correct thing to do here. This caused a bug in NFS when run with krb5p security, which would cause some writes to fail with permissions errors--for example, writes of less than 8 bytes (the des blocksize) at the start of a file. A git-bisect shows the bug was originally introduced by 5c64097aa0f6dc4f27718ef47ca9a12538d62860, first in 2.6.19-rc1. Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--crypto/scatterwalk.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index 35172d3f043b..a66423121773 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -91,6 +91,8 @@ void scatterwalk_copychunks(void *buf, struct scatter_walk *walk,
memcpy_dir(buf, vaddr, len_this_page, out);
scatterwalk_unmap(vaddr, out);
+ scatterwalk_advance(walk, nbytes);
+
if (nbytes == len_this_page)
break;
@@ -99,7 +101,5 @@ void scatterwalk_copychunks(void *buf, struct scatter_walk *walk,
scatterwalk_pagedone(walk, out, 1);
}
-
- scatterwalk_advance(walk, nbytes);
}
EXPORT_SYMBOL_GPL(scatterwalk_copychunks);