summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXiao Ni <xni@redhat.com>2021-05-28 14:16:38 +0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2021-06-16 12:01:40 +0200
commitbf240fee5b341fbc68615f04892af274e7abf8b3 (patch)
treedb7c44d89513cf5f08baa684439b72cc9b2b20d2
parent8d5c0f6b7a784f5ff71fb463ecad58cf042cfccb (diff)
downloadlinux-stable-bf240fee5b341fbc68615f04892af274e7abf8b3.tar.gz
linux-stable-bf240fee5b341fbc68615f04892af274e7abf8b3.tar.bz2
linux-stable-bf240fee5b341fbc68615f04892af274e7abf8b3.zip
async_xor: check src_offs is not NULL before updating it
commit 9be148e408df7d361ec5afd6299b7736ff3928b0 upstream. When PAGE_SIZE is greater than 4kB, multiple stripes may share the same page. Thus, src_offs is added to async_xor_offs() with array of offsets. However, async_xor() passes NULL src_offs to async_xor_offs(). In such case, src_offs should not be updated. Add a check before the update. Fixes: ceaf2966ab08(async_xor: increase src_offs when dropping destination page) Cc: stable@vger.kernel.org # v5.10+ Reported-by: Oleksandr Shchirskyi <oleksandr.shchirskyi@linux.intel.com> Tested-by: Oleksandr Shchirskyi <oleksandr.shchirskyi@intel.com> Signed-off-by: Xiao Ni <xni@redhat.com> Signed-off-by: Song Liu <song@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--crypto/async_tx/async_xor.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/async_tx/async_xor.c b/crypto/async_tx/async_xor.c
index 6cd7f7025df4..d8a91521144e 100644
--- a/crypto/async_tx/async_xor.c
+++ b/crypto/async_tx/async_xor.c
@@ -233,7 +233,8 @@ async_xor_offs(struct page *dest, unsigned int offset,
if (submit->flags & ASYNC_TX_XOR_DROP_DST) {
src_cnt--;
src_list++;
- src_offs++;
+ if (src_offs)
+ src_offs++;
}
/* wait for any prerequisite operations */