LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* Re: Fw: IPsec/crypto kernel panic in 2.6.[456]
[not found] ` <20040520081049.4bfa7e3f.davem@redhat.com>
@ 2004-05-20 21:37 ` Christophe Saout
2004-05-23 14:33 ` Christophe Saout
0 siblings, 1 reply; 2+ messages in thread
From: Christophe Saout @ 2004-05-20 21:37 UTC (permalink / raw)
To: David S. Miller; +Cc: James Morris, akpm, linux-kernel
On Thu, May 20, 2004 at 08:10:49AM -0700, David S. Miller wrote:
> > > erp, unprivileged users can oops the box? Is anyone looking into
> > > this?
> >
> > I hope Christophe can, as he can also verify that the original problem
> > remains fixed.
>
> James is travelling today, and if Christophe doesn't get to it I'll
> dig into this today.
I've no idea what's going on there. I found two small problems but they
don't explain the Oops.
It looks like dst points into nirvana.
The two problems I found:
After calling scatterwalk_copychunks walk_in might point to the next
page which will break scatterwalk_samebuf (in this case src_p should
point to tmp_src anyway and scatterwalk_samembuf returns 0).
scatterwalk_samebuf should also check for equal offsets inside the
page (just bad for performance in some cases).
Both don't explain the Oops and shouldn't corrupt data,
--- linux-2.6.6/crypto/cipher.c 2004-05-10 04:32:37.000000000 +0200
+++ linux/crypto/cipher.c 2004-05-20 13:07:39.000000000 +0200
@@ -68,19 +68,20 @@
for(;;) {
u8 *src_p, *dst_p;
+ int in_place;
scatterwalk_map(&walk_in, 0);
scatterwalk_map(&walk_out, 1);
src_p = scatterwalk_whichbuf(&walk_in, bsize, tmp_src);
dst_p = scatterwalk_whichbuf(&walk_out, bsize, tmp_dst);
+ in_place = scatterwalk_samebuf(&walk_in, &walk_out,
+ src_p, dst_p);
nbytes -= bsize;
scatterwalk_copychunks(src_p, &walk_in, bsize, 0);
- prfn(tfm, dst_p, src_p, crfn, enc, info,
- scatterwalk_samebuf(&walk_in, &walk_out,
- src_p, dst_p));
+ prfn(tfm, dst_p, src_p, crfn, enc, info, in_place);
scatterwalk_done(&walk_in, 0, nbytes);
--- linux-2.6.6/crypto/scatterwalk.h 2004-05-10 04:33:20.000000000 +0200
+++ linux/crypto/scatterwalk.h 2004-05-20 13:02:44.000000000 +0200
@@ -38,6 +38,7 @@
void *src_p, void *dst_p)
{
return walk_in->page == walk_out->page &&
+ walk_in->offset == walk_out->offset &&
walk_in->data == src_p && walk_out->data == dst_p;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Fw: IPsec/crypto kernel panic in 2.6.[456]
2004-05-20 21:37 ` Fw: IPsec/crypto kernel panic in 2.6.[456] Christophe Saout
@ 2004-05-23 14:33 ` Christophe Saout
0 siblings, 0 replies; 2+ messages in thread
From: Christophe Saout @ 2004-05-23 14:33 UTC (permalink / raw)
To: akpm, linux-kernel; +Cc: James Morris, David S. Miller
Hello,
Small update: Tobias Ringström told me that the Oops goes away when he
applies the bugfix I sent Andrew. We're still trying to find out what
exactly was happening.
> The two problems I found:
>
> After calling scatterwalk_copychunks walk_in might point to the next
> page which will break scatterwalk_samebuf (in this case src_p should
> point to tmp_src anyway and scatterwalk_samembuf returns 0).
>
> scatterwalk_samebuf should also check for equal offsets inside the
> page (just bad for performance in some cases).
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-05-23 14:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20040520003739.624cc2d2.akpm@osdl.org>
[not found] ` <Xine.LNX.4.44.0405200409530.15731-100000@thoron.boston.redhat.com>
[not found] ` <20040520081049.4bfa7e3f.davem@redhat.com>
2004-05-20 21:37 ` Fw: IPsec/crypto kernel panic in 2.6.[456] Christophe Saout
2004-05-23 14:33 ` Christophe Saout
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).