tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: af_alg - limit RX SG extraction by receive buffer budget

Make af_alg_get_rsgl() limit each RX scatterlist extraction to the
remaining receive buffer budget.

af_alg_get_rsgl() currently uses af_alg_readable() only as a gate
before extracting data into the RX scatterlist. Limit each extraction
to the remaining af_alg_rcvbuf(sk) budget so that receive-side
accounting matches the amount of data attached to the request.

If skcipher cannot obtain enough RX space for at least one chunk while
more data remains to be processed, reject the recvmsg call instead of
rounding the request length down to zero.

Fixes: e870456d8e7c8d57c059ea479b5aadbb55ff4c3a ("crypto: algif_skcipher - overhaul memory management")
Reported-by: Yifan Wu <yifanwucs@gmail.com>
Reported-by: Juefei Pu <tomapufckgml@gmail.com>
Co-developed-by: Yuan Tan <yuantan098@gmail.com>
Signed-off-by: Yuan Tan <yuantan098@gmail.com>
Suggested-by: Xin Liu <bird@lzu.edu.cn>
Signed-off-by: Douya Le <ldy3087146292@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Douya Le and committed by
Herbert Xu 8eceab19 e0249411

+7
+2
crypto/af_alg.c
··· 1229 1229 1230 1230 seglen = min_t(size_t, (maxsize - len), 1231 1231 msg_data_left(msg)); 1232 + /* Never pin more pages than the remaining RX accounting budget. */ 1233 + seglen = min_t(size_t, seglen, af_alg_rcvbuf(sk)); 1232 1234 1233 1235 if (list_empty(&areq->rsgl_list)) { 1234 1236 rsgl = &areq->first_rsgl;
+5
crypto/algif_skcipher.c
··· 130 130 * full block size buffers. 131 131 */ 132 132 if (ctx->more || len < ctx->used) { 133 + if (len < bs) { 134 + err = -EINVAL; 135 + goto free; 136 + } 137 + 133 138 len -= len % bs; 134 139 cflags |= CRYPTO_SKCIPHER_REQ_NOTFINAL; 135 140 }