Commit b2174eeb authored by Huang Ying's avatar Huang Ying Committed by Alasdair G Kergon
Browse files

dm crypt: fix kcryptd_async_done parameter 



In the async encryption-complete function (kcryptd_async_done), the
crypto_async_request passed in may be different from the one passed to
crypto_ablkcipher_encrypt/decrypt.  Only crypto_async_request->data is
guaranteed to be same as the one passed in.  The current
kcryptd_async_done uses the passed-in crypto_async_request directly
which may cause the AES-NI-based AES algorithm implementation to panic.

This patch fixes this bug by only using crypto_async_request->data,
which points to dm_crypt_request, the crypto_async_request passed in.
The original data (convert_context) is gotten from dm_crypt_request.

[mbroz@redhat.com: reworked]
Cc: stable@kernel.org
Signed-off-by: default avatarHuang Ying <ying.huang@intel.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarMilan Broz <mbroz@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarAlasdair G Kergon <agk@redhat.com>
parent d659e6cc

drivers/md/dm-crypt.c

+21 −5
Original line number Diff line number Diff line
@@ -60,6 +60,7 @@ struct dm_crypt_io { 
};



struct dm_crypt_request {

	struct convert_context *ctx;

	struct scatterlist sg_in;

	struct scatterlist sg_out;

};
@@ -335,6 +336,18 @@ static void crypt_convert_init(struct crypt_config *cc, 
	init_completion(&ctx->restart);

}



static struct dm_crypt_request *dmreq_of_req(struct crypt_config *cc,

					     struct ablkcipher_request *req)

{

	return (struct dm_crypt_request *)((char *)req + cc->dmreq_start);

}



static struct ablkcipher_request *req_of_dmreq(struct crypt_config *cc,

					       struct dm_crypt_request *dmreq)

{

	return (struct ablkcipher_request *)((char *)dmreq - cc->dmreq_start);

}



static int crypt_convert_block(struct crypt_config *cc,

			       struct convert_context *ctx,

			       struct ablkcipher_request *req)
@@ -345,10 +358,11 @@ static int crypt_convert_block(struct crypt_config *cc, 
	u8 *iv;

	int r = 0;



	dmreq = (struct dm_crypt_request *)((char *)req + cc->dmreq_start);

	dmreq = dmreq_of_req(cc, req);

	iv = (u8 *)ALIGN((unsigned long)(dmreq + 1),

			 crypto_ablkcipher_alignmask(cc->tfm) + 1);



	dmreq->ctx = ctx;

	sg_init_table(&dmreq->sg_in, 1);

	sg_set_page(&dmreq->sg_in, bv_in->bv_page, 1 << SECTOR_SHIFT,

		    bv_in->bv_offset + ctx->offset_in);
@@ -396,7 +410,8 @@ static void crypt_alloc_req(struct crypt_config *cc, 
	ablkcipher_request_set_tfm(cc->req, cc->tfm);

	ablkcipher_request_set_callback(cc->req, CRYPTO_TFM_REQ_MAY_BACKLOG |

					CRYPTO_TFM_REQ_MAY_SLEEP,

					     kcryptd_async_done, ctx);

					kcryptd_async_done,

					dmreq_of_req(cc, cc->req));

}



/*
@@ -821,7 +836,8 @@ static void kcryptd_crypt_read_convert(struct dm_crypt_io *io) 
static void kcryptd_async_done(struct crypto_async_request *async_req,

			       int error)

{

	struct convert_context *ctx = async_req->data;

	struct dm_crypt_request *dmreq = async_req->data;

	struct convert_context *ctx = dmreq->ctx;

	struct dm_crypt_io *io = container_of(ctx, struct dm_crypt_io, ctx);

	struct crypt_config *cc = io->target->private;
@@ -830,7 +846,7 @@ static void kcryptd_async_done(struct crypto_async_request *async_req, 
		return;

	}



	mempool_free(ablkcipher_request_cast(async_req), cc->req_pool);

	mempool_free(req_of_dmreq(cc, dmreq), cc->req_pool);



	if (!atomic_dec_and_test(&ctx->pending))

		return;

CRA Git | Maintained and supported by SUSTech CRA and CCSE