diff options
| author | Li Zhong <[email protected]> | 2016-08-24 15:34:40 +0800 | 
|---|---|---|
| committer | Herbert Xu <[email protected]> | 2016-08-24 20:51:20 +0800 | 
| commit | 901d3d4fee83e9407d91e7178048e2fed6c91f6b (patch) | |
| tree | d28c18b749aa3163942bc31166c2a2c8ec043e38 /scripts/gdb/linux/dmesg.py | |
| parent | 10bb087ce381c812cd81a65ffd5e6f83e6399291 (diff) | |
crypto: vmx - fix null dereference in p8_aes_xts_crypt
walk.iv is not assigned a value in blkcipher_walk_init. It makes iv uninitialized.
It is possibly a null value(as shown below), which is then used by aes_p8_encrypt.
This patch moves iv = walk.iv after blkcipher_walk_virt, in which walk.iv is set.
[17856.268050] Unable to handle kernel paging request for data at address 0x00000000
[17856.268212] Faulting instruction address: 0xd000000002ff04bc
7:mon> t
[link register   ] d000000002ff47b8 p8_aes_xts_crypt+0x168/0x2a0 [vmx_crypto]   (938)
[c000000013b77960] d000000002ff4794 p8_aes_xts_crypt+0x144/0x2a0 [vmx_crypto] (unreliable)
[c000000013b77a70] c000000000544d64 skcipher_decrypt_blkcipher+0x64/0x80
[c000000013b77ac0] d000000003c0175c crypt_convert+0x53c/0x620 [dm_crypt]
[c000000013b77ba0] d000000003c043fc kcryptd_crypt+0x3cc/0x440 [dm_crypt]
[c000000013b77c50] c0000000000f3070 process_one_work+0x1e0/0x590
[c000000013b77ce0] c0000000000f34c8 worker_thread+0xa8/0x660
[c000000013b77d80] c0000000000fc0b0 kthread+0x110/0x130
[c000000013b77e30] c0000000000098f0 ret_from_kernel_thread+0x5c/0x6c
Signed-off-by: Li Zhong <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
Diffstat (limited to 'scripts/gdb/linux/dmesg.py')
0 files changed, 0 insertions, 0 deletions