diff options
| author | J. Bruce Fields <bfields@citi.umich.edu> | 2007-03-21 08:50:12 +1100 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2007-03-21 08:50:12 +1100 |
| commit | 1f5918146bf45e2584a01b6e04222eb57716d7e3 (patch) | |
| tree | 862c8c0b280dc3d749b4d5700b2224cf89549148 /crypto/tcrypt.c | |
| parent | 5cd2e0c4d66f6f682539d67d5f1dbc8123a242ed (diff) | |
| download | linux-crypto-1f5918146bf45e2584a01b6e04222eb57716d7e3.tar.gz linux-crypto-1f5918146bf45e2584a01b6e04222eb57716d7e3.zip | |
[CRYPTO] api: scatterwalk_copychunks() fails to advance through scatterlist
In the loop in scatterwalk_copychunks(), if walk->offset is zero,
then scatterwalk_pagedone rounds that up to the nearest page boundary:
walk->offset += PAGE_SIZE - 1;
walk->offset &= PAGE_MASK;
which is a no-op in this case, so we don't advance to the next element
of the scatterlist array:
if (walk->offset >= walk->sg->offset + walk->sg->length)
scatterwalk_start(walk, sg_next(walk->sg));
and we end up copying the same data twice.
It appears that other callers of scatterwalk_{page}done first advance
walk->offset, so I believe that's the correct thing to do here.
This caused a bug in NFS when run with krb5p security, which would
cause some writes to fail with permissions errors--for example, writes
of less than 8 bytes (the des blocksize) at the start of a file.
A git-bisect shows the bug was originally introduced by
cf262766f8dbab3498cbbb983c80cb2b05b21837, first in 2.6.19-rc1.
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/tcrypt.c')
0 files changed, 0 insertions, 0 deletions