* [PATCH 4.4.y v2] crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async
@ 2020-03-05 8:57 yangerkun
2020-03-06 13:39 ` Sasha Levin
0 siblings, 1 reply; 6+ messages in thread
From: yangerkun @ 2020-03-05 8:57 UTC (permalink / raw)
To: gregkh, herbert; +Cc: stable, linux-crypto, yangerkun
Nowdays, we trigger a oops:
...
kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] SMP KASAN
...
Call Trace:
[<ffffffff81a26fb1>] skcipher_recvmsg_async+0x3f1/0x1400 x86/../crypto/algif_skcipher.c:543
[<ffffffff81a28053>] skcipher_recvmsg+0x93/0x7f0 x86/../crypto/algif_skcipher.c:723
[<ffffffff823e43a4>] sock_recvmsg_nosec x86/../net/socket.c:702 [inline]
[<ffffffff823e43a4>] sock_recvmsg x86/../net/socket.c:710 [inline]
[<ffffffff823e43a4>] sock_recvmsg+0x94/0xc0 x86/../net/socket.c:705
[<ffffffff823e464b>] sock_read_iter+0x27b/0x3a0 x86/../net/socket.c:787
[<ffffffff817f479b>] aio_run_iocb+0x21b/0x7a0 x86/../fs/aio.c:1520
[<ffffffff817f57c9>] io_submit_one x86/../fs/aio.c:1630 [inline]
[<ffffffff817f57c9>] do_io_submit+0x6b9/0x10b0 x86/../fs/aio.c:1688
[<ffffffff817f902d>] SYSC_io_submit x86/../fs/aio.c:1713 [inline]
[<ffffffff817f902d>] SyS_io_submit+0x2d/0x40 x86/../fs/aio.c:1710
[<ffffffff828b33c3>] tracesys_phase2+0x90/0x95
In skcipher_recvmsg_async, we use '!sreq->tsg' to determine does we
calloc fail. However, kcalloc may return ZERO_SIZE_PTR, and with this,
the latter sg_init_table will trigger the bug. Fix it be use ZERO_OF_NULL_PTR.
This function was introduced with ' commit a596999b7ddf ("crypto:
algif - change algif_skcipher to be asynchronous")', and has been removed
with 'commit e870456d8e7c ("crypto: algif_skcipher - overhaul memory
management")'.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: yangerkun <yangerkun@huawei.com>
---
crypto/algif_skcipher.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
v1->v2:
update the commit message
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index d12782dc9683..9bd4691cc5c5 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -538,7 +538,7 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg,
lock_sock(sk);
tx_nents = skcipher_all_sg_nents(ctx);
sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL);
- if (unlikely(!sreq->tsg))
+ if (unlikely(ZERO_OR_NULL_PTR(sreq->tsg)))
goto unlock;
sg_init_table(sreq->tsg, tx_nents);
memcpy(iv, ctx->iv, ivsize);
--
2.17.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH 4.4.y v2] crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async 2020-03-05 8:57 [PATCH 4.4.y v2] crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async yangerkun @ 2020-03-06 13:39 ` Sasha Levin 2020-03-07 1:49 ` yangerkun 0 siblings, 1 reply; 6+ messages in thread From: Sasha Levin @ 2020-03-06 13:39 UTC (permalink / raw) To: yangerkun; +Cc: gregkh, herbert, stable, linux-crypto On Thu, Mar 05, 2020 at 04:57:55PM +0800, yangerkun wrote: >Nowdays, we trigger a oops: >... >kasan: GPF could be caused by NULL-ptr deref or user memory accessgeneral protection fault: 0000 [#1] SMP KASAN >... >Call Trace: > [<ffffffff81a26fb1>] skcipher_recvmsg_async+0x3f1/0x1400 x86/../crypto/algif_skcipher.c:543 > [<ffffffff81a28053>] skcipher_recvmsg+0x93/0x7f0 x86/../crypto/algif_skcipher.c:723 > [<ffffffff823e43a4>] sock_recvmsg_nosec x86/../net/socket.c:702 [inline] > [<ffffffff823e43a4>] sock_recvmsg x86/../net/socket.c:710 [inline] > [<ffffffff823e43a4>] sock_recvmsg+0x94/0xc0 x86/../net/socket.c:705 > [<ffffffff823e464b>] sock_read_iter+0x27b/0x3a0 x86/../net/socket.c:787 > [<ffffffff817f479b>] aio_run_iocb+0x21b/0x7a0 x86/../fs/aio.c:1520 > [<ffffffff817f57c9>] io_submit_one x86/../fs/aio.c:1630 [inline] > [<ffffffff817f57c9>] do_io_submit+0x6b9/0x10b0 x86/../fs/aio.c:1688 > [<ffffffff817f902d>] SYSC_io_submit x86/../fs/aio.c:1713 [inline] > [<ffffffff817f902d>] SyS_io_submit+0x2d/0x40 x86/../fs/aio.c:1710 > [<ffffffff828b33c3>] tracesys_phase2+0x90/0x95 > >In skcipher_recvmsg_async, we use '!sreq->tsg' to determine does we >calloc fail. However, kcalloc may return ZERO_SIZE_PTR, and with this, >the latter sg_init_table will trigger the bug. Fix it be use ZERO_OF_NULL_PTR. > >This function was introduced with ' commit a596999b7ddf ("crypto: >algif - change algif_skcipher to be asynchronous")', and has been removed >with 'commit e870456d8e7c ("crypto: algif_skcipher - overhaul memory >management")'. > >Reported-by: Hulk Robot <hulkci@huawei.com> >Signed-off-by: yangerkun <yangerkun@huawei.com> >--- > crypto/algif_skcipher.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >v1->v2: >update the commit message > >diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c >index d12782dc9683..9bd4691cc5c5 100644 >--- a/crypto/algif_skcipher.c >+++ b/crypto/algif_skcipher.c >@@ -538,7 +538,7 @@ static int skcipher_recvmsg_async(struct socket *sock, struct msghdr *msg, > lock_sock(sk); > tx_nents = skcipher_all_sg_nents(ctx); > sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL); >- if (unlikely(!sreq->tsg)) >+ if (unlikely(ZERO_OR_NULL_PTR(sreq->tsg))) I'm a bit confused: kcalloc() will return ZERO_SIZE_PTR for allocations that ask for 0 bytes, but here we ask for "sizeof(*sg)" bytes, which is guaranteed to be more than 0, no? -- Thanks, Sasha ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 4.4.y v2] crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async 2020-03-06 13:39 ` Sasha Levin @ 2020-03-07 1:49 ` yangerkun 2020-03-08 0:19 ` Sasha Levin 0 siblings, 1 reply; 6+ messages in thread From: yangerkun @ 2020-03-07 1:49 UTC (permalink / raw) To: Sasha Levin; +Cc: gregkh, herbert, stable, linux-crypto, yangerkun On 2020/3/6 21:39, Sasha Levin wrote: > On Thu, Mar 05, 2020 at 04:57:55PM +0800, yangerkun wrote: >> Nowdays, we trigger a oops: >> ... >> kasan: GPF could be caused by NULL-ptr deref or user memory >> accessgeneral protection fault: 0000 [#1] SMP KASAN >> ... >> Call Trace: >> [<ffffffff81a26fb1>] skcipher_recvmsg_async+0x3f1/0x1400 >> x86/../crypto/algif_skcipher.c:543 >> [<ffffffff81a28053>] skcipher_recvmsg+0x93/0x7f0 >> x86/../crypto/algif_skcipher.c:723 >> [<ffffffff823e43a4>] sock_recvmsg_nosec x86/../net/socket.c:702 [inline] >> [<ffffffff823e43a4>] sock_recvmsg x86/../net/socket.c:710 [inline] >> [<ffffffff823e43a4>] sock_recvmsg+0x94/0xc0 x86/../net/socket.c:705 >> [<ffffffff823e464b>] sock_read_iter+0x27b/0x3a0 x86/../net/socket.c:787 >> [<ffffffff817f479b>] aio_run_iocb+0x21b/0x7a0 x86/../fs/aio.c:1520 >> [<ffffffff817f57c9>] io_submit_one x86/../fs/aio.c:1630 [inline] >> [<ffffffff817f57c9>] do_io_submit+0x6b9/0x10b0 x86/../fs/aio.c:1688 >> [<ffffffff817f902d>] SYSC_io_submit x86/../fs/aio.c:1713 [inline] >> [<ffffffff817f902d>] SyS_io_submit+0x2d/0x40 x86/../fs/aio.c:1710 >> [<ffffffff828b33c3>] tracesys_phase2+0x90/0x95 >> >> In skcipher_recvmsg_async, we use '!sreq->tsg' to determine does we >> calloc fail. However, kcalloc may return ZERO_SIZE_PTR, and with this, >> the latter sg_init_table will trigger the bug. Fix it be use >> ZERO_OF_NULL_PTR. >> >> This function was introduced with ' commit a596999b7ddf ("crypto: >> algif - change algif_skcipher to be asynchronous")', and has been removed >> with 'commit e870456d8e7c ("crypto: algif_skcipher - overhaul memory >> management")'. >> >> Reported-by: Hulk Robot <hulkci@huawei.com> >> Signed-off-by: yangerkun <yangerkun@huawei.com> >> --- >> crypto/algif_skcipher.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> v1->v2: >> update the commit message >> >> diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c >> index d12782dc9683..9bd4691cc5c5 100644 >> --- a/crypto/algif_skcipher.c >> +++ b/crypto/algif_skcipher.c >> @@ -538,7 +538,7 @@ static int skcipher_recvmsg_async(struct socket >> *sock, struct msghdr *msg, >> lock_sock(sk); >> tx_nents = skcipher_all_sg_nents(ctx); >> sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL); >> - if (unlikely(!sreq->tsg)) >> + if (unlikely(ZERO_OR_NULL_PTR(sreq->tsg))) > > I'm a bit confused: kcalloc() will return ZERO_SIZE_PTR for allocations > that ask for 0 bytes, but here we ask for "sizeof(*sg)" bytes, which is > guaranteed to be more than 0, no? Actually, the size need to calloc is (tx_nents * sizeof(*sg)), and tx_nents is 0. > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 4.4.y v2] crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async 2020-03-07 1:49 ` yangerkun @ 2020-03-08 0:19 ` Sasha Levin 2020-03-09 1:27 ` yangerkun 0 siblings, 1 reply; 6+ messages in thread From: Sasha Levin @ 2020-03-08 0:19 UTC (permalink / raw) To: yangerkun; +Cc: gregkh, herbert, stable, linux-crypto On Sat, Mar 07, 2020 at 09:49:25AM +0800, yangerkun wrote: > > >On 2020/3/6 21:39, Sasha Levin wrote: >>On Thu, Mar 05, 2020 at 04:57:55PM +0800, yangerkun wrote: >>>Nowdays, we trigger a oops: >>>... >>>kasan: GPF could be caused by NULL-ptr deref or user memory >>>accessgeneral protection fault: 0000 [#1] SMP KASAN >>>... >>>Call Trace: >>>[<ffffffff81a26fb1>] skcipher_recvmsg_async+0x3f1/0x1400 >>>x86/../crypto/algif_skcipher.c:543 >>>[<ffffffff81a28053>] skcipher_recvmsg+0x93/0x7f0 >>>x86/../crypto/algif_skcipher.c:723 >>>[<ffffffff823e43a4>] sock_recvmsg_nosec x86/../net/socket.c:702 [inline] >>>[<ffffffff823e43a4>] sock_recvmsg x86/../net/socket.c:710 [inline] >>>[<ffffffff823e43a4>] sock_recvmsg+0x94/0xc0 x86/../net/socket.c:705 >>>[<ffffffff823e464b>] sock_read_iter+0x27b/0x3a0 x86/../net/socket.c:787 >>>[<ffffffff817f479b>] aio_run_iocb+0x21b/0x7a0 x86/../fs/aio.c:1520 >>>[<ffffffff817f57c9>] io_submit_one x86/../fs/aio.c:1630 [inline] >>>[<ffffffff817f57c9>] do_io_submit+0x6b9/0x10b0 x86/../fs/aio.c:1688 >>>[<ffffffff817f902d>] SYSC_io_submit x86/../fs/aio.c:1713 [inline] >>>[<ffffffff817f902d>] SyS_io_submit+0x2d/0x40 x86/../fs/aio.c:1710 >>>[<ffffffff828b33c3>] tracesys_phase2+0x90/0x95 >>> >>>In skcipher_recvmsg_async, we use '!sreq->tsg' to determine does we >>>calloc fail. However, kcalloc may return ZERO_SIZE_PTR, and with this, >>>the latter sg_init_table will trigger the bug. Fix it be use >>>ZERO_OF_NULL_PTR. >>> >>>This function was introduced with ' commit a596999b7ddf ("crypto: >>>algif - change algif_skcipher to be asynchronous")', and has been removed >>>with 'commit e870456d8e7c ("crypto: algif_skcipher - overhaul memory >>>management")'. >>> >>>Reported-by: Hulk Robot <hulkci@huawei.com> >>>Signed-off-by: yangerkun <yangerkun@huawei.com> >>>--- >>>crypto/algif_skcipher.c | 2 +- >>>1 file changed, 1 insertion(+), 1 deletion(-) >>> >>>v1->v2: >>>update the commit message >>> >>>diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c >>>index d12782dc9683..9bd4691cc5c5 100644 >>>--- a/crypto/algif_skcipher.c >>>+++ b/crypto/algif_skcipher.c >>>@@ -538,7 +538,7 @@ static int skcipher_recvmsg_async(struct >>>socket *sock, struct msghdr *msg, >>> lock_sock(sk); >>> tx_nents = skcipher_all_sg_nents(ctx); >>> sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL); >>>- if (unlikely(!sreq->tsg)) >>>+ if (unlikely(ZERO_OR_NULL_PTR(sreq->tsg))) >> >>I'm a bit confused: kcalloc() will return ZERO_SIZE_PTR for allocations >>that ask for 0 bytes, but here we ask for "sizeof(*sg)" bytes, which is >>guaranteed to be more than 0, no? > >Actually, the size need to calloc is (tx_nents * sizeof(*sg)), and >tx_nents is 0. Makes sense. This is also needed on 4.9, right? -- Thanks, Sasha ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 4.4.y v2] crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async 2020-03-08 0:19 ` Sasha Levin @ 2020-03-09 1:27 ` yangerkun 2020-03-10 12:14 ` Greg KH 0 siblings, 1 reply; 6+ messages in thread From: yangerkun @ 2020-03-09 1:27 UTC (permalink / raw) To: Sasha Levin; +Cc: gregkh, herbert, stable, linux-crypto On 2020/3/8 8:19, Sasha Levin wrote: > On Sat, Mar 07, 2020 at 09:49:25AM +0800, yangerkun wrote: >> >> >> On 2020/3/6 21:39, Sasha Levin wrote: >>> On Thu, Mar 05, 2020 at 04:57:55PM +0800, yangerkun wrote: >>>> Nowdays, we trigger a oops: >>>> ... >>>> kasan: GPF could be caused by NULL-ptr deref or user memory >>>> accessgeneral protection fault: 0000 [#1] SMP KASAN >>>> ... >>>> Call Trace: >>>> [<ffffffff81a26fb1>] skcipher_recvmsg_async+0x3f1/0x1400 >>>> x86/../crypto/algif_skcipher.c:543 >>>> [<ffffffff81a28053>] skcipher_recvmsg+0x93/0x7f0 >>>> x86/../crypto/algif_skcipher.c:723 >>>> [<ffffffff823e43a4>] sock_recvmsg_nosec x86/../net/socket.c:702 >>>> [inline] >>>> [<ffffffff823e43a4>] sock_recvmsg x86/../net/socket.c:710 [inline] >>>> [<ffffffff823e43a4>] sock_recvmsg+0x94/0xc0 x86/../net/socket.c:705 >>>> [<ffffffff823e464b>] sock_read_iter+0x27b/0x3a0 x86/../net/socket.c:787 >>>> [<ffffffff817f479b>] aio_run_iocb+0x21b/0x7a0 x86/../fs/aio.c:1520 >>>> [<ffffffff817f57c9>] io_submit_one x86/../fs/aio.c:1630 [inline] >>>> [<ffffffff817f57c9>] do_io_submit+0x6b9/0x10b0 x86/../fs/aio.c:1688 >>>> [<ffffffff817f902d>] SYSC_io_submit x86/../fs/aio.c:1713 [inline] >>>> [<ffffffff817f902d>] SyS_io_submit+0x2d/0x40 x86/../fs/aio.c:1710 >>>> [<ffffffff828b33c3>] tracesys_phase2+0x90/0x95 >>>> >>>> In skcipher_recvmsg_async, we use '!sreq->tsg' to determine does we >>>> calloc fail. However, kcalloc may return ZERO_SIZE_PTR, and with this, >>>> the latter sg_init_table will trigger the bug. Fix it be use >>>> ZERO_OF_NULL_PTR. >>>> >>>> This function was introduced with ' commit a596999b7ddf ("crypto: >>>> algif - change algif_skcipher to be asynchronous")', and has been >>>> removed >>>> with 'commit e870456d8e7c ("crypto: algif_skcipher - overhaul memory >>>> management")'. >>>> >>>> Reported-by: Hulk Robot <hulkci@huawei.com> >>>> Signed-off-by: yangerkun <yangerkun@huawei.com> >>>> --- >>>> crypto/algif_skcipher.c | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> v1->v2: >>>> update the commit message >>>> >>>> diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c >>>> index d12782dc9683..9bd4691cc5c5 100644 >>>> --- a/crypto/algif_skcipher.c >>>> +++ b/crypto/algif_skcipher.c >>>> @@ -538,7 +538,7 @@ static int skcipher_recvmsg_async(struct socket >>>> *sock, struct msghdr *msg, >>>> lock_sock(sk); >>>> tx_nents = skcipher_all_sg_nents(ctx); >>>> sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL); >>>> - if (unlikely(!sreq->tsg)) >>>> + if (unlikely(ZERO_OR_NULL_PTR(sreq->tsg))) >>> >>> I'm a bit confused: kcalloc() will return ZERO_SIZE_PTR for allocations >>> that ask for 0 bytes, but here we ask for "sizeof(*sg)" bytes, which is >>> guaranteed to be more than 0, no? >> >> Actually, the size need to calloc is (tx_nents * sizeof(*sg)), and >> tx_nents is 0. > > Makes sense. This is also needed on 4.9, right? Yes! Thanks for checking it! > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 4.4.y v2] crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async 2020-03-09 1:27 ` yangerkun @ 2020-03-10 12:14 ` Greg KH 0 siblings, 0 replies; 6+ messages in thread From: Greg KH @ 2020-03-10 12:14 UTC (permalink / raw) To: yangerkun; +Cc: Sasha Levin, herbert, stable, linux-crypto On Mon, Mar 09, 2020 at 09:27:16AM +0800, yangerkun wrote: > > > On 2020/3/8 8:19, Sasha Levin wrote: > > On Sat, Mar 07, 2020 at 09:49:25AM +0800, yangerkun wrote: > > > > > > > > > On 2020/3/6 21:39, Sasha Levin wrote: > > > > On Thu, Mar 05, 2020 at 04:57:55PM +0800, yangerkun wrote: > > > > > Nowdays, we trigger a oops: > > > > > ... > > > > > kasan: GPF could be caused by NULL-ptr deref or user memory > > > > > accessgeneral protection fault: 0000 [#1] SMP KASAN > > > > > ... > > > > > Call Trace: > > > > > [<ffffffff81a26fb1>] skcipher_recvmsg_async+0x3f1/0x1400 > > > > > x86/../crypto/algif_skcipher.c:543 > > > > > [<ffffffff81a28053>] skcipher_recvmsg+0x93/0x7f0 > > > > > x86/../crypto/algif_skcipher.c:723 > > > > > [<ffffffff823e43a4>] sock_recvmsg_nosec > > > > > x86/../net/socket.c:702 [inline] > > > > > [<ffffffff823e43a4>] sock_recvmsg x86/../net/socket.c:710 [inline] > > > > > [<ffffffff823e43a4>] sock_recvmsg+0x94/0xc0 x86/../net/socket.c:705 > > > > > [<ffffffff823e464b>] sock_read_iter+0x27b/0x3a0 x86/../net/socket.c:787 > > > > > [<ffffffff817f479b>] aio_run_iocb+0x21b/0x7a0 x86/../fs/aio.c:1520 > > > > > [<ffffffff817f57c9>] io_submit_one x86/../fs/aio.c:1630 [inline] > > > > > [<ffffffff817f57c9>] do_io_submit+0x6b9/0x10b0 x86/../fs/aio.c:1688 > > > > > [<ffffffff817f902d>] SYSC_io_submit x86/../fs/aio.c:1713 [inline] > > > > > [<ffffffff817f902d>] SyS_io_submit+0x2d/0x40 x86/../fs/aio.c:1710 > > > > > [<ffffffff828b33c3>] tracesys_phase2+0x90/0x95 > > > > > > > > > > In skcipher_recvmsg_async, we use '!sreq->tsg' to determine does we > > > > > calloc fail. However, kcalloc may return ZERO_SIZE_PTR, and with this, > > > > > the latter sg_init_table will trigger the bug. Fix it be use > > > > > ZERO_OF_NULL_PTR. > > > > > > > > > > This function was introduced with ' commit a596999b7ddf ("crypto: > > > > > algif - change algif_skcipher to be asynchronous")', and has > > > > > been removed > > > > > with 'commit e870456d8e7c ("crypto: algif_skcipher - overhaul memory > > > > > management")'. > > > > > > > > > > Reported-by: Hulk Robot <hulkci@huawei.com> > > > > > Signed-off-by: yangerkun <yangerkun@huawei.com> > > > > > --- > > > > > crypto/algif_skcipher.c | 2 +- > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > v1->v2: > > > > > update the commit message > > > > > > > > > > diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c > > > > > index d12782dc9683..9bd4691cc5c5 100644 > > > > > --- a/crypto/algif_skcipher.c > > > > > +++ b/crypto/algif_skcipher.c > > > > > @@ -538,7 +538,7 @@ static int skcipher_recvmsg_async(struct > > > > > socket *sock, struct msghdr *msg, > > > > > lock_sock(sk); > > > > > tx_nents = skcipher_all_sg_nents(ctx); > > > > > sreq->tsg = kcalloc(tx_nents, sizeof(*sg), GFP_KERNEL); > > > > > - if (unlikely(!sreq->tsg)) > > > > > + if (unlikely(ZERO_OR_NULL_PTR(sreq->tsg))) > > > > > > > > I'm a bit confused: kcalloc() will return ZERO_SIZE_PTR for allocations > > > > that ask for 0 bytes, but here we ask for "sizeof(*sg)" bytes, which is > > > > guaranteed to be more than 0, no? > > > > > > Actually, the size need to calloc is (tx_nents * sizeof(*sg)), and > > > tx_nents is 0. > > > > Makes sense. This is also needed on 4.9, right? > > Yes! Thanks for checking it! Now queued up,t hanks. greg k-h ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-03-10 12:14 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-03-05 8:57 [PATCH 4.4.y v2] crypto: algif_skcipher - use ZERO_OR_NULL_PTR in skcipher_recvmsg_async yangerkun 2020-03-06 13:39 ` Sasha Levin 2020-03-07 1:49 ` yangerkun 2020-03-08 0:19 ` Sasha Levin 2020-03-09 1:27 ` yangerkun 2020-03-10 12:14 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).