-stable review patch. If anyone has any objections, please let us know. --------------------- From: Joy Latten upstream commit: 1edcf2e1ee2babb011cfca80ad9d202e9c491669 The kernel crashes when ipsec passes a udp packet of about 14XX bytes of data to aes-xcbc-mac. It seems the first xxxx bytes of the data are in first sg entry, and remaining xx bytes are in next sg entry. But we don't check next sg entry to see if we need to go look the page up. I noticed in hmac.c, we do a scatterwalk_sg_next(), to do this check and possible lookup, thus xcbc.c needs to use this routine too. A 15-hour run of an ipsec stress test sending streams of tcp and udp packets of various sizes, using this patch and aes-xcbc-mac completed successfully, so hopefully this fixes the problem. Signed-off-by: Joy Latten Signed-off-by: Herbert Xu Signed-off-by: Chris Wright --- crypto/xcbc.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) --- a/crypto/xcbc.c +++ b/crypto/xcbc.c @@ -116,13 +116,11 @@ static int crypto_xcbc_digest_update2(st struct crypto_xcbc_ctx *ctx = crypto_hash_ctx_aligned(parent); struct crypto_cipher *tfm = ctx->child; int bs = crypto_hash_blocksize(parent); - unsigned int i = 0; - do { - - struct page *pg = sg_page(&sg[i]); - unsigned int offset = sg[i].offset; - unsigned int slen = sg[i].length; + for (;;) { + struct page *pg = sg_page(sg); + unsigned int offset = sg->offset; + unsigned int slen = sg->length; if (unlikely(slen > nbytes)) slen = nbytes; @@ -182,8 +180,11 @@ static int crypto_xcbc_digest_update2(st offset = 0; pg++; } - i++; - } while (nbytes>0); + + if (!nbytes) + break; + sg = scatterwalk_sg_next(sg); + } return 0; } -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/