[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080716063510.GA13513@gondor.apana.org.au>
Date: Wed, 16 Jul 2008 14:35:10 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Alexey Dobriyan <adobriyan@...il.com>, davem@...emloft.net,
mingo@...e.hu, nhorman@...driver.com, simon@...e.lp0.eu,
linux-kernel@...r.kernel.org
Subject: Re: BUG: unable to handle kernel NULL pointer dereference at 000000000000000e (reset_prng_context)
On Tue, Jul 15, 2008 at 11:17:34PM -0700, Andrew Morton wrote:
>
> On error the function will sometimes return -EFOO and other times will
> just return -1. This is inconsistent and makes the error returns
> rather less useful than they could be. I'd suggest that it be switched
> to -1 throughout or, better, to consistently use appropriate error codes.
Yes -1 should be replaced with a more meaningful error.
>
> > +struct prng_context *alloc_prng_context(void)
> > +{
> > + struct prng_context *ctx=kzalloc(sizeof(struct prng_context), GFP_KERNEL);
> > +
> > + spin_lock_init(&ctx->prng_lock);
> > +
> > + if (reset_prng_context(ctx, NULL, NULL, NULL, NULL)) {
> > + kfree(ctx);
> > + ctx = NULL;
> > + }
> > +
> > + dbgprint(KERN_CRIT "returning context %p\n",ctx);
> > + return ctx;
> > +}
> > +
> > +EXPORT_SYMBOL_GPL(alloc_prng_context);
> > +
> > +void free_prng_context(struct prng_context *ctx)
> > +{
> > + crypto_free_blkcipher(ctx->tfm);
> > + kfree(ctx);
> > +}
> > +EXPORT_SYMBOL_GPL(free_prng_context);
> > +
> > +int reset_prng_context(struct prng_context *ctx,
> > + unsigned char *key, unsigned char *iv,
> > + unsigned char *V, unsigned char *DT)
> > +{
> > + int ret;
> > + int iv_len;
> > + int rc = -EFAULT;
> > +
> > + spin_lock(&ctx->prng_lock);
> > + ctx->flags |= PRNG_NEED_RESET;
> > +
> > + if (key)
> > + memcpy(ctx->prng_key,key,strlen(ctx->prng_key));
> > + else
> > + ctx->prng_key = DEFAULT_PRNG_KEY;
>
> This is very strange. In one case we'll copy a string onto existing
> storage at ctx->prng_key. In the other case we'll *modify*
> ctx->prng_key directly.
Indeed this is bogus. We shouldn't store either the key or the
IV in the context since the tfm already holds a copy.
Neil, please remove prng_key and prng_iv completely.
> We don't support \0's in the key or the IV. I assume that's OK?
No the caller should supply the length instead.
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists