releases/4.9.94/macsec-check-return-value-of-skb_to_sgvec-always.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Mon Apr  9 17:09:24 CEST 2018
 From: "Jason A. Donenfeld" <Jason@zx2c4.com>
 Date: Sun, 4 Jun 2017 04:16:25 +0200
 Subject: macsec: check return value of skb_to_sgvec always

 From: "Jason A. Donenfeld" <Jason@zx2c4.com>


 [ Upstream commit cda7ea6903502af34015000e16be290a79f07638 ]

 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 Cc: Sabrina Dubroca <sd@queasysnail.net>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  drivers/net/macsec.c |   13 +++++++++++--
  1 file changed, 11 insertions(+), 2 deletions(-)

 --- a/drivers/net/macsec.c
 +++ b/drivers/net/macsec.c
 @@ -742,7 +742,12 @@ static struct sk_buff *macsec_encrypt(st
  	macsec_fill_iv(iv, secy->sci, pn);

  	sg_init_table(sg, ret);
 -	skb_to_sgvec(skb, sg, 0, skb->len);
 +	ret = skb_to_sgvec(skb, sg, 0, skb->len);
 +	if (unlikely(ret < 0)) {
 +		macsec_txsa_put(tx_sa);
 +		kfree_skb(skb);
 +		return ERR_PTR(ret);
 +	}

  	if (tx_sc->encrypt) {
  		int len = skb->len - macsec_hdr_len(sci_present) -
 @@ -949,7 +954,11 @@ static struct sk_buff *macsec_decrypt(st
  	macsec_fill_iv(iv, sci, ntohl(hdr->packet_number));

  	sg_init_table(sg, ret);
 -	skb_to_sgvec(skb, sg, 0, skb->len);
 +	ret = skb_to_sgvec(skb, sg, 0, skb->len);
 +	if (unlikely(ret < 0)) {
 +		kfree_skb(skb);
 +		return ERR_PTR(ret);
 +	}

  	if (hdr->tci_an & MACSEC_TCI_E) {
  		/* confidentiality: ethernet + macsec header
	From foo@baz Mon Apr 9 17:09:24 CEST 2018
	From: "Jason A. Donenfeld" <Jason@zx2c4.com>
	Date: Sun, 4 Jun 2017 04:16:25 +0200
	Subject: macsec: check return value of skb_to_sgvec always

	From: "Jason A. Donenfeld" <Jason@zx2c4.com>


	[ Upstream commit cda7ea6903502af34015000e16be290a79f07638 ]

	Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
	Cc: Sabrina Dubroca <sd@queasysnail.net>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	drivers/net/macsec.c \| 13 +++++++++++--
	1 file changed, 11 insertions(+), 2 deletions(-)

	--- a/drivers/net/macsec.c
	+++ b/drivers/net/macsec.c
	@@ -742,7 +742,12 @@ static struct sk_buff *macsec_encrypt(st
	macsec_fill_iv(iv, secy->sci, pn);

	sg_init_table(sg, ret);
	- skb_to_sgvec(skb, sg, 0, skb->len);
	+ ret = skb_to_sgvec(skb, sg, 0, skb->len);
	+ if (unlikely(ret < 0)) {
	+ macsec_txsa_put(tx_sa);
	+ kfree_skb(skb);
	+ return ERR_PTR(ret);
	+ }

	if (tx_sc->encrypt) {
	int len = skb->len - macsec_hdr_len(sci_present) -
	@@ -949,7 +954,11 @@ static struct sk_buff *macsec_decrypt(st
	macsec_fill_iv(iv, sci, ntohl(hdr->packet_number));

	sg_init_table(sg, ret);
	- skb_to_sgvec(skb, sg, 0, skb->len);
	+ ret = skb_to_sgvec(skb, sg, 0, skb->len);
	+ if (unlikely(ret < 0)) {
	+ kfree_skb(skb);
	+ return ERR_PTR(ret);
	+ }

	if (hdr->tci_an & MACSEC_TCI_E) {
	/* confidentiality: ethernet + macsec header