Re: [PATCH] crypto: xts_crypt() return if walk.nbytes is 0
From: Ard Biesheuvel
Date: Fri Aug 20 2021 - 07:15:09 EST
On Fri, 20 Aug 2021 at 10:31, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Mon, Aug 09, 2021 at 07:40:27PM +0530, Shreyansh Chouhan wrote:
> > xts_crypt() code doesn't call kernel_fpu_end() after calling
> > kernel_fpu_begin() if walk.nbytes is 0. The correct behavior should be
> > not calling kernel_fpu_begin() if walk.nbytes is 0.
> >
> > Reported-by: syzbot+20191dc583eff8602d2d@xxxxxxxxxxxxxxxxxxxxxxxxx
> > Signed-off-by: Shreyansh Chouhan <chouhan.shreyansh630@xxxxxxxxx>
> > ---
> > arch/x86/crypto/aesni-intel_glue.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
> > index 388643ca2177..ec6eac57c493 100644
> > --- a/arch/x86/crypto/aesni-intel_glue.c
> > +++ b/arch/x86/crypto/aesni-intel_glue.c
> > @@ -849,7 +849,7 @@ static int xts_crypt(struct skcipher_request *req, bool encrypt)
> > return -EINVAL;
> >
> > err = skcipher_walk_virt(&walk, req, false);
> > - if (err)
> > + if (err || !walk.nbytes)
> > return err;
>
> The err check is now redundant because when there is an error
> nbytes is always zero.
>
In spite of that, I have a slight preference for this version, given
that it makes it obvious that we bail on two separate conditions:
- an error has occurred
- no error has occurred but the resulting walk is empty
Testing walk.nbytes only needlessly obfuscates the code, as we need to
return 'err' in the end anyway.