From de408515f48a026e7a6abf5cdf6fc06505baaa8c Mon Sep 17 00:00:00 2001
From: Horia Geanta <horia.geanta@freescale.com>
Date: Fri, 1 Nov 2013 14:48:30 +0200
Subject: crypto: caam - fix sg_count searching out of bound

In case sg_count is provided with a buffer length greater than
what is in the scatterlist, it will oops.
Stop the count of nents when sg is NULL.

Change-Id: I3fffdf901e602d11776e4fe5eb9322d2c186a612
Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Reviewed-on: http://git.am.freescale.net:8181/6467
Reviewed-by: Richard Schmitt <B43082@freescale.com>
Tested-by: Richard Schmitt <B43082@freescale.com>
Reviewed-on: http://git.am.freescale.net:8181/19787
Tested-by: Review Code-CDREVIEW <CDREVIEW@freescale.com>
Reviewed-by: Matthew Weigel <Matthew.Weigel@freescale.com>

diff --git a/drivers/crypto/caam/sg_sw_sec4.h b/drivers/crypto/caam/sg_sw_sec4.h
index b12ff85..f1b30ec 100644
--- a/drivers/crypto/caam/sg_sw_sec4.h
+++ b/drivers/crypto/caam/sg_sw_sec4.h
@@ -62,7 +62,7 @@ static inline int __sg_count(struct scatterlist *sg_list, int nbytes,
 	struct scatterlist *sg = sg_list;
 	int sg_nents = 0;
 
-	while (nbytes > 0) {
+	while (nbytes > 0 && sg) {
 		sg_nents++;
 		nbytes -= sg->length;
 		if (!sg_is_last(sg) && (sg + 1)->length == 0)
-- 
cgit v0.10.2