ICP: Fix out of bounds write

[AttilaFueloep]

Motivation and Context

Bug fix.

Description

If gcm_mode_encrypt_contiguous_blocks() is called more than once in succession, with the accumulated lengths being less than blocksize, ctx->copy_to will be incorrectly advanced. Later, if out is NULL, bcopy() will overflow ctx->gcm_copy_to since ctx->gcm_remainder_len is larger than the ctx->gcm_copy_to buffer can hold.

For ZoL the issue may be academic, since in all my testing I wasn't able to hit neither of both conditions needed to trigger it, but other consumers can easily do so.

The fix is to set ctx->copy_to only if it's not already set.

How Has This Been Tested?

As part of another branch this survived 6 hours of zloop. Currently zloop fails with unmodified master within one hour, so can't use zloop to test this PR, sorry.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Performance enhancement (non-breaking change which improves efficiency)
• Code cleanup (non-breaking change which makes code smaller or more readable)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation (a change to man pages or other documentation)

Checklist:

• My code follows the ZFS on Linux code style requirements.
• I have updated the documentation accordingly.
• I have read the contributing document.
• I have added tests to cover my changes.
• All new and existing tests passed.
• All commit messages are properly formatted and contain Signed-off-by.

[codecov]

Codecov Report

Merging #9660 into master will increase coverage by 0.01%.
The diff coverage is 0%.

@@            Coverage Diff             @@
##           master    #9660      +/-   ##
==========================================
+ Coverage   79.32%   79.34%   +0.01%     
==========================================
  Files         418      418              
  Lines      123544   123544              
==========================================
+ Hits        98003    98026      +23     
+ Misses      25541    25518      -23

Flag	Coverage Δ
#kernel	79.97% <0%> (+0.02%)	⬆️
#user	66.71% <0%> (-0.18%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5142032...bdd5e10. Read the comment docs.

[AttilaFueloep]

With unmodified master ztest fails in my environment as well, so I think it's not related to this change.

[tcaputi]

This change looks good to me. This does raise some interesting questions though about pushing ICP fixes back to Illumos.

[AttilaFueloep]

Right, I already sent a mail to illumos-devel. Let's see if someone chimes in.

[AttilaFueloep]

Illumos issue 12048.

[behlendorf]

The ztest appear to be unrelated, but I've resubmitted those builds to the CI for good measure. Thanks for following up with illumos so they can comment on and track the proposed fix.