From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:45394 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933890AbcIVNex (ORCPT ); Thu, 22 Sep 2016 09:34:53 -0400 Subject: Patch "dm crypt: fix free of bad values after tfm allocation failure" has been added to the 4.7-stable tree To: ebiggers@google.com, gregkh@linuxfoundation.org, snitzer@redhat.com Cc: , From: Date: Thu, 22 Sep 2016 15:34:23 +0200 Message-ID: <147455126314999@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled dm crypt: fix free of bad values after tfm allocation failure to the 4.7-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: dm-crypt-fix-free-of-bad-values-after-tfm-allocation-failure.patch and it can be found in the queue-4.7 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From 5d0be84ec0cacfc7a6d6ea548afdd07d481324cd Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 30 Aug 2016 09:51:44 -0700 Subject: dm crypt: fix free of bad values after tfm allocation failure From: Eric Biggers commit 5d0be84ec0cacfc7a6d6ea548afdd07d481324cd upstream. If crypt_alloc_tfms() had to allocate multiple tfms and it failed before the last allocation, then it would call crypt_free_tfms() and could free pointers from uninitialized memory -- due to the crypt_free_tfms() check for non-zero cc->tfms[i]. Fix by allocating zeroed memory. Signed-off-by: Eric Biggers Signed-off-by: Mike Snitzer Signed-off-by: Greg Kroah-Hartman --- drivers/md/dm-crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -1453,7 +1453,7 @@ static int crypt_alloc_tfms(struct crypt unsigned i; int err; - cc->tfms = kmalloc(cc->tfms_count * sizeof(struct crypto_skcipher *), + cc->tfms = kzalloc(cc->tfms_count * sizeof(struct crypto_skcipher *), GFP_KERNEL); if (!cc->tfms) return -ENOMEM; Patches currently in stable-queue which might be from ebiggers@google.com are queue-4.7/fscrypto-require-write-access-to-mount-to-set-encryption-policy.patch queue-4.7/dm-crypt-fix-free-of-bad-values-after-tfm-allocation-failure.patch