From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Eric Biggers <ebiggers3@gmail.com>,
Gilad Ben-Yossef <gilad@benyossef.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 3.18 11/45] crypto: gcm - wait for crypto op not signal safe
Date: Mon, 12 Jun 2017 17:26:21 +0200 [thread overview]
Message-ID: <20170612152553.891207574@linuxfoundation.org> (raw)
In-Reply-To: <20170612152553.118037974@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gilad Ben-Yossef <gilad@benyossef.com>
commit f3ad587070d6bd961ab942b3fd7a85d00dfc934b upstream.
crypto_gcm_setkey() was using wait_for_completion_interruptible() to
wait for completion of async crypto op but if a signal occurs it
may return before DMA ops of HW crypto provider finish, thus
corrupting the data buffer that is kfree'ed in this case.
Resolve this by using wait_for_completion() instead.
Reported-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
crypto/gcm.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -146,10 +146,8 @@ static int crypto_gcm_setkey(struct cryp
err = crypto_ablkcipher_encrypt(&data->req);
if (err == -EINPROGRESS || err == -EBUSY) {
- err = wait_for_completion_interruptible(
- &data->result.completion);
- if (!err)
- err = data->result.err;
+ wait_for_completion(&data->result.completion);
+ err = data->result.err;
}
if (err)
next prev parent reply other threads:[~2017-06-12 15:41 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-12 15:26 [PATCH 3.18 00/45] 3.18.57-stable review Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 01/45] bnx2x: Fix Multi-Cos Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 02/45] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 03/45] cxgb4: avoid enabling napi twice to the same queue Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 04/45] tcp: disallow cwnd undo when switching congestion control Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 05/45] ipv6: Fix leak in ipv6_gso_segment() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 06/45] net: ping: do not abuse udp_poll() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 07/45] net: ethoc: enable NAPI before poll may be scheduled Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 08/45] serial: ifx6x60: fix use-after-free on module unload Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 09/45] KEYS: fix dereferencing NULL payload with nonzero length Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 10/45] KEYS: fix freeing uninitialized memory in key_update() Greg Kroah-Hartman
2017-06-12 15:26 ` Greg Kroah-Hartman [this message]
2017-06-12 15:26 ` [PATCH 3.18 12/45] nfsd4: fix null dereference on replay Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 15/45] arm: KVM: Allow unaligned accesses at HYP Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 16/45] dmaengine: ep93xx: Always start from BASE0 Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 17/45] ext4: fix SEEK_HOLE Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 18/45] ext4: keep existing extra fields when inode expands Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 19/45] usb: gadget: f_mass_storage: Serialize wake and sleep execution Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 20/45] usb: chipidea: udc: fix NULL pointer dereference if udc_start failed Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 21/45] usb: chipidea: debug: check before accessing ci_role Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 22/45] staging/lustre/lov: remove set_fs() call from lov_getstripe() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 23/45] iio: proximity: as3935: fix AS3935_INT mask Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 24/45] drivers: char: random: add get_random_long() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 25/45] random: properly align get_random_int_hash Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 26/45] stackprotector: Increase the per-task stack canarys random range from 32 bits to 64 bits on 64-bit platforms Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 27/45] btrfs: use correct types for page indices in btrfs_page_exists_in_range Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 28/45] btrfs: fix memory leak in update_space_info failure path Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 29/45] scsi: qla2xxx: dont disable a not previously enabled PCI device Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 30/45] powerpc/eeh: Avoid use after free in eeh_handle_special_event() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 31/45] powerpc/numa: Fix percpu allocations to be NUMA aware Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 32/45] perf/core: Drop kernel samples even though :u is specified Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 33/45] drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 34/45] drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 35/45] ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 36/45] ASoC: Fix use-after-free at card unregistration Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 37/45] drivers: char: mem: Fix wraparound check to allow mappings up to the end Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 38/45] serial: sh-sci: Fix panic when serial console and DMA are enabled Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 39/45] arm64: hw_breakpoint: fix watchpoint matching for tagged pointers Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 40/45] arm64: entry: improve data abort handling of " Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 41/45] RDMA/qib,hfi1: Fix MR reference count leak on write with immediate Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 42/45] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline() Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 43/45] usercopy: Adjust tests to deal with SMAP/PAN Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 44/45] arm64: ensure extension of smp_store_release value Greg Kroah-Hartman
2017-06-12 15:26 ` [PATCH 3.18 45/45] mlx5: stop including <asm-generic/kmap_types.h> Greg Kroah-Hartman
2017-06-12 21:52 ` [PATCH 3.18 00/45] 3.18.57-stable review Guenter Roeck
2017-06-13 0:49 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170612152553.891207574@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ebiggers3@gmail.com \
--cc=gilad@benyossef.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).