[PATCH] crypto: rk3288 - Fix use after free in unprepare
Andrey Skvortsov
andrej.skvortzov at gmail.com
Wed Feb 28 05:35:39 PST 2024
On 24-02-28 17:13, Herbert Xu wrote:
> The unprepare call must be carried out before the finalize call
> as the latter can free the request.
>
> Fixes: c66c17a0f69b ("crypto: rk3288 - Remove prepare/unprepare request")
> Reported-by: Andrey Skvortsov <andrej.skvortzov at gmail.com>
> Cc: <stable at vger.kernel.org>
> Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
>
> diff --git a/drivers/crypto/rockchip/rk3288_crypto_ahash.c b/drivers/crypto/rockchip/rk3288_crypto_ahash.c
> index 1b13b4aa16ec..a235e6c300f1 100644
> --- a/drivers/crypto/rockchip/rk3288_crypto_ahash.c
> +++ b/drivers/crypto/rockchip/rk3288_crypto_ahash.c
> @@ -332,12 +332,12 @@ static int rk_hash_run(struct crypto_engine *engine, void *breq)
> theend:
> pm_runtime_put_autosuspend(rkc->dev);
>
> + rk_hash_unprepare(engine, breq);
> +
> local_bh_disable();
> crypto_finalize_hash_request(engine, breq, err);
> local_bh_enable();
>
> - rk_hash_unprepare(engine, breq);
> -
> return 0;
> }
>
Thanks, that was quick. I had locally the same change.
Reviewed-by: Andrey Skvortsov <andrej.skvortzov at gmail.com>
--
Best regards,
Andrey Skvortsov
More information about the linux-arm-kernel
mailing list