Received: by 10.223.176.5 with SMTP id f5csp1012490wra; Fri, 2 Feb 2018 09:41:25 -0800 (PST) X-Google-Smtp-Source: AH8x226E/3vWSN6MOJLxmZGRsnC3TKBuc2JWdT24mfa9LOMH8h8zJa9aYce4LYIkQohxM7x/7vxf X-Received: by 10.98.215.30 with SMTP id b30mr41129948pfh.50.1517593285466; Fri, 02 Feb 2018 09:41:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517593285; cv=none; d=google.com; s=arc-20160816; b=t43aac5RJFUYJM+/AAn1m2sVIhy5p87woEr2HsqPOrNCX5dm5d2obhFz3Qa6UBi2u2 GMSrrlVwIQjyZJ0DDb/CToT8JNc3/xnfSA0rvVAn17FmauDgHQqOmdB+T7OLFTRuZRPe aewBeuzGNtJ7Jy1rn0mOLJJd01sBccQny6EcwyouIPRKRrSj+4uxIsunO3F5hx+YaiDR lV/+2YIJEeZGNkPOZcc7OTMPGm9AflvzlT2Gd5ht+nmaf5R5l1ynXVUTsYCvTHuBveDU YQ5u4hdoTMGNL3LX/WQ85SQhXEalGqR8m8gFLeE9Z1x7Qul8TfwDHUeeJDSdbcGEHiaJ nW3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=k8Prb4eaIsfDG48I416I0t0oj1A+5hT9BwMRwLeQWEU=; b=hPsg7RqaqAQ9UZ2bQNd1XJVo1sUNIzHWwFals4z/vcSzC43AE0Fgou4VEt3seB+h0E MeVBhIiKihG2SzdaixU6RTzF3PRf0AfbkIQx8r/g9ipFdcKNWZzFSTiKWv7qHxQswrZF 6l2Ib6VPtzO8VBWb9zC0DCP+BR6Z1p9dnBPNYb0bi/rN4M3pQfIXe/60aC5N7ex2CvXn BSP2ZAtRzvpJPYKMv+8FUb3kc6wpGT6rUgdxX6UHvnRu3jDp01XBWXCi9b9SPvBs8mYN iZFz2LuV0An3uSduYRlfFUwq9vOr13vl0p7T90uHxN260QvDku5nzhUTTaU8tNNDOhPX GKTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x185si52163pgx.159.2018.02.02.09.41.10; Fri, 02 Feb 2018 09:41:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753710AbeBBRkq (ORCPT + 99 others); Fri, 2 Feb 2018 12:40:46 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:40812 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753760AbeBBRPl (ORCPT ); Fri, 2 Feb 2018 12:15:41 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 6425FD81; Fri, 2 Feb 2018 17:15:40 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Gilad Ben-Yossef Subject: [PATCH 4.15 28/55] staging: ccree: NULLify backup_info when unused Date: Fri, 2 Feb 2018 17:58:46 +0100 Message-Id: <20180202140829.082285149@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180202140826.117602411@linuxfoundation.org> References: <20180202140826.117602411@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.15-stable review patch. If anyone has any objections, please let me know. ------------------ From: Gilad Ben-Yossef commit 46df8824982e4fb0198776078d4a8c3e2d531464 upstream. backup_info field is only allocated for decrypt code path. The field was not nullified when not used causing a kfree in an error handling path to attempt to free random addresses as uncovered in stress testing. Fixes: 737aed947f9b ("staging: ccree: save ciphertext for CTS IV") Signed-off-by: Gilad Ben-Yossef Signed-off-by: Greg Kroah-Hartman --- drivers/staging/ccree/ssi_cipher.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/staging/ccree/ssi_cipher.c +++ b/drivers/staging/ccree/ssi_cipher.c @@ -908,6 +908,7 @@ static int ssi_ablkcipher_decrypt(struct scatterwalk_map_and_copy(req_ctx->backup_info, req->src, (req->nbytes - ivsize), ivsize, 0); req_ctx->is_giv = false; + req_ctx->backup_info = NULL; return ssi_blkcipher_process(tfm, req_ctx, req->dst, req->src, req->nbytes, req->info, ivsize, (void *)req, DRV_CRYPTO_DIRECTION_DECRYPT); }