Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp1982603imm;
        Thu, 24 May 2018 04:01:25 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZo9XCabN/+Yok9UA/boAODHLnWhTacjHYkl3tNUU56WW4I9tsJgmQyopfcRBr+sANN4FB1h
X-Received: by 2002:a63:5f0b:: with SMTP id t11-v6mr4150066pgb.79.1527159685242;
        Thu, 24 May 2018 04:01:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527159685; cv=none;
        d=google.com; s=arc-20160816;
        b=zktpC6OY7KQorWSqd7wnwkFovdnvSK3kflwMmoflCUUSQGwDgJfSeyv+imSHHb8ca3
         /VDStONMjDcySozfLfZ/mQcuXvBuw6g/Re6CTi74gZWdU0vxvs+m1AKFuMirrhzNl/L0
         mHAFTXg5iCFpOJ52R5nVS4Vjx0lhN3+PMNU96wuRgY1VyKisbz+HwA6H18Qh6GwYK4Yw
         fgM5u+B3s3CdRfSPM7I+PdNmv84s+EgNbW21K+tERpHYHnN1GMwHNvd9ZVbOw/wXckCk
         ASsX2qZ9jCiZIrUle/HW9ju1mrum5B117HTUxEQdTWfG9WvkURzl5egIIgYare+Sobxt
         Yf8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=3jT90In2JIUiiGDZUrPl1vuBoaeaRuc4Q+KdL8LfEEg=;
        b=VgHg3CGIS/F7JPZ2hPGApwW0vKIJUcEi8lgE3TmArz6jz0MeAOaGIYPX4Yva1mdIkg
         /VuOChX/IYqK7zYktpnn+pbNQo6Jl1E9Mwo9uY/qZfcyrXfDF67ht1V1JpuC33aMXSiW
         b6gy9RAyQwwk0EAIgZlg7VMsGpQaZtolfOaPjdZDypMNkmQELUfqViXxpvvjnOtbczjE
         GSQ5Nuxy583RHL9T+bn7BFU0GoJHyE68NcBmHTthgOzkb0qGMj7HbIlalpaEFank8fzY
         rM0sqXQUEZdtmr/CVoOt2gabnMPZQ9UGErhSgFfhdo90rXij7IbSqbGUIB2CgDsgXskZ
         1Hmw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Zi6ZBvJl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v6-v6si21810063plp.60.2018.05.24.04.01.07;
        Thu, 24 May 2018 04:01:25 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Zi6ZBvJl;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S968405AbeEXJzo (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Thu, 24 May 2018 05:55:44 -0400
Received: from mail.kernel.org ([198.145.29.99]:35702 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S968389AbeEXJzh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 May 2018 05:55:37 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 9A3D2208A0;
        Thu, 24 May 2018 09:55:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1527155737;
        bh=ixxkUfL1WXNcF/WI/iepJDjvP0rNbcYhkeyQUzZwdYA=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Zi6ZBvJl5UbzqS3aEdfryfItdGyRPB+sszI+VJ+kcuLUmNEvdNpMQ+fi9+J/5weyB
         Sejg9xeRPtrfL2j99xOXFKzpjFnzVy/DGsApkn0utdkZXwdQstSuR0QP0kOmqKhAT7
         KB95Dm7ZlwApR//xhAxHaplPSLs3Ltdg12i+tnyo=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Antoine Tenart <antoine.tenart@bootlin.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.14 098/165] crypto: inside-secure - fix the invalidation step during cra_exit
Date:   Thu, 24 May 2018 11:38:24 +0200
Message-Id: <20180524093625.981448838@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180524093621.979359379@linuxfoundation.org>
References: <20180524093621.979359379@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Antoine Tenart <antoine.tenart@bootlin.com>

[ Upstream commit b7007dbccd92f7b8c00e590020bee542a48c6a2c ]

When exiting a transformation, the cra_exit() helper is called in each
driver providing one. The Inside Secure SafeXcel driver has one, which
is responsible of freeing some areas and of sending one invalidation
request to the crypto engine, to invalidate the context that was used
during the transformation.

We could see in some setups (when lots of transformations were being
used with a short lifetime, and hence lots of cra_exit() calls) NULL
pointer dereferences and other weird issues. All these issues were
coming from accessing the tfm context.

The issue is the invalidation request completion is checked using a
wait_for_completion_interruptible() call in both the cipher and hash
cra_exit() helpers. In some cases this was interrupted while the
invalidation request wasn't processed yet. And then cra_exit() returned,
and its caller was freeing the tfm instance. Only then the request was
being handled by the SafeXcel driver, which lead to the said issues.

This patch fixes this by using wait_for_completion() calls in these
specific cases.

Fixes: 1b44c5a60c13 ("crypto: inside-secure - add SafeXcel EIP197 crypto engine driver")
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/crypto/inside-secure/safexcel_cipher.c |    2 +-
 drivers/crypto/inside-secure/safexcel_hash.c   |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/crypto/inside-secure/safexcel_cipher.c
+++ b/drivers/crypto/inside-secure/safexcel_cipher.c
@@ -446,7 +446,7 @@ static int safexcel_cipher_exit_inv(stru
 	if (!priv->ring[ring].need_dequeue)
 		safexcel_dequeue(priv, ring);
 
-	wait_for_completion_interruptible(&result.completion);
+	wait_for_completion(&result.completion);
 
 	if (result.error) {
 		dev_warn(priv->dev,
--- a/drivers/crypto/inside-secure/safexcel_hash.c
+++ b/drivers/crypto/inside-secure/safexcel_hash.c
@@ -494,7 +494,7 @@ static int safexcel_ahash_exit_inv(struc
 	if (!priv->ring[ring].need_dequeue)
 		safexcel_dequeue(priv, ring);
 
-	wait_for_completion_interruptible(&result.completion);
+	wait_for_completion(&result.completion);
 
 	if (result.error) {
 		dev_warn(priv->dev, "hash: completion error (%d)\n",