Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp4619435yba; Mon, 20 May 2019 00:15:47 -0700 (PDT) X-Google-Smtp-Source: APXvYqybPqyUoer92lcT7KU+8MRMObxfpFgv0JtNaVhHXMJgg5hwuZNHP+8qWmQ6Pch747jNCm5U X-Received: by 2002:a17:902:bc8a:: with SMTP id bb10mr17157822plb.310.1558336546973; Mon, 20 May 2019 00:15:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558336546; cv=none; d=google.com; s=arc-20160816; b=tby0D2AqISVrXsO+gUKauOHScehPhbYmQKWLWwraFJvUqbWwoCrFlAz0UwhqJSrk7a WR2jv5uvke+zmVa5bvdWnyQMSEcQAEXN0pOzHzw5psbzxaxuBbGAIKg1xwxAZoLHjUyJ bnzFtSst3Qx7YW6odDg1qEsKKSK4XKifWIotpakYLMnTl/yVx/kR+Cepe1MfEapYEtl5 TMixQzGgbjHaSt12+72E4WnkH/s5YmD3iaRrO8trGK48yvEuvhsY+dsXHBHS3x0J5j4I f28hT6GaTj9BaQ2ssSp38s2a5d/p4ELPvToyk1goQ29YhaqBzkvvFQJvFk7oaBAT3btB dHfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:content-transfer-encoding:mime-version :message-id:date:subject:cc:from:dkim-signature; bh=96LsfiFrWMDve/VrbKW+rKdzJVThO32QPdm+2n7gs78=; b=LMsQRcBEVHk9koiDuJk31OTCAlCdT5X/ykDSMlwjvFRygV7AWk7GjaxDtcNd0PXcZ6 VZk+4J8mdnVKm3l4sy5s1U2ORUEdRSqpjhPmgFUTFM1qnbbWZri6Tz1HUOohzbWhxOzp Rq2pgqGoDmEUGkyRsk/nN1azhqGyEiSMkstxpkFS7uTOkyQtB4mbRPPBwEWig8asQf5n TlmYxG07ifUqpcG44NfMbwnoGfCOwe5u6sNnNQw8ZSUPDZce9t5023TuCKKItBYtgW1i nbNWTayU3Mzr+0BYqY5Dylp+xbxbjVzcuBE0oymNUpk0VXnKlopf6eNtiAbFu/w1zR5P ejqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chromium.org header.s=google header.b=RhKZDuJC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l36si18198269plg.411.2019.05.20.00.15.31; Mon, 20 May 2019 00:15:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@chromium.org header.s=google header.b=RhKZDuJC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727878AbfETGvv (ORCPT + 99 others); Mon, 20 May 2019 02:51:51 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:36415 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725601AbfETGvv (ORCPT ); Mon, 20 May 2019 02:51:51 -0400 Received: by mail-pf1-f196.google.com with SMTP id v80so6729725pfa.3 for ; Sun, 19 May 2019 23:51:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=96LsfiFrWMDve/VrbKW+rKdzJVThO32QPdm+2n7gs78=; b=RhKZDuJCmDpIMcrrCRuhoMsURulbqflkugS+ljsC9RkqTHVGuuBv4b8r+t7zhH4/0i 7+oicObbU4MMMzlU0ShNf90XRV9cN0LNelxAcDxel6lwamqkvk1gc+9a71f6BIEslgFI HJdPhLRhLuBwhbUrip5gzGoPMoW1YM0HU5xgU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=96LsfiFrWMDve/VrbKW+rKdzJVThO32QPdm+2n7gs78=; b=hjFfhqpjW+a/IwRwKJRAMd32oiX95nzYrnF1XBp2ZM06mvebrb9CrnUpZcewI61cBO bSP6PqcxeyeZvXs8fQSPXJFdFIsSyhFGaC7GHLAJGa0SGHuj6y0gDKHtwpQOiIv+0e9Q f8RAhqqD+cUhcQIGkzncCZ3oe/HgYRUgMWj1wu6OAQTwgSfi0wBwUVHO/WnhcU06XXId XwUkn2p/rI2bWv5aahD1ZHo1yGOW4rbJZFeVot5PkJnWw5inopdExH2al+2Km/Xr+vKI H33a5d/QJYP5lOkdg+RSEsdmFi15gA4OuYzMLAj3Oyt7Pwntk9lk92FDjnkTVQUsfGnc 8mLg== X-Gm-Message-State: APjAAAX+7LGqdOPqGyymFvuXGe3sZ/U7csPHLEZLgOigh5FuExfZ4xmK qDtIyg9mRffOv3Qu8Y5MWkUE/4B5pcA= X-Received: by 2002:a63:a449:: with SMTP id c9mr38209456pgp.149.1558335110646; Sun, 19 May 2019 23:51:50 -0700 (PDT) Received: from pihsun-z840.tpe.corp.google.com ([2401:fa00:1:10:7889:7a43:f899:134c]) by smtp.googlemail.com with ESMTPSA id v1sm17881919pgb.85.2019.05.19.23.51.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 19 May 2019 23:51:50 -0700 (PDT) From: Pi-Hsun Shih Cc: Pi-Hsun Shih , Kees Cook , Anton Vorontsov , Colin Cross , Tony Luck , linux-kernel@vger.kernel.org (open list) Subject: [PATCH] pstore: Set tfm to NULL on free_buf_for_compression. Date: Mon, 20 May 2019 14:51:19 +0800 Message-Id: <20190520065120.245811-1-pihsun@chromium.org> X-Mailer: git-send-email 2.21.0.1020.gf2820cf01a-goog MIME-Version: 1.0 Content-Transfer-Encoding: 8bit To: unlisted-recipients:; (no To-header on input) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Set tfm to NULL on free_buf_for_compression after crypto_free_comp. This avoid a use-after-free when allocate_buf_for_compression and free_buf_for_compression are called twice. Although free_buf_for_compression freed the tfm, allocate_buf_for_compression won't reinitialize the tfm since the tfm pointer is not NULL. Fixes: 95047b0519c1 ("pstore: Refactor compression initialization") Signed-off-by: Pi-Hsun Shih --- fs/pstore/platform.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c index 75887a269b64..8355a46638d0 100644 --- a/fs/pstore/platform.c +++ b/fs/pstore/platform.c @@ -347,8 +347,10 @@ static void allocate_buf_for_compression(void) static void free_buf_for_compression(void) { - if (IS_ENABLED(CONFIG_PSTORE_COMPRESS) && tfm) + if (IS_ENABLED(CONFIG_PSTORE_COMPRESS) && tfm) { crypto_free_comp(tfm); + tfm = NULL; + } kfree(big_oops_buf); big_oops_buf = NULL; big_oops_buf_sz = 0; -- 2.21.0.1020.gf2820cf01a-goog