Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp896549ybe; Wed, 4 Sep 2019 09:18:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqzCnT/dNEtmBfKAAVAHDd18PiwllFIzgwMt1/3qwSJexMOXcX1FP8yCllvdxnqOk5fcJnzN X-Received: by 2002:a63:60a:: with SMTP id 10mr35340536pgg.381.1567613903324; Wed, 04 Sep 2019 09:18:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567613903; cv=none; d=google.com; s=arc-20160816; b=aw3BFBXDL444zleESN4ykDTzNkXme8lewHgogGD3X55jK5bb3CnAZ4Yku3hnvNEuCt G7SP56MdD2e1v0a6fus6zx7kPaw5wdMveH/NXHlV2fPyFX3YIlRVnmMpTFKRImSEg8Bl omX4u4g3ggorKVi/JSU3yWElaIVl96Puicizz7QJLveF01Xpt7Vnfj0iXQM1ZvStRbUg rfPdeA4CW/rGoh2lvKl6ShguENGrW6UcJuu4zYtb0ixPZ0mOF75KSgNrFq8/ZqV8NpHM FFvAkw//B9y0E5Ps9IywaQ8YIyRXCz/NkKoxzUceu8rzJ0Iu+lx713M+m+7bwImmks85 y3ig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=XOh9fYX4dhmx8iVYdpVh+wymDF+t0r3dNDTEla2r63M=; b=m/2iMlUhTOgRyZC8uORnASL1MWefL5fWeFCA0tFYuFqykjIcRKrw90xpuWRReBuHAw iQAuVL4dhBmiAue3LSyH9TSB9I15sZJ7OGws7e1hD5tZPPzO3h8elTnvCJRguuV1XSnx e+7WkoCMmcBGak1UXRculU0zFk8AJpsjB64ZnuROJg9XQq1QdnYhtO4/zgTPp52Eikxq 2t7svzFA82VeLSxuLvfYyeHNxw56EobrwiHMTwJyO4dxAm2RxKAzTJfjUsiB/nXqNaLL O2+itla4AOy0kTvBT9lmTHqM7CBq6f1De9sZIUjZz+shOAKKW5VqjslgdsnMag1GODgz M6dw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FkVVKNcJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z6si6543857pln.87.2019.09.04.09.18.07; Wed, 04 Sep 2019 09:18:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FkVVKNcJ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732479AbfIDQRV (ORCPT + 99 others); Wed, 4 Sep 2019 12:17:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:33588 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732299AbfIDP7N (ORCPT ); Wed, 4 Sep 2019 11:59:13 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 53D1122CF5; Wed, 4 Sep 2019 15:59:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567612753; bh=lQYj4NUXHSkeIRtL2lZVGzZ2tZyvwgqLTUTTjnchcWA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FkVVKNcJRscE51XVCDAzvT79U7qlKGzqreDZeumKSzVf2SnZ2hoMkwLdLTGnmMkEg SJdDo+jLVabVzHCcvJE75NuGhh2l7SZ8oYFxyeL0+geBexHo6igwUKIDGjGiC0WhLY 6zA3/Az16Op5RCxkuAIlXDC/6y47nJq3cmGhKmo4= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Jia-Ju Bai , Ilya Dryomov , Sasha Levin , ceph-devel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH AUTOSEL 5.2 62/94] libceph: don't call crypto_free_sync_skcipher() on a NULL tfm Date: Wed, 4 Sep 2019 11:57:07 -0400 Message-Id: <20190904155739.2816-62-sashal@kernel.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190904155739.2816-1-sashal@kernel.org> References: <20190904155739.2816-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jia-Ju Bai [ Upstream commit e8c99200b4d117c340c392ebd5e62d85dfeed027 ] In set_secret(), key->tfm is assigned to NULL on line 55, and then ceph_crypto_key_destroy(key) is executed. ceph_crypto_key_destroy(key) crypto_free_sync_skcipher(key->tfm) crypto_free_skcipher(&tfm->base); This happens to work because crypto_sync_skcipher is a trivial wrapper around crypto_skcipher: &tfm->base is still 0 and crypto_free_skcipher() handles that. Let's not rely on the layout of crypto_sync_skcipher. This bug is found by a static analysis tool STCheck written by us. Fixes: 69d6302b65a8 ("libceph: Remove VLA usage of skcipher"). Signed-off-by: Jia-Ju Bai Reviewed-by: Ilya Dryomov Signed-off-by: Ilya Dryomov Signed-off-by: Sasha Levin --- net/ceph/crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index 5d6724cee38f9..4f75df40fb121 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c @@ -136,8 +136,10 @@ void ceph_crypto_key_destroy(struct ceph_crypto_key *key) if (key) { kfree(key->key); key->key = NULL; - crypto_free_sync_skcipher(key->tfm); - key->tfm = NULL; + if (key->tfm) { + crypto_free_sync_skcipher(key->tfm); + key->tfm = NULL; + } } } -- 2.20.1