Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp658311rwb; Fri, 13 Jan 2023 02:34:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXtflnGP8uTNV0rfPcEkEFgVz5jNWKE1fSoXftNuSFy2/DcOT2up+vH9Dirw0koBpGSf45lv X-Received: by 2002:a17:906:36ce:b0:7c1:727c:5f70 with SMTP id b14-20020a17090636ce00b007c1727c5f70mr68770780ejc.46.1673606054162; Fri, 13 Jan 2023 02:34:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673606054; cv=none; d=google.com; s=arc-20160816; b=duJZY+USu+lt7GlDHNNmPUEWp+5mNTwYdguhma1BFaDeiem60NcRI3ZNH/q53EVmiB CplaXgm5Jb2g9eK+n5BE1gZL1YLQELaGRI/RJdIMWPmgtSj3quTM8NKbct7lcg81QR+L feGpf9H1cOpoiNAD1jPG2S4K7YzFUlXbueAvBeDmqLbrk1n7yD8Xw6EwaDydEOnp/bFe DaaZTqO+OAG8iZsF8hL1ZUpVtYmYJZnpHHqr71TqUgpGmCNf0RSj1dIgPnBDJp31mq7O WYeEB2U32ilYVIICkqndI7xoNlVlWCLDNjJY5MpTJhROEuGKs41xF7DGDIdmd9a7maNa 4HqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:to:from:date; bh=ETBfiXAqDW08z+qsxJ4fl9nMSm1LlaBcKRG7+IYJ8Xw=; b=QEpnvMoggzBWC8TORu9MhXgrAjXbyLsj0OKBIZGiQIj4RqsiOYqwU5jv3kxcz4ZPEZ imoPIN34axiHyP/hYOSpaCRzKum5vRVWX/aQsg7dIPkZjNOEnkBN7t5X5wNmmaMW2AD9 4KDMmKNTnoy0nKNYR/dRMEdbOfKPVZm5/cpUbsV/K6TKbqM92BK5eJsptJHfh6j3x/US Hazl7pFG6NrCJ0akSLsD0o5gGF1hCv1QHiE+S9Oebz5UpPJ2Ngw3izy4Xt0ZSutT/VAE nFh12OJ5IuV71nX+mxNnP866/rm7Q9xzRscaWfd1wED4Sydu7Drww8CcnmIl61gE3OyC lBJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ga21-20020a1709070c1500b007ae26c753edsi11176569ejc.52.2023.01.13.02.33.43; Fri, 13 Jan 2023 02:34:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241093AbjAMKZa (ORCPT + 99 others); Fri, 13 Jan 2023 05:25:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241126AbjAMKYr (ORCPT ); Fri, 13 Jan 2023 05:24:47 -0500 Received: from formenos.hmeau.com (helcar.hmeau.com [216.24.177.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1674376EC2 for ; Fri, 13 Jan 2023 02:24:12 -0800 (PST) Received: from loth.rohan.me.apana.org.au ([192.168.167.2]) by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian)) id 1pGHEH-00HCZD-8o; Fri, 13 Jan 2023 18:24:10 +0800 Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation); Fri, 13 Jan 2023 18:24:09 +0800 Date: Fri, 13 Jan 2023 18:24:09 +0800 From: Herbert Xu To: Linux Crypto Mailing List , Ard Biesheuvel Subject: [PATCH] crypto: essiv - Handle EBUSY correctly Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org As it is essiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of essiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free. Fixes: be1eb7f78aa8 ("crypto: essiv - create wrapper template...") Signed-off-by: Herbert Xu diff --git a/crypto/essiv.c b/crypto/essiv.c index e33369df9034..307eba74b901 100644 --- a/crypto/essiv.c +++ b/crypto/essiv.c @@ -171,7 +171,12 @@ static void essiv_aead_done(struct crypto_async_request *areq, int err) struct aead_request *req = areq->data; struct essiv_aead_request_ctx *rctx = aead_request_ctx(req); + if (err == -EINPROGRESS) + goto out; + kfree(rctx->assoc); + +out: aead_request_complete(req, err); } @@ -247,7 +252,7 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc) err = enc ? crypto_aead_encrypt(subreq) : crypto_aead_decrypt(subreq); - if (rctx->assoc && err != -EINPROGRESS) + if (rctx->assoc && err != -EINPROGRESS && err != -EBUSY) kfree(rctx->assoc); return err; } -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt