2011-08-02 10:29:14

by Jamie Iles

Subject: [PATCH] crypto: picoxcell: fix possible invalid pointer dereference

The completion callback will free the request so we must remove it from
the completion list before calling the callback.

Cc: Herbert Xu <[email protected]>
Signed-off-by: Jamie Iles <[email protected]>
---
drivers/crypto/picoxcell_crypto.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c
index 017340c..a2b553e 100644
--- a/drivers/crypto/picoxcell_crypto.c
+++ b/drivers/crypto/picoxcell_crypto.c
@@ -1242,8 +1242,8 @@ static void spacc_spacc_complete(unsigned long data)
spin_unlock_irqrestore(&engine->hw_lock, flags);

list_for_each_entry_safe(req, tmp, &completed, list) {
- req->complete(req);
list_del(&req->list);
+ req->complete(req);
}
}

--
1.7.4.1

2011-08-10 11:02:12

by Herbert Xu

Subject: Re: [PATCH] crypto: picoxcell: fix possible invalid pointer dereference

On Tue, Aug 02, 2011 at 11:29:06AM +0100, Jamie Iles wrote:
> The completion callback will free the request so we must remove it from
> the completion list before calling the callback.
>
> Cc: Herbert Xu <[email protected]>
> Signed-off-by: Jamie Iles <[email protected]>

Also applied.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt