On Tue, May 23, 2017 at 04:31:59PM +0200, Stephan Müller wrote:
>
> static void skcipher_sock_destruct(struct sock *sk)
> {
> struct alg_sock *ask = alg_sk(sk);
> struct skcipher_ctx *ctx = ask->private;
> - struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(&ctx->req);
> + struct sock *psk = ask->parent;
> + struct alg_sock *pask = alg_sk(psk);
> + struct skcipher_tfm *skc = pask->private;
> + struct crypto_skcipher *tfm = skc->skcipher;
>
> - if (atomic_read(&ctx->inflight))
> - skcipher_wait(sk);
> + /* Suspend caller if AIO operations are in flight. */
> + wait_event_interruptible(skcipher_aio_finish_wait,
> + (ctx->inflight == 0));
This doesn't look right. If a signal comes in wouldn't you end
up freeing live memory?
The existing code is crap too. We should not be waiting in the
destructor in the first place. The proper way to do it is to hold
a reference count on the socket.
Cheers,
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
