3.16.48-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Gilad Ben-Yossef <gi...@benyossef.com>
commit f3ad587070d6bd961ab942b3fd7a85d00dfc934b upstream.
crypto_gcm_setkey() was using wait_for_completion_interruptible() to
wait for completion of async crypto op but if a signal occurs it
may return before DMA ops of HW crypto provider finish, thus
corrupting the data buffer that is kfree'ed in this case.
Resolve this by using wait_for_completion() instead.
Reported-by: Eric Biggers <ebigge...@gmail.com>
Signed-off-by: Gilad Ben-Yossef <gi...@benyossef.com>
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
---
crypto/gcm.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -146,10 +146,8 @@ static int crypto_gcm_setkey(struct cryp
err = crypto_ablkcipher_encrypt(&data->req);
if (err == -EINPROGRESS || err == -EBUSY) {
- err = wait_for_completion_interruptible(
- &data->result.completion);
- if (!err)
- err = data->result.err;
+ wait_for_completion(&data->result.completion);
+ err = data->result.err;
}
if (err)
