Module Name: src Committed By: riastradh Date: Sun May 22 11:29:54 UTC 2022
Modified Files: src/sys/opencrypto: cryptodev.c Log Message: crypto(4): Fix possible use-after-free in race around detach. This is extremely unlikely because I don't think we have any drivers for removable crypto decelerators^Waccelerators...but if we were to sprout one, and someone ran crypto_dispatch concurrently with crypto_unregister, cryptodev_cb/mcb would enter with crp->crp_etype = EAGAIN and with CRYPTO_F_DONE set in crp->crp_flags. In this case, cryptodev_cb/mcb would issue crypto_dispatch but -- since nothing clears CRYPTO_F_DONE -- it would _also_ consider the request done and notify the ioctl thread of that. With this change, we return early if crypto_dispatch succeeds. No need to consult CRYPTO_F_DONE: if the callback is invoked it's done, and if we try to redispatch it on EAGAIN but crypto_dispatch fails, it's done. (Soon we'll get rid of the possibility of crypto_dispatch failing synchronously, but not just yet.) XXX This path could really use some testing! To generate a diff of this commit: cvs rdiff -u -r1.115 -r1.116 src/sys/opencrypto/cryptodev.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.