3.2.93-rc1 review patch. If anyone has any objections, please let me know.
------------------ From: Gilad Ben-Yossef <[email protected]> commit f3ad587070d6bd961ab942b3fd7a85d00dfc934b upstream. crypto_gcm_setkey() was using wait_for_completion_interruptible() to wait for completion of async crypto op but if a signal occurs it may return before DMA ops of HW crypto provider finish, thus corrupting the data buffer that is kfree'ed in this case. Resolve this by using wait_for_completion() instead. Reported-by: Eric Biggers <[email protected]> Signed-off-by: Gilad Ben-Yossef <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Signed-off-by: Ben Hutchings <[email protected]> --- crypto/gcm.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -140,10 +140,8 @@ static int crypto_gcm_setkey(struct cryp err = crypto_ablkcipher_encrypt(&data->req); if (err == -EINPROGRESS || err == -EBUSY) { - err = wait_for_completion_interruptible( - &data->result.completion); - if (!err) - err = data->result.err; + wait_for_completion(&data->result.completion); + err = data->result.err; } if (err)
