diff mbox series

crypto: api - Check spawn->alg under lock in crypto_drop_spawn

Message ID 20191206055517.53o7xtpxdo2bx6qe@gondor.apana.org.au (mailing list archive)
State Accepted
Delegated to: Herbert Xu
Headers show
Series crypto: api - Check spawn->alg under lock in crypto_drop_spawn | expand

Commit Message

Herbert Xu Dec. 6, 2019, 5:55 a.m. UTC 
We need to check whether spawn->alg is NULL under lock as otherwise
the algorithm could be removed from under us after we have checked
it and found it to be non-NULL.  This could cause us to remove the
spawn from a non-existent list.

Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns")
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Comments

Eric Biggers Dec. 11, 2019, 3:36 a.m. UTC | #1 
On Fri, Dec 06, 2019 at 01:55:17PM +0800, Herbert Xu wrote:
> We need to check whether spawn->alg is NULL under lock as otherwise
> the algorithm could be removed from under us after we have checked
> it and found it to be non-NULL.  This could cause us to remove the
> spawn from a non-existent list.
> 
> Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns")
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> diff --git a/crypto/algapi.c b/crypto/algapi.c
> index 783006f4d339..6869feb31c99 100644
> --- a/crypto/algapi.c
> +++ b/crypto/algapi.c
> @@ -668,11 +668,9 @@ EXPORT_SYMBOL_GPL(crypto_grab_spawn);
>  
>  void crypto_drop_spawn(struct crypto_spawn *spawn)
>  {
> -	if (!spawn->alg)
> -		return;
> -
>  	down_write(&crypto_alg_sem);
> -	list_del(&spawn->list);
> +	if (spawn->alg)
> +		list_del(&spawn->list);
>  	up_write(&crypto_alg_sem);
>  }
>  EXPORT_SYMBOL_GPL(crypto_drop_spawn);

Seems the Fixes tag is wrong.  It should be:

Fixes: 7ede5a5ba55a ("crypto: api - Fix crypto_drop_spawn crash on blank spawns")

- Eric
Herbert Xu Dec. 11, 2019, 8:27 a.m. UTC | #2 
On Tue, Dec 10, 2019 at 07:36:18PM -0800, Eric Biggers wrote:
>
> Seems the Fixes tag is wrong.  It should be:
> 
> Fixes: 7ede5a5ba55a ("crypto: api - Fix crypto_drop_spawn crash on blank spawns")

Thanks, I'll change it when I apply this patch.  FWIW the patch
does need to all the way back to the original spawn commit but
of course you need to apply 7ede5a first before you can apply this
one.
diff mbox series

Patch

diff --git a/crypto/algapi.c b/crypto/algapi.c
index 783006f4d339..6869feb31c99 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -668,11 +668,9 @@  EXPORT_SYMBOL_GPL(crypto_grab_spawn);
 
 void crypto_drop_spawn(struct crypto_spawn *spawn)
 {
-	if (!spawn->alg)
-		return;
-
 	down_write(&crypto_alg_sem);
-	list_del(&spawn->list);
+	if (spawn->alg)
+		list_del(&spawn->list);
 	up_write(&crypto_alg_sem);
 }
 EXPORT_SYMBOL_GPL(crypto_drop_spawn);