lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 09 Sep 2017 22:47:14 +0100 From: Ben Hutchings <ben@...adent.org.uk> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org CC: akpm@...ux-foundation.org, "Eric Biggers" <ebiggers3@...il.com>, "Gilad Ben-Yossef" <gilad@...yossef.com>, "Herbert Xu" <herbert@...dor.apana.org.au> Subject: [PATCH 3.16 079/233] crypto: gcm - wait for crypto op not signal safe 3.16.48-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Gilad Ben-Yossef <gilad@...yossef.com> commit f3ad587070d6bd961ab942b3fd7a85d00dfc934b upstream. crypto_gcm_setkey() was using wait_for_completion_interruptible() to wait for completion of async crypto op but if a signal occurs it may return before DMA ops of HW crypto provider finish, thus corrupting the data buffer that is kfree'ed in this case. Resolve this by using wait_for_completion() instead. Reported-by: Eric Biggers <ebiggers3@...il.com> Signed-off-by: Gilad Ben-Yossef <gilad@...yossef.com> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> Signed-off-by: Ben Hutchings <ben@...adent.org.uk> --- crypto/gcm.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -146,10 +146,8 @@ static int crypto_gcm_setkey(struct cryp err = crypto_ablkcipher_encrypt(&data->req); if (err == -EINPROGRESS || err == -EBUSY) { - err = wait_for_completion_interruptible( - &data->result.completion); - if (!err) - err = data->result.err; + wait_for_completion(&data->result.completion); + err = data->result.err; } if (err)
Powered by blists - more mailing lists