Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_kernel_samsung_gta4xl / 9d5b95ce1488266fd3dc3951da6c8ce25c366ada
commit9d5b95ce1488266fd3dc3951da6c8ce25c366ada[log] [tgz]
authorHerbert Xu <herbert@gondor.apana.org.au>Wed May 08 16:39:51 2024 +0800
committerVegard Nossum <vegard.nossum@oracle.com>Mon Jul 15 18:30:23 2024 +0000
tree264166e8b22c546c54ea386b2cc82cffe48bec87
parent6658c1ef0cb35d3d594507db800cb44a54db4f75 [diff]
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak

commit d3b17c6d9dddc2db3670bc9be628b122416a3d26 upstream.

Using completion_done to determine whether the caller has gone
away only works after a complete call.  Furthermore it's still
possible that the caller has not yet called wait_for_completion,
resulting in another potential UAF.

Fix this by making the caller use cancel_work_sync and then freeing
the memory safely.

Fixes: 7d42e097607c ("crypto: qat - resolve race condition during AER recovery")
Cc: <stable@vger.kernel.org> #6.8+
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 0ce5964b82f212f4df6a9813f09a0b5de15bd9c8)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
1 file changed
tree: 264166e8b22c546c54ea386b2cc82cffe48bec87
  1. .elts/
  2. arch/
  3. block/
  4. certs/
  5. crypto/
  6. Documentation/
  7. drivers/
  8. firmware/
  9. fs/
  10. include/
  11. init/
  12. ipc/
  13. kernel/
  14. lib/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README