Re: [PATCH v8 1/2] crypto: skcipher AF_ALG - overhaul memory management

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Samstag, 10. Juni 2017, 05:13:16 CEST schrieb Herbert Xu:

Hi Herbert,

> On Tue, May 23, 2017 at 04:31:59PM +0200, Stephan Müller wrote:
> >  static void skcipher_sock_destruct(struct sock *sk)
> >  {
> >  
> >  	struct alg_sock *ask = alg_sk(sk);
> >  	struct skcipher_ctx *ctx = ask->private;
> > 
> > -	struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(&ctx->req);
> > +	struct sock *psk = ask->parent;
> > +	struct alg_sock *pask = alg_sk(psk);
> > +	struct skcipher_tfm *skc = pask->private;
> > +	struct crypto_skcipher *tfm = skc->skcipher;
> > 
> > -	if (atomic_read(&ctx->inflight))
> > -		skcipher_wait(sk);
> > +	/* Suspend caller if AIO operations are in flight. */
> > +	wait_event_interruptible(skcipher_aio_finish_wait,
> > +				 (ctx->inflight == 0));
> 
> This doesn't look right.  If a signal comes in wouldn't you end
> up freeing live memory?

Right. Shouldn't we drop the ctx->inflight completely?

The code in the current patch set contains:

when an async operation is queued:

                sock_hold(sk);
                ctx->inflight++;

upon completion of the callback:

        __sock_put(sk);
        ctx->inflight--;

Thus, the socket is grabbed already. Hence, when dropping the inflight code 
including the wait queue entirely, I would think we are still save as we hold 
the socket.

Ciao
Stephan



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux