On 4/28/2020 8:14 AM, Zhenzhong Duan wrote: > In both aead_crypt_done and skcipher_crypt_done, edesc->bklog is > referenced after the structure pointed by edesc is freed. > > Fix them by moving kfree(edesc) to the end of function call. > > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxx> These issues were already fixed, and applied on cryptodev, by this series: https://patchwork.kernel.org/cover/11476799/ Regards, Iulia > --- > drivers/crypto/caam/caamalg.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c > index b7bb7c30adeb..6d746ef5e650 100644 > --- a/drivers/crypto/caam/caamalg.c > +++ b/drivers/crypto/caam/caamalg.c > @@ -973,8 +973,6 @@ static void aead_crypt_done(struct device *jrdev, u32 *desc, u32 err, > > aead_unmap(jrdev, edesc, req); > > - kfree(edesc); > - > /* > * If no backlog flag, the completion of the request is done > * by CAAM, not crypto engine. > @@ -983,6 +981,8 @@ static void aead_crypt_done(struct device *jrdev, u32 *desc, u32 err, > aead_request_complete(req, ecode); > else > crypto_finalize_aead_request(jrp->engine, req, ecode); > + > + kfree(edesc); > } > > static void skcipher_crypt_done(struct device *jrdev, u32 *desc, u32 err, > @@ -1022,8 +1022,6 @@ static void skcipher_crypt_done(struct device *jrdev, u32 *desc, u32 err, > DUMP_PREFIX_ADDRESS, 16, 4, req->dst, > edesc->dst_nents > 1 ? 100 : req->cryptlen, 1); > > - kfree(edesc); > - > /* > * If no backlog flag, the completion of the request is done > * by CAAM, not crypto engine. > @@ -1032,6 +1030,8 @@ static void skcipher_crypt_done(struct device *jrdev, u32 *desc, u32 err, > skcipher_request_complete(req, ecode); > else > crypto_finalize_skcipher_request(jrp->engine, req, ecode); > + > + kfree(edesc); > } > > /* >