Patch "crypto: rk3288 - Fix use after free in unprepare" has been added to the 6.7-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Wed, 27 Mar 2024 15:52:24 +0100

This is a note to let you know that I've just added the patch titled

    crypto: rk3288 - Fix use after free in unprepare

to the 6.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     crypto-rk3288-fix-use-after-free-in-unprepare.patch
and it can be found in the queue-6.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From c0afb6b88fbbc177fa322a835f874be217bffe45 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Feb 2024 17:13:16 +0800
Subject: crypto: rk3288 - Fix use after free in unprepare

From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

commit c0afb6b88fbbc177fa322a835f874be217bffe45 upstream.

The unprepare call must be carried out before the finalize call
as the latter can free the request.

Fixes: c66c17a0f69b ("crypto: rk3288 - Remove prepare/unprepare request")
Reported-by: Andrey Skvortsov <andrej.skvortzov@xxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Reviewed-by: Andrey Skvortsov <andrej.skvortzov@xxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/crypto/rockchip/rk3288_crypto_ahash.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/crypto/rockchip/rk3288_crypto_ahash.c
+++ b/drivers/crypto/rockchip/rk3288_crypto_ahash.c
@@ -332,12 +332,12 @@ static int rk_hash_run(struct crypto_eng
 theend:
 	pm_runtime_put_autosuspend(rkc->dev);
 
+	rk_hash_unprepare(engine, breq);
+
 	local_bh_disable();
 	crypto_finalize_hash_request(engine, breq, err);
 	local_bh_enable();
 
-	rk_hash_unprepare(engine, breq);
-
 	return 0;
 }
 


Patches currently in stable-queue which might be from herbert@xxxxxxxxxxxxxxxxxxx are

queue-6.7/revert-crypto-pkcs7-remove-sha1-support.patch
queue-6.7/crypto-qat-change-slas-cleanup-flow-at-shutdown.patch
queue-6.7/crypto-qat-resolve-race-condition-during-aer-recover.patch
queue-6.7/crypto-sun8i-ce-fix-use-after-free-in-unprepare.patch
queue-6.7/crypto-rk3288-fix-use-after-free-in-unprepare.patch







