Patch "crypto: ixp4xx - Fix error handling path in 'aead_perform()'" has been added to the 4.9-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Fri, 18 Aug 2017 16:38:40 -0700

This is a note to let you know that I've just added the patch titled

    crypto: ixp4xx - Fix error handling path in 'aead_perform()'

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     crypto-ixp4xx-fix-error-handling-path-in-aead_perform.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 28389575a8cf933a5f3c378556b9f4d3cce0efd2 Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 2 Aug 2017 16:40:47 +0800
Subject: crypto: ixp4xx - Fix error handling path in 'aead_perform()'

From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>

commit 28389575a8cf933a5f3c378556b9f4d3cce0efd2 upstream.

In commit 0f987e25cb8a, the source processing has been moved in front of
the destination processing, but the error handling path has not been
modified accordingly.
Free resources in the correct order to avoid some leaks.

Fixes: 0f987e25cb8a ("crypto: ixp4xx - Fix false lastlen uninitialised warning")
Reported-by: Christophe JAILLET <christophe.jaillet@xxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Reviewed-by: Arnd Bergmann <arnd@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/crypto/ixp4xx_crypto.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/drivers/crypto/ixp4xx_crypto.c
+++ b/drivers/crypto/ixp4xx_crypto.c
@@ -1074,7 +1074,7 @@ static int aead_perform(struct aead_requ
 		req_ctx->hmac_virt = dma_pool_alloc(buffer_pool, flags,
 				&crypt->icv_rev_aes);
 		if (unlikely(!req_ctx->hmac_virt))
-			goto free_buf_src;
+			goto free_buf_dst;
 		if (!encrypt) {
 			scatterwalk_map_and_copy(req_ctx->hmac_virt,
 				req->src, cryptlen, authsize, 0);
@@ -1089,10 +1089,10 @@ static int aead_perform(struct aead_requ
 	BUG_ON(qmgr_stat_overflow(SEND_QID));
 	return -EINPROGRESS;
 
-free_buf_src:
-	free_buf_chain(dev, req_ctx->src, crypt->src_buf);
 free_buf_dst:
 	free_buf_chain(dev, req_ctx->dst, crypt->dst_buf);
+free_buf_src:
+	free_buf_chain(dev, req_ctx->src, crypt->src_buf);
 	crypt->ctl_flags = CTL_FLAG_UNUSED;
 	return -ENOMEM;
 }


Patches currently in stable-queue which might be from herbert@xxxxxxxxxxxxxxxxxxx are

queue-4.9/crypto-x86-sha1-fix-reads-beyond-the-number-of-blocks-passed.patch
queue-4.9/crypto-ixp4xx-fix-error-handling-path-in-aead_perform.patch






