forked from mirrors/linux
crypto: api - Use work queue in crypto_destroy_instance
The function crypto_drop_spawn expects to be called in process
context. However, when an instance is unregistered while it still
has active users, the last user may cause the instance to be freed
in atomic context.
Fix this by delaying the freeing to a work queue.
Fixes: 6bfd48096f ("[CRYPTO] api: Added spawns")
Reported-by: Florent Revest <revest@chromium.org>
Reported-by: syzbot+d769eed29cc42d75e2a3@syzkaller.appspotmail.com
Reported-by: syzbot+610ec0671f51e838436e@syzkaller.appspotmail.com
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Florent Revest <revest@chromium.org>
Acked-by: Florent Revest <revest@chromium.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Herbert Xu
parent
7999b615fd
commit
9ae4577bc0
2 changed files with 17 additions and 2 deletions
|
|
@ -17,6 +17,7 @@
|
||||||
#include <linux/rtnetlink.h>
|
#include <linux/rtnetlink.h>
|
||||||
#include <linux/slab.h>
|
#include <linux/slab.h>
|
||||||
#include <linux/string.h>
|
#include <linux/string.h>
|
||||||
|
#include <linux/workqueue.h>
|
||||||
|
|
||||||
#include "internal.h"
|
#include "internal.h"
|
||||||
|
|
||||||
|
|
@ -74,15 +75,26 @@ static void crypto_free_instance(struct crypto_instance *inst)
|
||||||
inst->alg.cra_type->free(inst);
|
inst->alg.cra_type->free(inst);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void crypto_destroy_instance(struct crypto_alg *alg)
|
static void crypto_destroy_instance_workfn(struct work_struct *w)
|
||||||
{
|
{
|
||||||
struct crypto_instance *inst = (void *)alg;
|
struct crypto_instance *inst = container_of(w, struct crypto_instance,
|
||||||
|
free_work);
|
||||||
struct crypto_template *tmpl = inst->tmpl;
|
struct crypto_template *tmpl = inst->tmpl;
|
||||||
|
|
||||||
crypto_free_instance(inst);
|
crypto_free_instance(inst);
|
||||||
crypto_tmpl_put(tmpl);
|
crypto_tmpl_put(tmpl);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void crypto_destroy_instance(struct crypto_alg *alg)
|
||||||
|
{
|
||||||
|
struct crypto_instance *inst = container_of(alg,
|
||||||
|
struct crypto_instance,
|
||||||
|
alg);
|
||||||
|
|
||||||
|
INIT_WORK(&inst->free_work, crypto_destroy_instance_workfn);
|
||||||
|
schedule_work(&inst->free_work);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This function adds a spawn to the list secondary_spawns which
|
* This function adds a spawn to the list secondary_spawns which
|
||||||
* will be used at the end of crypto_remove_spawns to unregister
|
* will be used at the end of crypto_remove_spawns to unregister
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@
|
||||||
#include <linux/cache.h>
|
#include <linux/cache.h>
|
||||||
#include <linux/crypto.h>
|
#include <linux/crypto.h>
|
||||||
#include <linux/types.h>
|
#include <linux/types.h>
|
||||||
|
#include <linux/workqueue.h>
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Maximum values for blocksize and alignmask, used to allocate
|
* Maximum values for blocksize and alignmask, used to allocate
|
||||||
|
|
@ -82,6 +83,8 @@ struct crypto_instance {
|
||||||
struct crypto_spawn *spawns;
|
struct crypto_spawn *spawns;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct work_struct free_work;
|
||||||
|
|
||||||
void *__ctx[] CRYPTO_MINALIGN_ATTR;
|
void *__ctx[] CRYPTO_MINALIGN_ATTR;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue