Re: [PATCH] crypto: n2 - cure use after free

2017-12-22 Thread Herbert Xu
Jan Engelhardt wrote: > queue_cache_init is first called for the Control Word Queue > (n2_crypto_probe). At that time, queue_cache[0] is NULL and a new > kmem_cache will be allocated. If the subsequent n2_register_algs call > fails, the kmem_cache will be released in queue_cache_destroy, but > que

Re: [PATCH] crypto: n2 - cure use after free

2017-12-19 Thread David Miller
From: Jan Engelhardt Date: Tue, 19 Dec 2017 19:09:07 +0100 > queue_cache_init is first called for the Control Word Queue > (n2_crypto_probe). At that time, queue_cache[0] is NULL and a new > kmem_cache will be allocated. If the subsequent n2_register_algs call > fails, the kmem_cache will be rele

Re: [PATCH] crypto: n2 - cure use after free

2017-12-19 Thread David Miller
From: Jan Engelhardt Date: Tue, 19 Dec 2017 16:42:39 +0100 (CET) > Nevertheless, I think that the error pathing in n2_core.c should be made > robust as well. I completely agree. > Should I resubmit with a new commit message? Yes.

Re: [PATCH] crypto: n2 - cure use after free

2017-12-19 Thread Jan Engelhardt
On Tuesday 2017-12-19 16:31, David Miller wrote: > >Instead, what fails is the algorithm registry which you should look >more deeply into the cause of. You are right. The registration failure is because the crypto layer expects halg->statesize to be non-zero, and drivers/crypto/n2_core.c does n