Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree

Annotating a local pointer variable, which will be assigned with the
kmalloc-family functions, with the `__cleanup(kfree)` attribute will
make the address of the local variable, rather than the address returned
by kmalloc, passed to kfree directly and lead to a crash due to invalid
deallocation of stack address. According to other places in the repo,
the correct usage should be `__free(kfree)`. The code coincidentally
compiled because the parameter type `void *` of kfree is compatible with
the desired type `struct { ... } **`.

Fixes: a71475582ada ("crypto: ccp - reduce stack usage in ccp_run_aes_gcm_cmd")
Signed-off-by: Ella Ma <alansnape3058@gmail.com>
Acked-by: Tom Lendacky <thomas.lendacky@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Ella Ma and committed by
Herbert Xu
d5abcc33 da166801

+1 -1
+1 -1
drivers/crypto/ccp/ccp-ops.c
··· 642 642 struct ccp_data dst; 643 643 struct ccp_data aad; 644 644 struct ccp_op op; 645 - } *wa __cleanup(kfree) = kzalloc(sizeof *wa, GFP_KERNEL); 645 + } *wa __free(kfree) = kzalloc(sizeof(*wa), GFP_KERNEL); 646 646 unsigned int dm_offset; 647 647 unsigned int authsize; 648 648 unsigned int jobid;