From: Gilad Ben-Yossef <gilad@benyossef.com>
Date: Thu, 18 May 2017 13:29:25 +0000 (+0300)
Subject: crypto: gcm - wait for crypto op not signal safe
X-Git-Tag: v4.4.72~67
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a3a3a1cf538c024a4586c6c3396454d71df9b6b5;p=profile%2Fcommon%2Fplatform%2Fkernel%2Flinux-artik7.git

crypto: gcm - wait for crypto op not signal safe

commit f3ad587070d6bd961ab942b3fd7a85d00dfc934b upstream.

crypto_gcm_setkey() was using wait_for_completion_interruptible() to
wait for completion of async crypto op but if a signal occurs it
may return before DMA ops of HW crypto provider finish, thus
corrupting the data buffer that is kfree'ed in this case.

Resolve this by using wait_for_completion() instead.

Reported-by: Eric Biggers <ebiggers3@gmail.com>
Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/crypto/gcm.c b/crypto/gcm.c
index 1238b3c..0a12c09 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -152,10 +152,8 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
 
 	err = crypto_ablkcipher_encrypt(&data->req);
 	if (err == -EINPROGRESS || err == -EBUSY) {
-		err = wait_for_completion_interruptible(
-			&data->result.completion);
-		if (!err)
-			err = data->result.err;
+		wait_for_completion(&data->result.completion);
+		err = data->result.err;
 	}
 
 	if (err)