| From 746c908c4d72e49068ab216c3926d2720d71a90d Mon Sep 17 00:00:00 2001 |
| From: Christian Lamparter <chunkeey@gmail.com> |
| Date: Thu, 31 Oct 2019 17:14:38 +0100 |
| Subject: crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr |
| |
| From: Christian Lamparter <chunkeey@gmail.com> |
| |
| commit 746c908c4d72e49068ab216c3926d2720d71a90d upstream. |
| |
| This patch fixes a crash that can happen during probe |
| when the available dma memory is not enough (this can |
| happen if the crypto4xx is built as a module). |
| |
| The descriptor window mapping would end up being free'd |
| twice, once in crypto4xx_build_pdr() and the second time |
| in crypto4xx_destroy_sdr(). |
| |
| Fixes: 5d59ad6eea82 ("crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak") |
| Cc: <stable@vger.kernel.org> |
| Signed-off-by: Christian Lamparter <chunkeey@gmail.com> |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/crypto/amcc/crypto4xx_core.c | 6 +----- |
| 1 file changed, 1 insertion(+), 5 deletions(-) |
| |
| --- a/drivers/crypto/amcc/crypto4xx_core.c |
| +++ b/drivers/crypto/amcc/crypto4xx_core.c |
| @@ -399,12 +399,8 @@ static u32 crypto4xx_build_sdr(struct cr |
| dma_alloc_coherent(dev->core_dev->device, |
| dev->scatter_buffer_size * PPC4XX_NUM_SD, |
| &dev->scatter_buffer_pa, GFP_ATOMIC); |
| - if (!dev->scatter_buffer_va) { |
| - dma_free_coherent(dev->core_dev->device, |
| - sizeof(struct ce_sd) * PPC4XX_NUM_SD, |
| - dev->sdr, dev->sdr_pa); |
| + if (!dev->scatter_buffer_va) |
| return -ENOMEM; |
| - } |
| |
| sd_array = dev->sdr; |
| |
