crypto: algif_aead - Fix kernel panic on list_del

Kernel panics when userspace program try to access AEAD interface. Remove node from Linked List before freeing its memory. Cc: <stable@vger.kernel.org> Signed-off-by: Harsh Jain <harsh@chelsio.com> Reviewed-by: Stephan Müller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Harsh Jain <harsh@chelsio.com> 2017-02-01 10:40:28 -0500
committer: Herbert Xu <herbert@gondor.apana.org.au> 2017-02-03 04:45:48 -0500
commit: 0b529f143e8baad441a5aac9ad55ec2434d8fb46 (patch)
tree: fd816e548e12745d4776ad0bd661bec142d3ea06
parent: c26819900036f5b91608051a0fc7c76f6b4ffc7b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index f849311e9fd4..533265f110e0 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -661,9 +661,9 @@ static int aead_recvmsg_sync(struct socket *sock, struct msghdr *msg, int flags)
 unlock:
        list_for_each_entry_safe(rsgl, tmp, &ctx->list, list) {
                af_alg_free_sg(&rsgl->sgl);
+                list_del(&rsgl->list);
                if (rsgl != &ctx->first_rsgl)
                        sock_kfree_s(sk, rsgl, sizeof(*rsgl));
-                list_del(&rsgl->list);
        }
        INIT_LIST_HEAD(&ctx->list);
        aead_wmem_wakeup(sk);
author	Harsh Jain <harsh@chelsio.com>	2017-02-01 10:40:28 -0500
committer	Herbert Xu <herbert@gondor.apana.org.au>	2017-02-03 04:45:48 -0500
commit	0b529f143e8baad441a5aac9ad55ec2434d8fb46 (patch)
tree	fd816e548e12745d4776ad0bd661bec142d3ea06
parent	c26819900036f5b91608051a0fc7c76f6b4ffc7b (diff)