diff options
author | Harsh Jain <harsh@chelsio.com> | 2017-02-01 10:40:28 -0500 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2017-02-03 04:45:48 -0500 |
commit | 0b529f143e8baad441a5aac9ad55ec2434d8fb46 (patch) | |
tree | fd816e548e12745d4776ad0bd661bec142d3ea06 | |
parent | c26819900036f5b91608051a0fc7c76f6b4ffc7b (diff) |
crypto: algif_aead - Fix kernel panic on list_del
Kernel panics when userspace program try to access AEAD interface.
Remove node from Linked List before freeing its memory.
Cc: <stable@vger.kernel.org>
Signed-off-by: Harsh Jain <harsh@chelsio.com>
Reviewed-by: Stephan Müller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | crypto/algif_aead.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index f849311e9fd4..533265f110e0 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c | |||
@@ -661,9 +661,9 @@ static int aead_recvmsg_sync(struct socket *sock, struct msghdr *msg, int flags) | |||
661 | unlock: | 661 | unlock: |
662 | list_for_each_entry_safe(rsgl, tmp, &ctx->list, list) { | 662 | list_for_each_entry_safe(rsgl, tmp, &ctx->list, list) { |
663 | af_alg_free_sg(&rsgl->sgl); | 663 | af_alg_free_sg(&rsgl->sgl); |
664 | list_del(&rsgl->list); | ||
664 | if (rsgl != &ctx->first_rsgl) | 665 | if (rsgl != &ctx->first_rsgl) |
665 | sock_kfree_s(sk, rsgl, sizeof(*rsgl)); | 666 | sock_kfree_s(sk, rsgl, sizeof(*rsgl)); |
666 | list_del(&rsgl->list); | ||
667 | } | 667 | } |
668 | INIT_LIST_HEAD(&ctx->list); | 668 | INIT_LIST_HEAD(&ctx->list); |
669 | aead_wmem_wakeup(sk); | 669 | aead_wmem_wakeup(sk); |