diff options
| author | Yunfeng Ye <yeyunfeng@huawei.com> | 2019-09-15 17:26:56 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-10-07 18:59:36 +0200 |
| commit | 26235380e6333746c63ea88e5d97d39e8d3c3537 (patch) | |
| tree | 40c43eab718da728a865320ab70e7283c337d4e5 /include/soc | |
| parent | ef1bb2f3c68c6a2262b6a66c57a2ab477b68e34f (diff) | |
| download | linux-stable-26235380e6333746c63ea88e5d97d39e8d3c3537.tar.gz linux-stable-26235380e6333746c63ea88e5d97d39e8d3c3537.tar.bz2 linux-stable-26235380e6333746c63ea88e5d97d39e8d3c3537.zip | |
crypto: hisilicon - Fix double free in sec_free_hw_sgl()
[ Upstream commit 24fbf7bad888767bed952f540ac963bc57e47e15 ]
There are two problems in sec_free_hw_sgl():
First, when sgl_current->next is valid, @hw_sgl will be freed in the
first loop, but it free again after the loop.
Second, sgl_current and sgl_current->next_sgl is not match when
dma_pool_free() is invoked, the third parameter should be the dma
address of sgl_current, but sgl_current->next_sgl is the dma address
of next chain, so use sgl_current->next_sgl is wrong.
Fix this by deleting the last dma_pool_free() in sec_free_hw_sgl(),
modifying the condition for while loop, and matching the address for
dma_pool_free().
Fixes: 915e4e8413da ("crypto: hisilicon - SEC security accelerator driver")
Signed-off-by: Yunfeng Ye <yeyunfeng@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'include/soc')
0 files changed, 0 insertions, 0 deletions