From patchwork Fri Jan 13 10:27:51 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Herbert Xu <herbert@gondor.apana.org.au>
X-Patchwork-Id: 642740
Return-Path: <linux-crypto-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
 aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
 by smtp.lore.kernel.org (Postfix) with ESMTP id 8107EC54EBD
 for <linux-crypto@archiver.kernel.org>; Fri, 13 Jan 2023 10:28:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S234479AbjAMK2b (ORCPT <rfc822;linux-crypto@archiver.kernel.org>);
 Fri, 13 Jan 2023 05:28:31 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35246 "EHLO
 lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S240931AbjAMK15 (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Fri, 13 Jan 2023 05:27:57 -0500
Received: from formenos.hmeau.com (helcar.hmeau.com [216.24.177.18])
 by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 144E852C59
 for <linux-crypto@vger.kernel.org>;
 Fri, 13 Jan 2023 02:27:54 -0800 (PST)
Received: from loth.rohan.me.apana.org.au ([192.168.167.2])
 by formenos.hmeau.com with smtp (Exim 4.94.2 #2 (Debian))
 id 1pGHHr-00HCeT-9O; Fri, 13 Jan 2023 18:27:52 +0800
Received: by loth.rohan.me.apana.org.au (sSMTP sendmail emulation);
 Fri, 13 Jan 2023 18:27:51 +0800
Date: Fri, 13 Jan 2023 18:27:51 +0800
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: [PATCH] crypto: seqiv - Handle EBUSY correctly
Message-ID: <Y8EyJ7fvgkDnbSH6@gondor.apana.org.au>
MIME-Version: 1.0
Content-Disposition: inline
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

As it is seqiv only handles the special return value of EINPROGERSS,
which means that in all other cases it will free data related to the
request.

However, as the caller of seqiv may specify MAY_BACKLOG, we also need
to expect EBUSY and treat it in the same way.  Otherwise backlogged
requests will trigger a use-after-free.

Fixes: 0a270321dbf9 ("[CRYPTO] seqiv: Add Sequence Number IV Generator")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/seqiv.c b/crypto/seqiv.c
index 0899d527c284..b1bcfe537daf 100644
--- a/crypto/seqiv.c
+++ b/crypto/seqiv.c
@@ -23,7 +23,7 @@ static void seqiv_aead_encrypt_complete2(struct aead_request *req, int err)
 	struct aead_request *subreq = aead_request_ctx(req);
 	struct crypto_aead *geniv;
 
-	if (err == -EINPROGRESS)
+	if (err == -EINPROGRESS || err == -EBUSY)
 		return;
 
 	if (err)