Revision - 9c1c2b3 - ceph: hold extra reference to r_parent over life of request

Revision 9c1c2b35f1d94de8325344c2777d7ee67492db3b authored by Jeff Layton on 03 April 2019, 17:16:01 UTC, committed by Ilya Dryomov on 21 January 2020, 18:02:37 UTC

ceph: hold extra reference to r_parent over life of request

Currently, we just assume that it will stick around by virtue of the
submitter's reference, but later patches will allow the syscall to
return early and we can't rely on that reference at that point.

While I'm not aware of any reports of it, Xiubo pointed out that this
may fix a use-after-free.  If the wait for a reply times out or is
canceled via signal, and then the reply comes in after the syscall
returns, the client can end up trying to access r_parent without a
reference.

Take an extra reference to the inode when setting r_parent and release
it when releasing the request.

Cc: stable@vger.kernel.org
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

1 parent def9d27

Files
Changes

Permalinks

atmel-authenc.h

/* SPDX-License-Identifier: GPL-2.0 */
/*
 * API for Atmel Secure Protocol Layers Improved Performances (SPLIP)
 *
 * Copyright (C) 2016 Atmel Corporation
 *
 * Author: Cyrille Pitchen <cyrille.pitchen@atmel.com>
 *
 * This driver is based on drivers/mtd/spi-nor/fsl-quadspi.c from Freescale.
 */

#ifndef __ATMEL_AUTHENC_H__
#define __ATMEL_AUTHENC_H__

#if IS_ENABLED(CONFIG_CRYPTO_DEV_ATMEL_AUTHENC)

#include <crypto/authenc.h>
#include <crypto/hash.h>
#include <crypto/sha.h>
#include "atmel-sha-regs.h"

struct atmel_aes_dev;
typedef int (*atmel_aes_authenc_fn_t)(struct atmel_aes_dev *, int, bool);

struct atmel_sha_authenc_ctx;

bool atmel_sha_authenc_is_ready(void);
unsigned int atmel_sha_authenc_get_reqsize(void);

struct atmel_sha_authenc_ctx *atmel_sha_authenc_spawn(unsigned long mode);
void atmel_sha_authenc_free(struct atmel_sha_authenc_ctx *auth);
int atmel_sha_authenc_setkey(struct atmel_sha_authenc_ctx *auth,
			     const u8 *key, unsigned int keylen,
			     u32 *flags);

int atmel_sha_authenc_schedule(struct ahash_request *req,
			       struct atmel_sha_authenc_ctx *auth,
			       atmel_aes_authenc_fn_t cb,
			       struct atmel_aes_dev *dd);
int atmel_sha_authenc_init(struct ahash_request *req,
			   struct scatterlist *assoc, unsigned int assoclen,
			   unsigned int textlen,
			   atmel_aes_authenc_fn_t cb,
			   struct atmel_aes_dev *dd);
int atmel_sha_authenc_final(struct ahash_request *req,
			    u32 *digest, unsigned int digestlen,
			    atmel_aes_authenc_fn_t cb,
			    struct atmel_aes_dev *dd);
void  atmel_sha_authenc_abort(struct ahash_request *req);

#endif /* CONFIG_CRYPTO_DEV_ATMEL_AUTHENC */

#endif /* __ATMEL_AUTHENC_H__ */

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...