[PATCH 5.0 016/238] crypto: ccree - fix free of unallocated mlli buffer

From: Greg Kroah-Hartman
Date: Fri Mar 22 2019 - 08:12:07 EST


5.0-stable review patch. If anyone has any objections, please let me know.

------------------

From: Hadar Gat <hadar.gat@xxxxxxx>

commit a49411959ea6d4915a9fd2a7eb5ba220e6284e9a upstream.

In cc_unmap_aead_request(), call dma_pool_free() for mlli buffer only
if an item is allocated from the pool and not always if there is a
pool allocated.
This fixes a kernel panic when trying to free a non-allocated item.

Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Hadar Gat <hadar.gat@xxxxxxx>
Signed-off-by: Gilad Ben-Yossef <gilad@xxxxxxxxxxxxx>
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/crypto/ccree/cc_buffer_mgr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

--- a/drivers/crypto/ccree/cc_buffer_mgr.c
+++ b/drivers/crypto/ccree/cc_buffer_mgr.c
@@ -614,10 +614,10 @@ void cc_unmap_aead_request(struct device
hw_iv_size, DMA_BIDIRECTIONAL);
}

- /*In case a pool was set, a table was
- *allocated and should be released
- */
- if (areq_ctx->mlli_params.curr_pool) {
+ /* Release pool */
+ if ((areq_ctx->assoc_buff_type == CC_DMA_BUF_MLLI ||
+ areq_ctx->data_buff_type == CC_DMA_BUF_MLLI) &&
+ (areq_ctx->mlli_params.mlli_virt_addr)) {
dev_dbg(dev, "free MLLI buffer: dma=%pad virt=%pK\n",
&areq_ctx->mlli_params.mlli_dma_addr,
areq_ctx->mlli_params.mlli_virt_addr);