crypto: algif_aead - Fix kernel panic on list_del

Kernel panics when userspace program try to access AEAD interface. Remove node from Linked List before freeing its memory. Cc: <stable@vger.kernel.org> Signed-off-by: N Harsh Jain <harsh@chelsio.com> Reviewed-by: N Stephan Müller <smueller@chronox.de> Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au>

crypto: algif_aead - Fix kernel panic on list_del
Kernel panics when userspace program try to access AEAD interface. Remove node from Linked List before freeing its memory. Cc: <stable@vger.kernel.org> Signed-off-by: N Harsh Jain <harsh@chelsio.com> Reviewed-by: N Stephan Müller <smueller@chronox.de> Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au>
0b529f14 · Harsh Jain · Herbert Xu · c2681990 · 0b529f14
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

crypto/algif_aead.c crypto/algif_aead.c +1 -1

未找到文件。
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -661,9 +661,9 @@ static int aead_recvmsg_sync(struct socket *sock, struct msghdr *msg, int flags)
 unlock:
 	list_for_each_entry_safe(rsgl, tmp, &ctx->list, list) {
 		af_alg_free_sg(&rsgl->sgl);
+		list_del(&rsgl->list);
 		if (rsgl != &ctx->first_rsgl)
 			sock_kfree_s(sk, rsgl, sizeof(*rsgl));
-		list_del(&rsgl->list);
 	}
 	INIT_LIST_HEAD(&ctx->list);
 	aead_wmem_wakeup(sk);