6.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jia Jie Ho jiajie.ho@starfivetech.com
commit d7f01649f4eaf1878472d3d3f480ae1e50d98f6c upstream.
RSA text data uses variable length buffer allocated in software stack. Calling kfree on it causes undefined behaviour in subsequent operations.
Cc: stable@vger.kernel.org #6.7+ Signed-off-by: Jia Jie Ho jiajie.ho@starfivetech.com Signed-off-by: Herbert Xu herbert@gondor.apana.org.au Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/crypto/starfive/jh7110-rsa.c | 1 - 1 file changed, 1 deletion(-)
--- a/drivers/crypto/starfive/jh7110-rsa.c +++ b/drivers/crypto/starfive/jh7110-rsa.c @@ -273,7 +273,6 @@ static int starfive_rsa_enc_core(struct
err_rsa_crypt: writel(STARFIVE_RSA_RESET, cryp->base + STARFIVE_PKA_CACR_OFFSET); - kfree(rctx->rsa_data); return ret; }