On Wed, Dec 20, 2017 at 02:28:25PM -0800, Eric Biggers wrote:
From: Eric Biggers ebiggers@google.com
pcrypt is using the old way of freeing instances, where the ->free() method specified in the 'struct crypto_template' is passed a pointer to the 'struct crypto_instance'. But the crypto_instance is being kfree()'d directly, which is incorrect because the memory was actually allocated as an aead_instance, which contains the crypto_instance at a nonzero offset. Thus, the wrong pointer was being kfree()'d.
Fix it by switching to the new way to free aead_instance's where the ->free() method is specified in the aead_instance itself.
Reported-by: syzbot syzkaller@googlegroups.com Fixes: 0496f56065e0 ("crypto: pcrypt - Add support for new AEAD interface") Cc: stable@vger.kernel.org # v4.2+ Signed-off-by: Eric Biggers ebiggers@google.com
Patch applied. Thanks.