From: Chris Wright <chrisw@sous-sol.org>
Date: Mon, 21 May 2007 17:12:43 +0000 (-0700)
Subject: Crypto API fix from Herbert
X-Git-Tag: v2.6.21.2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a3b8211b338182ae1ff58319c5d1b25d0bb3a39c;p=thirdparty%2Fkernel%2Fstable-queue.git

Crypto API fix from Herbert
---

diff --git a/queue-2.6.21/crypto-api-read-module-pointer-before-freeing-algorithm.patch b/queue-2.6.21/crypto-api-read-module-pointer-before-freeing-algorithm.patch
new file mode 100644
index 00000000000..d68fce0e8e7
--- /dev/null
+++ b/queue-2.6.21/crypto-api-read-module-pointer-before-freeing-algorithm.patch
@@ -0,0 +1,37 @@
+From stable-bounces@linux.kernel.org  Fri May 18 21:59:38 2007
+Date: Sat, 19 May 2007 14:57:38 +1000
+From: Herbert Xu <herbert@gondor.apana.org.au>
+To: stable@kernel.org
+Message-ID: <20070519045738.GA4743@gondor.apana.org.au>
+Subject: CRYPTO: api: Read module pointer before freeing algorithm
+
+The function crypto_mod_put first frees the algorithm and then drops
+the reference to its module.  Unfortunately we read the module pointer
+which after freeing the algorithm and that pointer sits inside the
+object that we just freed.
+
+So this patch reads the module pointer out before we free the object.
+
+Thanks to Luca Tettamanti for reporting this.
+
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Chris Wright <chrisw@sous-sol.org>
+
+---
+ crypto/api.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- linux-2.6.21.1.orig/crypto/api.c
++++ linux-2.6.21.1/crypto/api.c
+@@ -48,8 +48,10 @@ EXPORT_SYMBOL_GPL(crypto_mod_get);
+ 
+ void crypto_mod_put(struct crypto_alg *alg)
+ {
++	struct module *module = alg->cra_module;
++
+ 	crypto_alg_put(alg);
+-	module_put(alg->cra_module);
++	module_put(module);
+ }
+ EXPORT_SYMBOL_GPL(crypto_mod_put);
+ 
diff --git a/queue-2.6.21/series b/queue-2.6.21/series
index 0d02bb9539a..d0cfd386d68 100644
--- a/queue-2.6.21/series
+++ b/queue-2.6.21/series
@@ -66,3 +66,4 @@ netfilter-ip-nf-_conntrack-fix-use-after-free-in-helper-destroy-callback-invocat
 support-rev-h-amd64s-in-powernow-k8.patch
 correct-revision-mask-for-powernow-k8.patch
 cpufreq-powernow-k7-fix-mhz-rounding-issue-with-perflib.patch
+crypto-api-read-module-pointer-before-freeing-algorithm.patch