commit 0bb535980aa2cd3dbe532dda09c8f75cdf07ef20
author Sabrina Dubroca <sd@queasysnail.net> Wed Feb 28 23:43:59 2024 +0100
committer Kevin Berry <kpberry@google.com> Thu Sep 04 17:13:03 2025 -0700
tree a0c770cad389e768b3a71697400fb8ed078d0053
parent f3d65b53d35602dba107732c8ff74246ec37c54c

tls: separate no-async decryption request handling from async

commit 41532b785e9d79636b3815a64ddf6a096647d011 upstream.

If we're not doing async, the handling is much simpler. There's no
reference counting, we just need to wait for the completion to wake us
up and return its result.

We should preferably also use a separate crypto_wait. I'm not seeing a
UAF as I did in the past, I think aec7961916f3 ("tls: fix race between
async notify and socket close") took care of it.

This will make the next fix easier.

BUG=b/441916256
TEST=presubmit
RELEASE_NOTE=Fixed CVE-2024-58240 in the Linux kernel.

cos-patch: security-moderate
Change-Id: I2282d5a49c552263e4a7ddab9d2dbc4472c7d9eb
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/47bde5f649707610eaef9f0d679519966fc31061.1709132643.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[ William: The original patch did not apply cleanly due to deletions of
  non-existent lines in 6.1.y. The UAF the author stopped seeing can still
  be reproduced on systems without AVX in conjunction with cryptd.
  Also removed an extraneous statement after a return statement that is
  adjacent to diff. ]
Link: https://lore.kernel.org/netdev/he2K1yz_u7bZ-CnYcTSQ4OxuLuHZXN6xZRgp6_ICSWnq8J5FpI_uD1i_1lTSf7WMrYb5ThiX1OR2GTOB2IltgT49Koy7Hhutr4du4KtLvyk=@willsroot.io/
Signed-off-by: William Liu <will@willsroot.io>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kevin Berry <kpberry@google.com>
Reviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/110622
Reviewed-by: Miri Amarilio <mirilio@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>