diff mbox series

crypto:authencesn: Avoid twice completion call in decrypt path

Message ID d142ed822eefb83f5171800a3d97e5567dce4062.1546505059.git.harsh@chelsio.com (mailing list archive)
State Accepted
Delegated to: Herbert Xu
Headers show
Series crypto:authencesn: Avoid twice completion call in decrypt path | expand

Commit Message

Harsh Jain Jan. 3, 2019, 8:51 a.m. UTC
Authencesn template in decrypt path unconditionally calls aead_request_complete
after ahash_verify which leads to following kernel panic in after decryption.

[  338.539800] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
[  338.548372] PGD 0 P4D 0
[  338.551157] Oops: 0000 [#1] SMP PTI
[  338.554919] CPU: 0 PID: 0 Comm: swapper/0 Kdump: loaded Tainted: G        W I       4.19.7+ #13
[  338.564431] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0        07/29/10
[  338.572212] RIP: 0010:esp_input_done2+0x350/0x410 [esp4]
[  338.578030] Code: ff 0f b6 68 10 48 8b 83 c8 00 00 00 e9 8e fe ff ff 8b 04 25 04 00 00 00 83 e8 01 48 98 48 8b 3c c5 10 00 00 00 e9 f7 fd ff ff <8b> 04 25 04 00 00 00 83 e8 01 48 98 4c 8b 24 c5 10 00 00 00 e9 3b
[  338.598547] RSP: 0018:ffff911c97803c00 EFLAGS: 00010246
[  338.604268] RAX: 0000000000000002 RBX: ffff911c4469ee00 RCX: 0000000000000000
[  338.612090] RDX: 0000000000000000 RSI: 0000000000000130 RDI: ffff911b87c20400
[  338.619874] RBP: 0000000000000000 R08: ffff911b87c20498 R09: 000000000000000a
[  338.627610] R10: 0000000000000001 R11: 0000000000000004 R12: 0000000000000000
[  338.635402] R13: ffff911c89590000 R14: ffff911c91730000 R15: 0000000000000000
[  338.643234] FS:  0000000000000000(0000) GS:ffff911c97800000(0000) knlGS:0000000000000000
[  338.652047] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  338.658299] CR2: 0000000000000004 CR3: 00000001ec20a000 CR4: 00000000000006f0
[  338.666382] Call Trace:
[  338.669051]  <IRQ>
[  338.671254]  esp_input_done+0x12/0x20 [esp4]
[  338.675922]  chcr_handle_resp+0x3b5/0x790 [chcr]
[  338.680949]  cpl_fw6_pld_handler+0x37/0x60 [chcr]
[  338.686080]  chcr_uld_rx_handler+0x22/0x50 [chcr]
[  338.691233]  uldrx_handler+0x8c/0xc0 [cxgb4]
[  338.695923]  process_responses+0x2f0/0x5d0 [cxgb4]
[  338.701177]  ? bitmap_find_next_zero_area_off+0x3a/0x90
[  338.706882]  ? matrix_alloc_area.constprop.7+0x60/0x90
[  338.712517]  ? apic_update_irq_cfg+0x82/0xf0
[  338.717177]  napi_rx_handler+0x14/0xe0 [cxgb4]
[  338.722015]  net_rx_action+0x2aa/0x3e0
[  338.726136]  __do_softirq+0xcb/0x280
[  338.730054]  irq_exit+0xde/0xf0
[  338.733504]  do_IRQ+0x54/0xd0
[  338.736745]  common_interrupt+0xf/0xf

Signed-off-by: Harsh Jain <harsh@chelsio.com>
Cc: stable@vger.kernel.org
---
 crypto/authencesn.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Herbert Xu Jan. 10, 2019, 2:05 p.m. UTC | #1
On Thu, Jan 03, 2019 at 02:21:05PM +0530, Harsh Jain wrote:
> Authencesn template in decrypt path unconditionally calls aead_request_complete
> after ahash_verify which leads to following kernel panic in after decryption.
> 
> [  338.539800] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
> [  338.548372] PGD 0 P4D 0
> [  338.551157] Oops: 0000 [#1] SMP PTI
> [  338.554919] CPU: 0 PID: 0 Comm: swapper/0 Kdump: loaded Tainted: G        W I       4.19.7+ #13
> [  338.564431] Hardware name: Supermicro X8ST3/X8ST3, BIOS 2.0        07/29/10
> [  338.572212] RIP: 0010:esp_input_done2+0x350/0x410 [esp4]
> [  338.578030] Code: ff 0f b6 68 10 48 8b 83 c8 00 00 00 e9 8e fe ff ff 8b 04 25 04 00 00 00 83 e8 01 48 98 48 8b 3c c5 10 00 00 00 e9 f7 fd ff ff <8b> 04 25 04 00 00 00 83 e8 01 48 98 4c 8b 24 c5 10 00 00 00 e9 3b
> [  338.598547] RSP: 0018:ffff911c97803c00 EFLAGS: 00010246
> [  338.604268] RAX: 0000000000000002 RBX: ffff911c4469ee00 RCX: 0000000000000000
> [  338.612090] RDX: 0000000000000000 RSI: 0000000000000130 RDI: ffff911b87c20400
> [  338.619874] RBP: 0000000000000000 R08: ffff911b87c20498 R09: 000000000000000a
> [  338.627610] R10: 0000000000000001 R11: 0000000000000004 R12: 0000000000000000
> [  338.635402] R13: ffff911c89590000 R14: ffff911c91730000 R15: 0000000000000000
> [  338.643234] FS:  0000000000000000(0000) GS:ffff911c97800000(0000) knlGS:0000000000000000
> [  338.652047] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [  338.658299] CR2: 0000000000000004 CR3: 00000001ec20a000 CR4: 00000000000006f0
> [  338.666382] Call Trace:
> [  338.669051]  <IRQ>
> [  338.671254]  esp_input_done+0x12/0x20 [esp4]
> [  338.675922]  chcr_handle_resp+0x3b5/0x790 [chcr]
> [  338.680949]  cpl_fw6_pld_handler+0x37/0x60 [chcr]
> [  338.686080]  chcr_uld_rx_handler+0x22/0x50 [chcr]
> [  338.691233]  uldrx_handler+0x8c/0xc0 [cxgb4]
> [  338.695923]  process_responses+0x2f0/0x5d0 [cxgb4]
> [  338.701177]  ? bitmap_find_next_zero_area_off+0x3a/0x90
> [  338.706882]  ? matrix_alloc_area.constprop.7+0x60/0x90
> [  338.712517]  ? apic_update_irq_cfg+0x82/0xf0
> [  338.717177]  napi_rx_handler+0x14/0xe0 [cxgb4]
> [  338.722015]  net_rx_action+0x2aa/0x3e0
> [  338.726136]  __do_softirq+0xcb/0x280
> [  338.730054]  irq_exit+0xde/0xf0
> [  338.733504]  do_IRQ+0x54/0xd0
> [  338.736745]  common_interrupt+0xf/0xf
> 
> Signed-off-by: Harsh Jain <harsh@chelsio.com>
> Cc: stable@vger.kernel.org

Patch applied.  Thanks.
diff mbox series

Patch

diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index 80a25cc..4741fe8 100644
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -279,7 +279,7 @@  static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq,
 	struct aead_request *req = areq->data;
 
 	err = err ?: crypto_authenc_esn_decrypt_tail(req, 0);
-	aead_request_complete(req, err);
+	authenc_esn_request_complete(req, err);
 }
 
 static int crypto_authenc_esn_decrypt(struct aead_request *req)