From patchwork Sat Mar 10 23:22:31 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10274453 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 38E1660390 for ; Sat, 10 Mar 2018 23:26:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3031228CD8 for ; Sat, 10 Mar 2018 23:26:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2499529783; Sat, 10 Mar 2018 23:26:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 863FF28CD8 for ; Sat, 10 Mar 2018 23:26:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751190AbeCJX0b (ORCPT ); Sat, 10 Mar 2018 18:26:31 -0500 Received: from mail-pl0-f65.google.com ([209.85.160.65]:45593 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751172AbeCJX0b (ORCPT ); Sat, 10 Mar 2018 18:26:31 -0500 Received: by mail-pl0-f65.google.com with SMTP id v9-v6so7240426plp.12 for ; Sat, 10 Mar 2018 15:26:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Pziyqau7Ow0k8bcDTajcQx+UfACH57HTHHrhF7K8epc=; b=Gj3JBpMVUPtbrA35QFaE6/KlzIpWWQ52gOlc0UBDwZcCnu71bME9PcaJLt9USLk8r6 I4X4CUgpuXPi2XKqBhOnFREyEuN1rTb44QAxQtgd5qF3tcFNJHsnSlBNu3RFN0cixevA 0jgiDX7OiWiV1cFqTUrwNKJIPnCtuV8EbEWshtLYLtFICaOgQP7zz+eJLnzOlOPfRUeq 6wcuohfv/tMyRftUDvtNIVj7TYU5d05gG9uk5rZSJZRBxZREZzk26xHyE5zCphQWi1PD qPl6UXDmNg2dE1+Qi0Wj1IOz9WLsNOZ1LawYqESD3KhgWuvtq0H5/qx6q01G2LNkI04i 0Hww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Pziyqau7Ow0k8bcDTajcQx+UfACH57HTHHrhF7K8epc=; b=MXULtKs5sgozRwzOHH4mYGlrxr0SYv+i6jkD32JJRiYNYZ01FDbhvrfXPUR3F8UHjB b79a6zfc2y5NFE6f6J8JfxtH7U2hhROy7fyRgJ1GhA81xPgQ59bgkZjjhpRVtSyrEam4 84QrfKD+JZeC3T4NjpKMQPBcak4V+WUrtni5zqQzfr0vkrQIvHHA2Eaz24NYnBXUcO7/ fx22qfEQrqbw7zD3pUibj2fVRKjLsNpu/pWYQS6O3kHsWGuP/nDwyMLYoG3+asegpsgB XkRS4ZKDGlvsxu3N2MozWhhCmzUDF7DixXtRDHqubHPWrQd2wWPyq2R/ls2yJIa5hEX2 zpDQ== X-Gm-Message-State: AElRT7ECI57h9x8gL1N3cMO2LqlOUtR+aYECS8rQ3CBIckWjYsvYk+u/ rkIOOvBIXE6FOZTYzONI4dnMGVmE X-Google-Smtp-Source: AG47ELsOdsiNydlDnSP4f3GpOv0Cx8GYCpzZwwk5Eqnc5GbFAxkcFaH4mYYDhLyyBpxHbAB5RCP9Gw== X-Received: by 2002:a17:902:5682:: with SMTP id j2-v6mr2204219pli.301.1520724390195; Sat, 10 Mar 2018 15:26:30 -0800 (PST) Received: from zzz.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id 205sm9496808pfw.88.2018.03.10.15.26.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 10 Mar 2018 15:26:29 -0800 (PST) From: Eric Biggers To: linux-crypto@vger.kernel.org, Steffen Klassert , Herbert Xu Cc: syzkaller-bugs@googlegroups.com, Eric Biggers Subject: [RFC PATCH] crypto: pcrypt - forbid recursive instantiation Date: Sat, 10 Mar 2018 15:22:31 -0800 Message-Id: <20180310232231.19191-1-ebiggers3@gmail.com> X-Mailer: git-send-email 2.16.2 In-Reply-To: <20171230083744.vuclnbs677tj7pi2@gauss3.secunet.de> References: <20171230083744.vuclnbs677tj7pi2@gauss3.secunet.de> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Eric Biggers If the pcrypt template is used multiple times in an algorithm, then a deadlock occurs because all pcrypt instances share the same padata_instance, which completes requests in the order submitted. That is, the inner pcrypt request waits for the outer pcrypt request while the outer request is already waiting for the inner. Fix this by making pcrypt forbid instantiation if pcrypt appears in the underlying ->cra_driver_name. This is somewhat of a hack, but it's a simple fix that should be sufficient to prevent the deadlock. Reproducer: #include #include #include int main() { struct sockaddr_alg addr = { .salg_type = "aead", .salg_name = "pcrypt(pcrypt(rfc4106-gcm-aesni))" }; int algfd, reqfd; char buf[32] = { 0 }; algfd = socket(AF_ALG, SOCK_SEQPACKET, 0); bind(algfd, (void *)&addr, sizeof(addr)); setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, 20); reqfd = accept(algfd, 0, 0); write(reqfd, buf, 32); read(reqfd, buf, 16); } Reported-by: syzbot+56c7151cad94eec37c521f0e47d2eee53f9361c4@syzkaller.appspotmail.com Fixes: 5068c7a883d1 ("crypto: pcrypt - Add pcrypt crypto parallelization wrapper") Cc: # v2.6.34+ Signed-off-by: Eric Biggers Acked-by: Steffen Klassert --- crypto/pcrypt.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c index f8ec3d4ba4a80..3ec64604f6a56 100644 --- a/crypto/pcrypt.c +++ b/crypto/pcrypt.c @@ -265,6 +265,12 @@ static void pcrypt_free(struct aead_instance *inst) static int pcrypt_init_instance(struct crypto_instance *inst, struct crypto_alg *alg) { + /* Recursive pcrypt deadlocks due to the shared padata_instance */ + if (!strncmp(alg->cra_driver_name, "pcrypt(", 7) || + strstr(alg->cra_driver_name, "(pcrypt(") || + strstr(alg->cra_driver_name, ",pcrypt(")) + return -EINVAL; + if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME, "pcrypt(%s)", alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME) return -ENAMETOOLONG;