crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
diff mbox series

Message ID 20191129084024.arwefx7bpvvxpyjk@gondor.apana.org.au
State Accepted
Delegated to: Herbert Xu
Headers show
Series
  • crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
Related show

Commit Message

Herbert Xu Nov. 29, 2019, 8:40 a.m. UTC
On Wed, Nov 27, 2019 at 11:14:52AM -0800, Eric Biggers wrote:
>
> I tried applying the following patches and running syzkaller again:
> 
> 	padata: Remove unused padata_remove_cpu
> 	padata: Remove broken queue flushing
> 	crypto: pcrypt - Fix user-after-free on module unload
> 	[v3] crypto: pcrypt - Avoid deadlock by using per-instance padata queues
> 
> This time I got a crypto self-test failure when
> "pcrypt(pcrypt(rfc4106-gcm-aesni))" was instantiated:
> 
> [ 2220.165113] alg: aead: pcrypt(pcrypt(rfc4106-gcm-aesni)) encryption corrupted request struct on test vector 0, cfg="uneven misaligned splits, may sleep"
> [ 2220.170295] alg: aead: changed 'req->base.flags'
> [ 2220.171799] Kernel panic - not syncing: alg: self-tests for pcrypt(pcrypt(rfc4106-gcm-aesni)) (rfc4106(gcm(aes))) failed in panic_on_fail mode!
> 
> So the algorithm is not preserving aead_request::base.flags.

Thanks for the report.  This is a preexisting bug in pcrypt.  Here
is a patch for it.

---8<---
We should not be modifying the original request's MAY_SLEEP flag
upon completion.  It makes no sense to do so anyway.

Reported-by: Eric Biggers <ebiggers@kernel.org>
Fixes: 5068c7a883d1 ("crypto: pcrypt - Add pcrypt crypto...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Comments

Eric Biggers Nov. 29, 2019, 7:24 p.m. UTC | #1
On Fri, Nov 29, 2019 at 04:40:24PM +0800, Herbert Xu wrote:
> On Wed, Nov 27, 2019 at 11:14:52AM -0800, Eric Biggers wrote:
> >
> > I tried applying the following patches and running syzkaller again:
> > 
> > 	padata: Remove unused padata_remove_cpu
> > 	padata: Remove broken queue flushing
> > 	crypto: pcrypt - Fix user-after-free on module unload
> > 	[v3] crypto: pcrypt - Avoid deadlock by using per-instance padata queues
> > 
> > This time I got a crypto self-test failure when
> > "pcrypt(pcrypt(rfc4106-gcm-aesni))" was instantiated:
> > 
> > [ 2220.165113] alg: aead: pcrypt(pcrypt(rfc4106-gcm-aesni)) encryption corrupted request struct on test vector 0, cfg="uneven misaligned splits, may sleep"
> > [ 2220.170295] alg: aead: changed 'req->base.flags'
> > [ 2220.171799] Kernel panic - not syncing: alg: self-tests for pcrypt(pcrypt(rfc4106-gcm-aesni)) (rfc4106(gcm(aes))) failed in panic_on_fail mode!
> > 
> > So the algorithm is not preserving aead_request::base.flags.
> 
> Thanks for the report.  This is a preexisting bug in pcrypt.  Here
> is a patch for it.
> 
> ---8<---
> We should not be modifying the original request's MAY_SLEEP flag
> upon completion.  It makes no sense to do so anyway.
> 
> Reported-by: Eric Biggers <ebiggers@kernel.org>
> Fixes: 5068c7a883d1 ("crypto: pcrypt - Add pcrypt crypto...")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> 
> diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
> index 543792e0ebf0..2f6f81183e45 100644
> --- a/crypto/pcrypt.c
> +++ b/crypto/pcrypt.c
> @@ -63,7 +63,6 @@ static void pcrypt_aead_done(struct crypto_async_request *areq, int err)
>  	struct padata_priv *padata = pcrypt_request_padata(preq);
>  
>  	padata->info = err;
> -	req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
>  
>  	padata_do_serial(padata);
>  }

Tested-by: Eric Biggers <ebiggers@kernel.org>

Patch
diff mbox series

diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index 543792e0ebf0..2f6f81183e45 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -63,7 +63,6 @@  static void pcrypt_aead_done(struct crypto_async_request *areq, int err)
 	struct padata_priv *padata = pcrypt_request_padata(preq);
 
 	padata->info = err;
-	req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
 
 	padata_do_serial(padata);
 }