| Message ID | E1idarb-0002qH-Va@gondobar (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: api - Fix spawn races | expand |
On Sat, Dec 07, 2019 at 10:15:15PM +0800, Herbert Xu wrote: > The function crypto_spawn_alg is racy because it drops the lock > before shooting the dying algorithm. The algorithm could disappear > altogether before we shoot it. > > This patch fixes it by moving the shooting into the locked section. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Does this need Fixes and Cc stable tags? - Eric
On Tue, Dec 10, 2019 at 07:38:28PM -0800, Eric Biggers wrote: > On Sat, Dec 07, 2019 at 10:15:15PM +0800, Herbert Xu wrote: > > The function crypto_spawn_alg is racy because it drops the lock > > before shooting the dying algorithm. The algorithm could disappear > > altogether before we shoot it. > > > > This patch fixes it by moving the shooting into the locked section. > > > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > > Does this need Fixes and Cc stable tags? Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns") I don't think we want this to go through stable right away. Perhaps a few cycles down the track it could be pushed to stable. It's certainly not an urgent problem. Cheers,
diff --git a/crypto/algapi.c b/crypto/algapi.c index 6869feb31c99..cc55301beef4 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -678,22 +678,16 @@ EXPORT_SYMBOL_GPL(crypto_drop_spawn); static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn) { struct crypto_alg *alg; - struct crypto_alg *alg2; down_read(&crypto_alg_sem); alg = spawn->alg; - alg2 = alg; - if (alg2) - alg2 = crypto_mod_get(alg2); - up_read(&crypto_alg_sem); - - if (!alg2) { - if (alg) - crypto_shoot_alg(alg); - return ERR_PTR(-EAGAIN); + if (alg && !crypto_mod_get(alg)) { + alg->cra_flags |= CRYPTO_ALG_DYING; + alg = NULL; } + up_read(&crypto_alg_sem); - return alg; + return alg ?: ERR_PTR(-EAGAIN); } struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type, diff --git a/crypto/api.c b/crypto/api.c index 55bca28df92d..0ef9f2a37d3d 100644 --- a/crypto/api.c +++ b/crypto/api.c @@ -344,13 +344,12 @@ static unsigned int crypto_ctxsize(struct crypto_alg *alg, u32 type, u32 mask) return len; } -void crypto_shoot_alg(struct crypto_alg *alg) +static void crypto_shoot_alg(struct crypto_alg *alg) { down_write(&crypto_alg_sem); alg->cra_flags |= CRYPTO_ALG_DYING; up_write(&crypto_alg_sem); } -EXPORT_SYMBOL_GPL(crypto_shoot_alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask) diff --git a/crypto/internal.h b/crypto/internal.h index 93df7bec844a..e506a57e2243 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -68,7 +68,6 @@ void crypto_alg_tested(const char *name, int err); void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list, struct crypto_alg *nalg); void crypto_remove_final(struct list_head *list); -void crypto_shoot_alg(struct crypto_alg *alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask); void *crypto_create_tfm(struct crypto_alg *alg,
The function crypto_spawn_alg is racy because it drops the lock before shooting the dying algorithm. The algorithm could disappear altogether before we shoot it. This patch fixes it by moving the shooting into the locked section. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> --- crypto/algapi.c | 16 +++++----------- crypto/api.c | 3 +-- crypto/internal.h | 1 - 3 files changed, 6 insertions(+), 14 deletions(-)