From patchwork Fri Feb 26 11:44:11 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Milan Broz <gmazyland@gmail.com>
X-Patchwork-Id: 8436121
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
X-Original-To: patchwork-linux-crypto@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 238A5C0553
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Fri, 26 Feb 2016 11:44:34 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 110F3203A0
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Fri, 26 Feb 2016 11:44:33 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 1FC0020397
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Fri, 26 Feb 2016 11:44:32 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752171AbcBZLo3 (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Fri, 26 Feb 2016 06:44:29 -0500
Received: from mail-wm0-f67.google.com ([74.125.82.67]:36623 "EHLO
	mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751569AbcBZLo1 (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Fri, 26 Feb 2016 06:44:27 -0500
Received: by mail-wm0-f67.google.com with SMTP id a4so8612518wme.3;
	Fri, 26 Feb 2016 03:44:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Du7JUJtQvXGdC0dXPJ5aWXOx8o+Qis45Q4MrWgNyQxw=;
	b=bMf0VWFOW/HBAo54rjH5/S8JsQeR6qjMW8Ts4Y5HJEvD2J/KShNasasYsf/kCixHmd
	SK4agd800IechKdgAIh8q3QwKKaU4XScoQgGeXRIKPqbX9SHHNbL/nF5o3It9hv1zk5b
	CuxACoTikmmLAIK5/wRe8amsMqvgYlrDjmWFE9c4k0hIJR6f2cGaUKoB/wA0E8b658JU
	w/MG4tdJ/10r35naTb3FuuOKwBWW/d0QgitceFbNclj4MRAd/g2oA/9dATG2GsDi7G8X
	UKbijP+z5emzaFoUzhAdqGBrXn3Dt3MY4lcGzZkRa8QkBnitt1D0lQm3hjWq5BEcb8rw
	TxSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Du7JUJtQvXGdC0dXPJ5aWXOx8o+Qis45Q4MrWgNyQxw=;
	b=G9dIz9QB38OINLoaIcyb6X7Jar5r7VaW0DAi1AdJJmbwCJJrW2ybtezjeclbon4eP5
	j42iBGdP/1O2JvAiMB+H6ZNjWXBm3E1DEXECPU24+NwfyvQzZ9YgO8ztDxf8ysPci07t
	JK/oZ8aDYdZ3xbkJyyF2YB94np4xYzXM7nspxcXJda8rZkRTH2r6BSyQA796y10FAdxg
	qkK+DkL1pbeeGBPbecCVad+QAc20fV9fw3D0yDtkt/owmpoFxZ2Yr+arocWmD5Os2Q3h
	slFEwv1MgUpK54VYw5JP451gY9o+rTfPm6yGySLJjUgj8J+0CG+OEnrBSUeh55tBhYgU
	8SBg==
X-Gm-Message-State: 
 AD7BkJJxMN8V64bFaXAM92w9q0AHC4qwcOhLb8JEAPvmUcpKkV65ipgRSL0Ln7iro0zXhg==
X-Received: by 10.28.23.75 with SMTP id 72mr2834729wmx.50.1456487065413;
	Fri, 26 Feb 2016 03:44:25 -0800 (PST)
Received: from merlot.mazyland.net (hector.fi.muni.cz. [147.251.42.24])
	by smtp.gmail.com with ESMTPSA id
	j10sm12058768wjb.46.2016.02.26.03.44.24
	(version=TLSv1/SSLv3 cipher=OTHER);
	Fri, 26 Feb 2016 03:44:25 -0800 (PST)
From: Milan Broz <gmazyland@gmail.com>
To: linux-crypto@vger.kernel.org
Cc: stable@vger.kernel.org, Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4/4] crypto: algif_skcipher - Fix race condition in
	skcipher_check_key
Date: Fri, 26 Feb 2016 12:44:11 +0100
Message-Id: <1456487051-14652-4-git-send-email-gmazyland@gmail.com>
X-Mailer: git-send-email 2.7.0
In-Reply-To: <1456487051-14652-1-git-send-email-gmazyland@gmail.com>
References: <56D0361B.8040301@gmail.com>
	<1456487051-14652-1-git-send-email-gmazyland@gmail.com>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Herbert Xu <herbert@gondor.apana.org.au>

    commit 1822793a523e5d5730b19cc21160ff1717421bc8 upstream.

    We need to lock the child socket in skcipher_check_key as otherwise
    two simultaneous calls can cause the parent socket to be freed.

    Cc: stable@vger.kernel.org
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---
 crypto/algif_skcipher.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 83bcf75..c0f0356 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -757,22 +757,23 @@ static struct proto_ops algif_skcipher_ops = {
 
 static int skcipher_check_key(struct socket *sock)
 {
-	int err;
+	int err = 0;
 	struct sock *psk;
 	struct alg_sock *pask;
 	struct skcipher_tfm *tfm;
 	struct sock *sk = sock->sk;
 	struct alg_sock *ask = alg_sk(sk);
 
+	lock_sock(sk);
 	if (ask->refcnt)
-		return 0;
+		goto unlock_child;
 
 	psk = ask->parent;
 	pask = alg_sk(ask->parent);
 	tfm = pask->private;
 
 	err = -ENOKEY;
-	lock_sock(psk);
+	lock_sock_nested(psk, SINGLE_DEPTH_NESTING);
 	if (!tfm->has_key)
 		goto unlock;
 
@@ -786,6 +787,8 @@ static int skcipher_check_key(struct socket *sock)
 
 unlock:
 	release_sock(psk);
+unlock_child:
+	release_sock(sk);
 
 	return err;
 }