From patchwork Tue Nov 28 07:29:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 10078843 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 4B4966056A for ; Tue, 28 Nov 2017 07:30:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 21F6028408 for ; Tue, 28 Nov 2017 07:30:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 16C8928C9F; Tue, 28 Nov 2017 07:30:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 916B628408 for ; Tue, 28 Nov 2017 07:30:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751142AbdK1HaI (ORCPT ); Tue, 28 Nov 2017 02:30:08 -0500 Received: from mail-pl0-f65.google.com ([209.85.160.65]:36566 "EHLO mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752133AbdK1H3r (ORCPT ); Tue, 28 Nov 2017 02:29:47 -0500 Received: by mail-pl0-f65.google.com with SMTP id b12so10144937plm.3; Mon, 27 Nov 2017 23:29:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=/EbkLHnQ+zCtTiHJYbE+c7ACuvJXK3kPX7Gtm2oujqA=; b=nBTAK1h4vbboPmvw9BSPmbnFQ9LcLU1aNAh0VbUlCgql1BWhCpFj+MWmYk12S0vx9F fC815CANb+SqSrOTN1+eOMWTPetPFjBfN2OGVJc7z3LQfpBZy7WxEDXvbnkq0xanGLKj /Zu8H7QwcweUANchAsHM7+HmZtRUjT1uLiUksTN2Wk0sbG/iJuJfGCnrJXRtBrtFR/ww UpqFyBlpQtG12XwAqti5rIgZFNLUqPt3iT/fgAM/4oxPaC3KDKSiaCE31mBlki1PJild Y+QEFGgocvbge9WAvn3nOBm+tsJxsjMuWKnPiiIVOYnVUTdYJWu7LL2iSt1KZ+CHXRR2 l54w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=/EbkLHnQ+zCtTiHJYbE+c7ACuvJXK3kPX7Gtm2oujqA=; b=L2bvzV3IcBk2bylzshTOT/Nns8VouoF1owmK3Vx0XuDVsAUajwc7P7Hwo53CurMNR7 VJguxmbdIRxWv/KSNBZNF+9EmxqsxIJ3hRZzATq1IHBUtHgINfSvCOvXgPM4W8/Xox7Y C7UofAg5k/lFffnzVWIU7PrFjFqdEBqDBJzNzeRdZWV+7+/zufiILAwRz6NZ8fVNE2a7 C3PszHugFD/1XZzoGvk3HsyR4q/iFbwUZU3LUCJvagcrqJWpUg62JGT0ORKxd1b9XNeL m4aCivx4Eso1Sa9AzeX+z7zUPulZ8tCrOs+qNKMY4UTadNWV20HNZamskgN3s4eEf47f tJvw== X-Gm-Message-State: AJaThX7mjONt/cPdLsXESRJkeYYQ5x/3+9Oog1vQ2ZOisRrKaetP1YSG Lau58+wlxYBy0duK8I51U0E= X-Google-Smtp-Source: AGs4zMbBrCnB/HAY/HiXXWuGCfvoc1vNU2FyTp8rJ0aqojKXk9N3sIfM5THFP001TTrPWvM13NvhXg== X-Received: by 10.159.254.4 with SMTP id r4mr17604405pls.11.1511854186673; Mon, 27 Nov 2017 23:29:46 -0800 (PST) Received: from zzz.localdomain (c-67-185-97-198.hsd1.wa.comcast.net. [67.185.97.198]) by smtp.gmail.com with ESMTPSA id w184sm46433551pgb.36.2017.11.27.23.29.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 27 Nov 2017 23:29:46 -0800 (PST) Date: Mon, 27 Nov 2017 23:29:44 -0800 From: Eric Biggers To: Stephan Mueller Cc: syzbot , davem@davemloft.net, herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com Subject: Re: KASAN: use-after-free Read in aead_recvmsg Message-ID: <20171128072944.GA23565@zzz.localdomain> References: <001a113ebb5ece8a7a055efb7676@google.com> <2409323.isfI9bk5QC@positron.chronox.de> <20171127224308.GB8426@gmail.com> <5111191.QYDWLsXdp1@tauon.chronox.de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <5111191.QYDWLsXdp1@tauon.chronox.de> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Tue, Nov 28, 2017 at 07:30:46AM +0100, Stephan Mueller wrote: > Am Montag, 27. November 2017, 23:43:08 CET schrieb Eric Biggers: > > Hi Eric, > > > No, that doesn't help. I tested v4.15-rc1 with all the extra commits from > > crypto-2.6.git/master applied: > > > > crypto: algif_aead - skip SGL entries with NULL page > > crypto: af_alg - remove locking in async callback > > crypto: skcipher - Fix skcipher_walk_aead_common > > > > Did you use the .config the bot provided? It's possible the bug is only > > noticable with KASAN enabled. > > Not so far, but the bug seemed to be there without my patch and then gone > after testing it with my patch. It seems not. > > I will use your config then. > Sometimes you have to reboot to get the reproducer to work, because the bug has to do with referencing counting of the "null skcipher" which is a global resource. Here's a patch that fixes it, it seems: ---8<--- From 453b54793e843c0d5b8fd2d5e33fcc5427ec038e Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Mon, 27 Nov 2017 23:23:05 -0800 Subject: [PATCH] crypto: algif_aead - fix reference counting of null skcipher In the AEAD interface for AF_ALG, the reference to the "null skcipher" held by each tfm was being dropped in the wrong place -- when each af_alg_ctx was freed instead of when the aead_tfm was freed. As discovered by syzkaller, a specially crafted program could use this to cause the null skcipher to be freed while it is still in use. Fix it by dropping the reference in the right place. Fixes: 72548b093ee3 ("crypto: algif_aead - copy AAD from src to dst") Reported-by: syzbot Cc: # v4.14+ Signed-off-by: Eric Biggers Reviewed-by: Stephan Mueller --- crypto/algif_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c index 805f485ddf1b..48b34e9c6834 100644 --- a/crypto/algif_aead.c +++ b/crypto/algif_aead.c @@ -503,6 +503,7 @@ static void aead_release(void *private) struct aead_tfm *tfm = private; crypto_free_aead(tfm->aead); + crypto_put_default_null_skcipher2(); kfree(tfm); } @@ -535,7 +536,6 @@ static void aead_sock_destruct(struct sock *sk) unsigned int ivlen = crypto_aead_ivsize(tfm); af_alg_pull_tsgl(sk, ctx->used, NULL, 0); - crypto_put_default_null_skcipher2(); sock_kzfree_s(sk, ctx->iv, ivlen); sock_kfree_s(sk, ctx, ctx->len); af_alg_release_parent(sk);