diff mbox

[v2] crypto: remove instance when test failed

Message ID	3394653.LODBE1uz62@tachyon.chronox.de (mailing list archive)
State	Changes Requested
Delegated to:	Herbert Xu
Headers	show Return-Path: <linux-crypto-owner@kernel.org> From: Stephan Mueller <smueller@chronox.de> To: herbert@gondor.apana.org.au Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] crypto: remove instance when test failed Date: Thu, 02 Apr 2015 19:05:27 +0200 Message-ID: <3394653.LODBE1uz62@tachyon.chronox.de> User-Agent: KMail/4.14.6 (Linux/3.19.3-200.fc21.x86_64; KDE/4.14.6; x86_64; ; ) MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk

Commit Message

Stephan Mueller April 2, 2015, 5:05 p.m. UTC

A cipher instance is added to the list of instances unconditionally
regardless of whether the associated test failed. However, a failed
test implies that during another lookup, the cipher instance will
be added to the list again as it will not be found by the lookup
code.

That means that the list can be filled up with instances whose tests
failed.

Note: tests only fail in reality in FIPS mode when a cipher is not
marked as fips_allowed=1. This can be seen with cmac(des3_ede) that does
not have a fips_allowed=1. When allocating the cipher, the allocation
fails with -ENOENT due to the missing fips_allowed=1 flag (which
causes the testmgr to return EINVAL). Yet, the instance of
cmac(des3_ede) is shown in /proc/crypto. Allocating the cipher again
fails again, but a 2nd instance is listed in /proc/crypto.

The patch simply de-registers the instance when the testing failed.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
---
 crypto/algapi.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Herbert Xu April 3, 2015, 9:58 a.m. UTC | #1

On Thu, Apr 02, 2015 at 07:05:27PM +0200, Stephan Mueller wrote:
>
> diff --git a/crypto/algapi.c b/crypto/algapi.c
> index 83b04e0..215c604 100644
> --- a/crypto/algapi.c
> +++ b/crypto/algapi.c
> @@ -545,6 +545,10 @@ unlock:
>  		goto err;
>  
>  	crypto_wait_for_test(larval);
> +
> +	/* Remove instance if test failed */
> +	if (!(inst->alg.cra_flags & CRYPTO_ALG_TESTED))
> +		crypto_unregister_instance(inst);

Unfortunately I don't think this is safe because the moment you
release the mutex the instance can be freed.  So you'll need to
hold a reference to it.

Cheers,

Stephan Mueller April 3, 2015, 3:17 p.m. UTC | #2

Am Freitag, 3. April 2015, 17:58:28 schrieb Herbert Xu:

Hi Herbert,

> On Thu, Apr 02, 2015 at 07:05:27PM +0200, Stephan Mueller wrote:
> > diff --git a/crypto/algapi.c b/crypto/algapi.c
> > index 83b04e0..215c604 100644
> > --- a/crypto/algapi.c
> > +++ b/crypto/algapi.c
> > 
> > @@ -545,6 +545,10 @@ unlock:
> >  		goto err;
> >  	
> >  	crypto_wait_for_test(larval);
> > 
> > +
> > +	/* Remove instance if test failed */
> > +	if (!(inst->alg.cra_flags & CRYPTO_ALG_TESTED))
> > +		crypto_unregister_instance(inst);
> 
> Unfortunately I don't think this is safe because the moment you
> release the mutex the instance can be freed.  So you'll need to
> hold a reference to it.
> 
> Cheers,

Wpuldn't crypto_del_alg suffer from the same issue? I see that the cra_refcnt 
is checked. But I guess there would be the same kind of race?

Herbert Xu April 3, 2015, 3:52 p.m. UTC | #3

On Fri, Apr 03, 2015 at 05:17:13PM +0200, Stephan Mueller wrote:
>
> Wpuldn't crypto_del_alg suffer from the same issue? I see that the cra_refcnt 
> is checked. But I guess there would be the same kind of race?

You're quite right.  It too needs to take a ref count on the
algorithm in crypto_alg_match before releasing the mutex.

Cheers,

Stephan Mueller April 3, 2015, 7:29 p.m. UTC | #4

Am Freitag, 3. April 2015, 23:52:46 schrieb Herbert Xu:

Hi Herbert,

> On Fri, Apr 03, 2015 at 05:17:13PM +0200, Stephan Mueller wrote:
> > Wpuldn't crypto_del_alg suffer from the same issue? I see that the
> > cra_refcnt is checked. But I guess there would be the same kind of race?
> 
> You're quite right.  It too needs to take a ref count on the
> algorithm in crypto_alg_match before releasing the mutex.
> 

What about moving the current crypto_unregister_instance into 
__crypto_unregister_instance and creating a new crypto_unregister_instance 
that takes the ref count and once it got it, it calls 
__crypto_unregister_instance. If it did not get the ref count, it simply 
returns because the inst apparently was already removed.

Only the crypto_unregister_instance is EXPORT_SYMBOL whereas the 
__crypto_unregister_instance is static.

> Cheers,

Herbert Xu April 6, 2015, 4:45 a.m. UTC | #5

On Fri, Apr 03, 2015 at 09:29:44PM +0200, Stephan Mueller wrote:
>
> What about moving the current crypto_unregister_instance into 
> __crypto_unregister_instance and creating a new crypto_unregister_instance 
> that takes the ref count and once it got it, it calls 
> __crypto_unregister_instance. If it did not get the ref count, it simply 
> returns because the inst apparently was already removed.
> 
> Only the crypto_unregister_instance is EXPORT_SYMBOL whereas the 
> __crypto_unregister_instance is static.

That's not going to work because you need to grab the reference
count before you release the mutex.  Let me fix up crypto_user first
and then you can use it for your case too (or at least borrow the
idea).

Cheers,

diff mbox

Patch

diff --git a/crypto/algapi.c b/crypto/algapi.c
index 83b04e0..215c604 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -545,6 +545,10 @@  unlock:
 		goto err;
 
 	crypto_wait_for_test(larval);
+
+	/* Remove instance if test failed */
+	if (!(inst->alg.cra_flags & CRYPTO_ALG_TESTED))
+		crypto_unregister_instance(inst);
 	err = 0;
 
 err: