github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
dcd0c5e7de
linux/crypto
History
Daniel Jordan fb657a4e12 crypto: pcrypt - Delay write to padata->info 
[ Upstream commit 68b6dea802 ]

These three events can race when pcrypt is used multiple times in a
template ("pcrypt(pcrypt(...))"):

  1.  [taskA] The caller makes the crypto request via crypto_aead_encrypt()
  2.  [kworkerB] padata serializes the inner pcrypt request
  3.  [kworkerC] padata serializes the outer pcrypt request

3 might finish before the call to crypto_aead_encrypt() returns in 1,
resulting in two possible issues.

First, a use-after-free of the crypto request's memory when, for
example, taskA writes to the outer pcrypt request's padata->info in
pcrypt_aead_enc() after kworkerC completes the request.

Second, the outer pcrypt request overwrites the inner pcrypt request's
return code with -EINPROGRESS, making a successful request appear to
fail.  For instance, kworkerB writes the outer pcrypt request's
padata->info in pcrypt_aead_done() and then taskA overwrites it
in pcrypt_aead_enc().

Avoid both situations by delaying the write of padata->info until after
the inner crypto request's return code is checked.  This prevents the
use-after-free by not touching the crypto request's memory after the
next-inner crypto request is made, and stops padata->info from being
overwritten.

Fixes: 5068c7a883 ("crypto: pcrypt - Add pcrypt crypto parallelization wrapper")
Reported-by: syzbot+b187b77c8474f9648fae@syzkaller.appspotmail.com
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-11-18 19:16:44 +01:00
..
asymmetric_keys certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
async_tx async_xor: check src_offs is not NULL before updating it 2021-06-10 19:40:14 -07:00
842.c
acompress.c
adiantum.c
aead.c
aegis.h
aegis128-core.c
aegis128-neon-inner.c
aegis128-neon.c
aes_generic.c
aes_ti.c
af_alg.c crypto: af_alg - use DIV_ROUND_UP helper macro for calculations 2021-06-03 20:24:04 +08:00
ahash.c
akcipher.c
algapi.c crypto: api - remove CRYPTOA_U32 and related functions 2021-06-17 15:07:31 +08:00
algboss.c crypto: api - remove CRYPTOA_U32 and related functions 2021-06-17 15:07:31 +08:00
algif_aead.c
algif_hash.c
algif_rng.c
algif_skcipher.c
ansi_cprng.c
anubis.c
api.c
arc4.c
authenc.c
authencesn.c
blake2b_generic.c
blake2s_generic.c
blowfish_common.c
blowfish_generic.c
camellia_generic.c
cast_common.c
cast5_generic.c
cast6_generic.c
cbc.c
ccm.c
cfb.c
chacha_generic.c
chacha20poly1305.c
cipher.c
cmac.c
compress.c
crc32_generic.c crypto: crc32-generic - Use SPDX-License-Identifier 2021-04-16 21:24:27 +10:00
crc32c_generic.c
crct10dif_common.c
crct10dif_generic.c
cryptd.c
crypto_engine.c
crypto_null.c
crypto_user_base.c
crypto_user_stat.c
ctr.c
cts.c
curve25519-generic.c
deflate.c
des_generic.c
dh_helper.c
dh.c
drbg.c crypto: DRBG - switch to HMAC SHA512 DRBG as default DRBG 2021-05-28 15:11:45 +08:00
ecb.c
ecc_curve_defs.h
ecc.c
ecc.h crypto: ecc - handle unaligned input buffer in ecc_swap_digits 2021-07-30 10:58:36 +08:00
ecdh_helper.c
ecdh.c crypto: ecdh - register NIST P384 tfm 2021-05-28 15:11:47 +08:00
ecdsa.c
ecdsasignature.asn1
echainiv.c
ecrdsa_defs.h
ecrdsa_params.asn1
ecrdsa_pub_key.asn1
ecrdsa.c
essiv.c
fcrypt.c
fips.c
gcm.c
geniv.c
gf128mul.c
ghash-generic.c
hash_info.c
hmac.c
internal.h crypto: api - Move crypto attr definitions out of crypto.h 2021-06-24 14:51:35 +08:00
jitterentropy-kcapi.c
jitterentropy.c
jitterentropy.h
Kconfig crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency 2021-11-18 19:16:29 +01:00
keywrap.c
khazad.c crypto: khazad,wp512 - remove leading spaces before tabs 2021-05-28 15:11:44 +08:00
kpp.c
lrw.c
lz4.c
lz4hc.c
lzo-rle.c
lzo.c
Makefile crypto: rmd320 - remove rmd320 in Makefile 2021-08-27 16:30:18 +08:00
md4.c
md5.c
memneq.c
michael_mic.c
nhpoly1305.c
ofb.c
pcbc.c
pcrypt.c crypto: pcrypt - Delay write to padata->info 2021-11-18 19:16:44 +01:00
poly1305_generic.c
proc.c
ripemd.h
rmd160.c
rng.c
rsa_helper.c
rsa-pkcs1pad.c
rsa.c
rsaprivkey.asn1
rsapubkey.asn1
scatterwalk.c
scompress.c
seed.c
seqiv.c
serpent_generic.c
sha1_generic.c
sha3_generic.c
sha256_generic.c
sha512_generic.c crypto: sha512 - remove imaginary and mystifying clearing of variables 2021-08-27 16:30:19 +08:00
shash.c crypto: shash - avoid comparing pointers to exported functions under CFI 2021-06-17 15:07:31 +08:00
simd.c
skcipher.c crypto: skcipher - in_irq() cleanup 2021-08-21 15:44:58 +08:00
sm2.c crypto: sm2 - fix a memory leak in sm2 2021-06-11 15:03:30 +08:00
sm2signature.asn1
sm3_generic.c
sm4_generic.c crypto: arm64/sm4-ce - Make dependent on sm4 library instead of sm4-generic 2021-07-30 10:58:30 +08:00
streebog_generic.c
tcrypt.c crypto: tcrypt - fix skcipher multi-buffer tests for 1420B blocks 2021-11-18 19:16:39 +01:00
tcrypt.h
tea.c
testmgr.c crypto: testmgr - Add GCM/CCM mode test of SM4 algorithm 2021-08-21 15:44:57 +08:00
testmgr.h crypto: testmgr - Add GCM/CCM mode test of SM4 algorithm 2021-08-21 15:44:57 +08:00
twofish_common.c
twofish_generic.c
vmac.c
wp512.c crypto: wp512 - correct a non-kernel-doc comment 2021-08-12 19:32:17 +08:00
xcbc.c
xor.c
xts.c
xxhash_generic.c
zstd.c