linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Sabrina Dubroca <sd@queasysnail.net>,
	Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.4 26/45] crypto: ahash - Fix EINPROGRESS notification callback
Date: Wed, 19 Apr 2017 16:56:08 +0200	[thread overview]
Message-ID: <20170419141635.835159854@linuxfoundation.org> (raw)
In-Reply-To: <20170419141634.793081968@linuxfoundation.org>

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Herbert Xu <herbert@gondor.apana.org.au>

commit ef0579b64e93188710d48667cb5e014926af9f1b upstream.

The ahash API modifies the request's callback function in order
to clean up after itself in some corner cases (unaligned final
and missing finup).

When the request is complete ahash will restore the original
callback and everything is fine.  However, when the request gets
an EBUSY on a full queue, an EINPROGRESS callback is made while
the request is still ongoing.

In this case the ahash API will incorrectly call its own callback.

This patch fixes the problem by creating a temporary request
object on the stack which is used to relay EINPROGRESS back to
the original completion function.

This patch also adds code to preserve the original flags value.

Fixes: ab6bf4e5e5e4 ("crypto: hash - Fix the pointer voodoo in...")
Reported-by: Sabrina Dubroca <sd@queasysnail.net>
Tested-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/ahash.c                 |   79 +++++++++++++++++++++++++----------------
 include/crypto/internal/hash.h |   10 +++++
 2 files changed, 60 insertions(+), 29 deletions(-)

--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -31,6 +31,7 @@ struct ahash_request_priv {
 	crypto_completion_t complete;
 	void *data;
 	u8 *result;
+	u32 flags;
 	void *ubuf[] CRYPTO_MINALIGN_ATTR;
 };
 
@@ -270,6 +271,8 @@ static int ahash_save_req(struct ahash_r
 	priv->result = req->result;
 	priv->complete = req->base.complete;
 	priv->data = req->base.data;
+	priv->flags = req->base.flags;
+
 	/*
 	 * WARNING: We do not backup req->priv here! The req->priv
 	 *          is for internal use of the Crypto API and the
@@ -284,38 +287,44 @@ static int ahash_save_req(struct ahash_r
 	return 0;
 }
 
-static void ahash_restore_req(struct ahash_request *req)
+static void ahash_restore_req(struct ahash_request *req, int err)
 {
 	struct ahash_request_priv *priv = req->priv;
 
+	if (!err)
+		memcpy(priv->result, req->result,
+		       crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
+
 	/* Restore the original crypto request. */
 	req->result = priv->result;
-	req->base.complete = priv->complete;
-	req->base.data = priv->data;
+
+	ahash_request_set_callback(req, priv->flags,
+				   priv->complete, priv->data);
 	req->priv = NULL;
 
 	/* Free the req->priv.priv from the ADJUSTED request. */
 	kzfree(priv);
 }
 
-static void ahash_op_unaligned_finish(struct ahash_request *req, int err)
+static void ahash_notify_einprogress(struct ahash_request *req)
 {
 	struct ahash_request_priv *priv = req->priv;
+	struct crypto_async_request oreq;
 
-	if (err == -EINPROGRESS)
-		return;
-
-	if (!err)
-		memcpy(priv->result, req->result,
-		       crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
+	oreq.data = priv->data;
 
-	ahash_restore_req(req);
+	priv->complete(&oreq, -EINPROGRESS);
 }
 
 static void ahash_op_unaligned_done(struct crypto_async_request *req, int err)
 {
 	struct ahash_request *areq = req->data;
 
+	if (err == -EINPROGRESS) {
+		ahash_notify_einprogress(areq);
+		return;
+	}
+
 	/*
 	 * Restore the original request, see ahash_op_unaligned() for what
 	 * goes where.
@@ -326,7 +335,7 @@ static void ahash_op_unaligned_done(stru
 	 */
 
 	/* First copy req->result into req->priv.result */
-	ahash_op_unaligned_finish(areq, err);
+	ahash_restore_req(areq, err);
 
 	/* Complete the ORIGINAL request. */
 	areq->base.complete(&areq->base, err);
@@ -342,7 +351,12 @@ static int ahash_op_unaligned(struct aha
 		return err;
 
 	err = op(req);
-	ahash_op_unaligned_finish(req, err);
+	if (err == -EINPROGRESS ||
+	    (err == -EBUSY && (ahash_request_flags(req) &
+			       CRYPTO_TFM_REQ_MAY_BACKLOG)))
+		return err;
+
+	ahash_restore_req(req, err);
 
 	return err;
 }
@@ -377,25 +391,14 @@ int crypto_ahash_digest(struct ahash_req
 }
 EXPORT_SYMBOL_GPL(crypto_ahash_digest);
 
-static void ahash_def_finup_finish2(struct ahash_request *req, int err)
+static void ahash_def_finup_done2(struct crypto_async_request *req, int err)
 {
-	struct ahash_request_priv *priv = req->priv;
+	struct ahash_request *areq = req->data;
 
 	if (err == -EINPROGRESS)
 		return;
 
-	if (!err)
-		memcpy(priv->result, req->result,
-		       crypto_ahash_digestsize(crypto_ahash_reqtfm(req)));
-
-	ahash_restore_req(req);
-}
-
-static void ahash_def_finup_done2(struct crypto_async_request *req, int err)
-{
-	struct ahash_request *areq = req->data;
-
-	ahash_def_finup_finish2(areq, err);
+	ahash_restore_req(areq, err);
 
 	areq->base.complete(&areq->base, err);
 }
@@ -406,11 +409,15 @@ static int ahash_def_finup_finish1(struc
 		goto out;
 
 	req->base.complete = ahash_def_finup_done2;
-	req->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+
 	err = crypto_ahash_reqtfm(req)->final(req);
+	if (err == -EINPROGRESS ||
+	    (err == -EBUSY && (ahash_request_flags(req) &
+			       CRYPTO_TFM_REQ_MAY_BACKLOG)))
+		return err;
 
 out:
-	ahash_def_finup_finish2(req, err);
+	ahash_restore_req(req, err);
 	return err;
 }
 
@@ -418,7 +425,16 @@ static void ahash_def_finup_done1(struct
 {
 	struct ahash_request *areq = req->data;
 
+	if (err == -EINPROGRESS) {
+		ahash_notify_einprogress(areq);
+		return;
+	}
+
+	areq->base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+
 	err = ahash_def_finup_finish1(areq, err);
+	if (areq->priv)
+		return;
 
 	areq->base.complete(&areq->base, err);
 }
@@ -433,6 +449,11 @@ static int ahash_def_finup(struct ahash_
 		return err;
 
 	err = tfm->update(req);
+	if (err == -EINPROGRESS ||
+	    (err == -EBUSY && (ahash_request_flags(req) &
+			       CRYPTO_TFM_REQ_MAY_BACKLOG)))
+		return err;
+
 	return ahash_def_finup_finish1(req, err);
 }
 
--- a/include/crypto/internal/hash.h
+++ b/include/crypto/internal/hash.h
@@ -173,6 +173,16 @@ static inline struct ahash_instance *aha
 	return crypto_alloc_instance2(name, alg, ahash_instance_headroom());
 }
 
+static inline void ahash_request_complete(struct ahash_request *req, int err)
+{
+	req->base.complete(&req->base, err);
+}
+
+static inline u32 ahash_request_flags(struct ahash_request *req)
+{
+	return req->base.flags;
+}
+
 static inline struct crypto_ahash *crypto_spawn_ahash(
 	struct crypto_ahash_spawn *spawn)
 {

  parent reply	other threads:[~2017-04-19 15:04 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-04-19 14:55 [PATCH 4.4 00/45] 4.4.63-stable review Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 01/45] cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 02/45] thp: fix MADV_DONTNEED vs clear soft dirty race Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 03/45] drm/nouveau/mpeg: mthd returns true on success now Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 04/45] drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 05/45] CIFS: store results of cifs_reopen_file to avoid infinite wait Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 06/45] Input: xpad - add support for Razer Wildcat gamepad Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 07/45] perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 08/45] x86/vdso: Ensure vdso32_enabled gets set to valid values only Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 09/45] x86/vdso: Plug race between mapping and ELF header setup Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 10/45] acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison) Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 11/45] iscsi-target: Fix TMR reference leak during session shutdown Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 12/45] iscsi-target: Drop work-around for legacy GlobalSAN initiator Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 13/45] scsi: sr: Sanity check returned mode data Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 14/45] scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 15/45] scsi: sd: Fix capacity calculation with 32-bit sector_t Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 16/45] xen, fbfront: fix connecting to backend Greg Kroah-Hartman
2017-04-19 14:55 ` [PATCH 4.4 17/45] libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 18/45] irqchip/irq-imx-gpcv2: Fix spinlock initialization Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 19/45] ftrace: Fix removing of second function probe Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 20/45] char: Drop bogus dependency of DEVPORT on !M68K Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 21/45] char: lack of bool string made CONFIG_DEVPORT always on Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 22/45] Revert "MIPS: Lantiq: Fix cascaded IRQ setup" Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 23/45] kvm: fix page struct leak in handle_vmon Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 24/45] zram: do not use copy_page with non-page aligned address Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 25/45] powerpc: Disable HFSCR[TM] if TM is not supported Greg Kroah-Hartman
2017-04-19 14:56 ` Greg Kroah-Hartman [this message]
2017-04-19 14:56 ` [PATCH 4.4 27/45] ath9k: fix NULL pointer dereference Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 28/45] [media] dvb-usb-v2: avoid use-after-free Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 29/45] ext4: fix inode checksum calculation problem if i_extra_size is small Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 31/45] rtc: tegra: Implement clock handling Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 32/45] mm: Tighten x86 /dev/mem with zeroing reads Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 33/45] [media] dvb-usb: dont use stack for firmware load Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 35/45] virtio-console: avoid DMA from stack Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 37/45] rtl8150: Use heap buffers for all register access Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 38/45] catc: Combine failure cleanup code in catc_probe() Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 39/45] catc: Use heap buffer for memory size test Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 40/45] ibmveth: calculate gso_segs for large packets Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 41/45] SUNRPC: fix refcounting problems with auth_gss messages Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 42/45] tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 44/45] sctp: deny peeloff operation on asocs with threads sleeping on it Greg Kroah-Hartman
2017-04-19 14:56 ` [PATCH 4.4 45/45] MIPS: fix Select HAVE_IRQ_EXIT_ON_IRQ_STACK patch Greg Kroah-Hartman
2017-04-19 20:39 ` [PATCH 4.4 00/45] 4.4.63-stable review Shuah Khan
2017-04-19 23:21 ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170419141635.835159854@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-kernel@vger.kernel.org \
    --cc=sd@queasysnail.net \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).