From: Herbert Xu <herbert@gondor.apana.org.au>
To: Stephan Mueller <smueller@chronox.de>
Cc: Eric Biggers <ebiggers3@gmail.com>,
syzbot
<bot+3401d9494b9380f7244bcc7fec49680878fccba6@syzkaller.appspotmail.com>,
davem@davemloft.net, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH v2] crypto: AF_ALG - race-free access of encryption flag
Date: Wed, 29 Nov 2017 18:10:49 +1100 [thread overview]
Message-ID: <20171129071049.GA23023@gondor.apana.org.au> (raw)
In-Reply-To: <2865588.MNjhcg78tp@tauon.chronox.de>
On Wed, Nov 29, 2017 at 07:48:53AM +0100, Stephan Mueller wrote:
> Am Mittwoch, 29. November 2017, 00:02:40 CET schrieb Herbert Xu:
>
> > This is wrong. You can't fetch ctx->enc before you wait. It has
> > to be done after the wait as otherwise ctx->enc may not even have
> > been initialised.
>
> All ctx variables are initialized in aead_accept_parent_nokey. Thus, if no
> sendmsg call is invoked by user space, at least a valid operation is
> performed.
I didn't mean initialised literally, I meant the value the user
specified in sendmsg. If the recvmsg call precedes sendmsg then
you can't possibly get the value that the user supplied.
> I am wondering about the wait call inside the while () in af_alg_get_rsgl:
> this has been taken from algif_skcipher. It would seem that moving the wait
> call to the beginning of the recvmsg call would be applicable to skcipher as
> well. I.e. the wait call should be removed from af_alg_get_rsgl entirely and
> placed at the beginning the recvmsg function in both, the aead and skcipher
> code paths.
It sort of worked for skcipher because it didn't care if ctx->enc
or even ctx->iv changed midstream. But even there I don't think
we need to wait a second time. In fact waiting a second time could
result in a dead-lock if no sendmsg call came around.
So we should definitely wait only once for both aead and skcipher.
Back to the original problem of ctx->enc changing midstream. I
suppose it could actually be valid, e.g., when one request ended
and you wish to sendmsg a second request while the first is yet
to be started by recvmsg.
So perhaps we can fix it by actually putting such request-specific
information into a list along with the data rather than storing
it in ctx directly as we do now.
But anyway this isn't suitable for stable where we should just fix
it by making it not crash.
Thanks,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2017-11-29 7:11 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 18:56 general protection fault in blkcipher_walk_done syzbot
2017-11-27 18:56 ` syzbot
2017-11-28 5:37 ` Eric Biggers
2017-11-28 5:37 ` Eric Biggers
2017-11-28 7:53 ` Eric Biggers
2017-11-28 7:53 ` Eric Biggers
2017-11-28 8:31 ` Stephan Mueller
2017-11-28 8:31 ` Stephan Mueller
2017-11-28 9:03 ` Stephan Mueller
2017-11-28 9:03 ` Stephan Mueller
2017-11-28 21:33 ` [PATCH v2] crypto: AF_ALG - race-free access of encryption flag Stephan Müller
2017-11-28 21:33 ` Stephan Müller
2017-11-28 22:40 ` Eric Biggers
2017-11-28 22:40 ` Eric Biggers
2017-11-28 23:02 ` Herbert Xu
2017-11-28 23:02 ` Herbert Xu
2017-11-29 6:48 ` Stephan Mueller
2017-11-29 6:48 ` Stephan Mueller
2017-11-29 7:10 ` Herbert Xu [this message]
2017-11-29 7:10 ` Herbert Xu
2017-11-29 7:17 ` Stephan Mueller
2017-11-29 7:17 ` Stephan Mueller
2017-11-29 10:17 ` [PATCH] crypto: AF_ALG - wait for data at beginning of recvmsg Stephan Müller
2017-11-29 10:17 ` Stephan Müller
2017-11-29 10:22 ` Herbert Xu
2017-11-29 10:22 ` Herbert Xu
2017-11-29 10:28 ` Stephan Mueller
2017-11-29 10:28 ` Stephan Mueller
2017-11-29 10:42 ` Herbert Xu
2017-11-29 10:42 ` Herbert Xu
2017-11-29 11:02 ` [PATCH v2] " Stephan Müller
2017-11-29 11:02 ` Stephan Müller
2017-12-11 11:45 ` Herbert Xu
2017-12-11 11:45 ` Herbert Xu
2017-11-29 11:05 ` [PATCH v2] crypto: AF_ALG - race-free access of encryption flag Stephan Müller
2017-11-29 11:05 ` Stephan Müller
2017-11-29 12:17 ` Herbert Xu
2017-11-29 12:17 ` Herbert Xu
2017-12-11 19:10 ` general protection fault in blkcipher_walk_done Eric Biggers
2017-12-11 19:10 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171129071049.GA23023@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=bot+3401d9494b9380f7244bcc7fec49680878fccba6@syzkaller.appspotmail.com \
--cc=davem@davemloft.net \
--cc=ebiggers3@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=smueller@chronox.de \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.