* [PATCH] crypto: essiv - Handle EBUSY correctly
@ 2023-01-13 10:24 Herbert Xu
2023-01-13 11:05 ` Ard Biesheuvel
0 siblings, 1 reply; 2+ messages in thread
From: Herbert Xu @ 2023-01-13 10:24 UTC (permalink / raw)
To: Linux Crypto Mailing List, Ard Biesheuvel
As it is essiv only handles the special return value of EINPROGERSS,
which means that in all other cases it will free data related to the
request.
However, as the caller of essiv may specify MAY_BACKLOG, we also need
to expect EBUSY and treat it in the same way. Otherwise backlogged
requests will trigger a use-after-free.
Fixes: be1eb7f78aa8 ("crypto: essiv - create wrapper template...")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/crypto/essiv.c b/crypto/essiv.c
index e33369df9034..307eba74b901 100644
--- a/crypto/essiv.c
+++ b/crypto/essiv.c
@@ -171,7 +171,12 @@ static void essiv_aead_done(struct crypto_async_request *areq, int err)
struct aead_request *req = areq->data;
struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
+ if (err == -EINPROGRESS)
+ goto out;
+
kfree(rctx->assoc);
+
+out:
aead_request_complete(req, err);
}
@@ -247,7 +252,7 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc)
err = enc ? crypto_aead_encrypt(subreq) :
crypto_aead_decrypt(subreq);
- if (rctx->assoc && err != -EINPROGRESS)
+ if (rctx->assoc && err != -EINPROGRESS && err != -EBUSY)
kfree(rctx->assoc);
return err;
}
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] crypto: essiv - Handle EBUSY correctly
2023-01-13 10:24 [PATCH] crypto: essiv - Handle EBUSY correctly Herbert Xu
@ 2023-01-13 11:05 ` Ard Biesheuvel
0 siblings, 0 replies; 2+ messages in thread
From: Ard Biesheuvel @ 2023-01-13 11:05 UTC (permalink / raw)
To: Herbert Xu; +Cc: Linux Crypto Mailing List
On Fri, 13 Jan 2023 at 11:24, Herbert Xu <herbert@gondor.apana.org.au> wrote:
>
> As it is essiv only handles the special return value of EINPROGERSS,
> which means that in all other cases it will free data related to the
> request.
>
> However, as the caller of essiv may specify MAY_BACKLOG, we also need
> to expect EBUSY and treat it in the same way. Otherwise backlogged
> requests will trigger a use-after-free.
>
> Fixes: be1eb7f78aa8 ("crypto: essiv - create wrapper template...")
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
>
> diff --git a/crypto/essiv.c b/crypto/essiv.c
> index e33369df9034..307eba74b901 100644
> --- a/crypto/essiv.c
> +++ b/crypto/essiv.c
> @@ -171,7 +171,12 @@ static void essiv_aead_done(struct crypto_async_request *areq, int err)
> struct aead_request *req = areq->data;
> struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
>
> + if (err == -EINPROGRESS)
> + goto out;
> +
> kfree(rctx->assoc);
> +
> +out:
> aead_request_complete(req, err);
> }
>
> @@ -247,7 +252,7 @@ static int essiv_aead_crypt(struct aead_request *req, bool enc)
> err = enc ? crypto_aead_encrypt(subreq) :
> crypto_aead_decrypt(subreq);
>
> - if (rctx->assoc && err != -EINPROGRESS)
> + if (rctx->assoc && err != -EINPROGRESS && err != -EBUSY)
> kfree(rctx->assoc);
> return err;
> }
> --
> Email: Herbert Xu <herbert@gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-01-13 11:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-13 10:24 [PATCH] crypto: essiv - Handle EBUSY correctly Herbert Xu
2023-01-13 11:05 ` Ard Biesheuvel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.