From: Herbert Xu <herbert@gondor.apana.org.au>
To: Philipp Zabel <p.zabel@pengutronix.de>
Cc: linux-crypto@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
kernel@pengutronix.de
Subject: Re: [PATCH] crypto: algapi - Remove test larvals to fix error paths
Date: Thu, 27 Jan 2022 15:41:30 +1100 [thread overview]
Message-ID: <YfIiem46QS3VUMI8@gondor.apana.org.au> (raw)
In-Reply-To: <20220126145322.646723-1-p.zabel@pengutronix.de>
On Wed, Jan 26, 2022 at 03:53:22PM +0100, Philipp Zabel wrote:
> If crypto_unregister_alg() is called with an algorithm that still has a
> pending test larval, the algorithm will have a reference count of 2 and
> crypto_unregister_alg() will trigger a BUG(). This can happen during
> cleanup if the error path is taken for a built-in algorithm, before
> crypto_algapi_init() was called.
>
> Kill test larvals for untested algorithms during removal to fix the
> reference count.
>
> Fixes: adad556efcdd ("crypto: api - Fix built-in testing dependency failures")
> Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
> ---
> crypto/algapi.c | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
Yes this is definitely a bug.
However, I think simply fixing this for test larvals is not enough.
After all, another thread could come through the middle and take
a reference to our newly minted algorithm before a subsequent
algorithm registration failure and thus would trigger exactly
the same crash.
So we need something a bit more general. Previously we relied
on module reference counts to stop the unregistering of live
algorithms. But that is clearly not of any use in this case.
It also fails for hardware devices than can be unplugged.
One solution would be to simply allow the unregistration to
continue and only free the data structures after all references
have gone away.
Cheers,
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
prev parent reply other threads:[~2022-01-27 4:41 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-26 14:53 [PATCH] crypto: algapi - Remove test larvals to fix error paths Philipp Zabel
2022-01-26 15:01 ` Philipp Zabel
2022-01-27 4:37 ` Herbert Xu
2022-03-16 1:11 ` Herbert Xu
2022-03-16 7:23 ` Ard Biesheuvel
2022-03-16 22:10 ` Herbert Xu
2022-03-17 9:00 ` Philipp Zabel
2022-01-27 4:41 ` Herbert Xu [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YfIiem46QS3VUMI8@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=davem@davemloft.net \
--cc=kernel@pengutronix.de \
--cc=linux-crypto@vger.kernel.org \
--cc=p.zabel@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.