From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, syzbot <syzkaller@googlegroups.com>,
Eric Biggers <ebiggers@google.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.4 002/115] crypto: salsa20 - fix blkcipher_walk API usage
Date: Mon, 18 Dec 2017 16:47:51 +0100 [thread overview]
Message-ID: <20171218152852.086079637@linuxfoundation.org> (raw)
In-Reply-To: <20171218152851.886086917@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Biggers <ebiggers@google.com>
commit ecaaab5649781c5a0effdaf298a925063020500e upstream.
When asked to encrypt or decrypt 0 bytes, both the generic and x86
implementations of Salsa20 crash in blkcipher_walk_done(), either when
doing 'kfree(walk->buffer)' or 'free_page((unsigned long)walk->page)',
because walk->buffer and walk->page have not been initialized.
The bug is that Salsa20 is calling blkcipher_walk_done() even when
nothing is in 'walk.nbytes'. But blkcipher_walk_done() is only meant to
be called when a nonzero number of bytes have been provided.
The broken code is part of an optimization that tries to make only one
call to salsa20_encrypt_bytes() to process inputs that are not evenly
divisible by 64 bytes. To fix the bug, just remove this "optimization"
and use the blkcipher_walk API the same way all the other users do.
Reproducer:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int algfd, reqfd;
struct sockaddr_alg addr = {
.salg_type = "skcipher",
.salg_name = "salsa20",
};
char key[16] = { 0 };
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(algfd, (void *)&addr, sizeof(addr));
reqfd = accept(algfd, 0, 0);
setsockopt(algfd, SOL_ALG, ALG_SET_KEY, key, sizeof(key));
read(reqfd, key, sizeof(key));
}
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: eb6f13eb9f81 ("[CRYPTO] salsa20_generic: Fix multi-page processing")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/crypto/salsa20_glue.c | 7 -------
crypto/salsa20_generic.c | 7 -------
2 files changed, 14 deletions(-)
--- a/arch/x86/crypto/salsa20_glue.c
+++ b/arch/x86/crypto/salsa20_glue.c
@@ -59,13 +59,6 @@ static int encrypt(struct blkcipher_desc
salsa20_ivsetup(ctx, walk.iv);
- if (likely(walk.nbytes == nbytes))
- {
- salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
- walk.dst.virt.addr, nbytes);
- return blkcipher_walk_done(desc, &walk, 0);
- }
-
while (walk.nbytes >= 64) {
salsa20_encrypt_bytes(ctx, walk.src.virt.addr,
walk.dst.virt.addr,
--- a/crypto/salsa20_generic.c
+++ b/crypto/salsa20_generic.c
@@ -188,13 +188,6 @@ static int encrypt(struct blkcipher_desc
salsa20_ivsetup(ctx, walk.iv);
- if (likely(walk.nbytes == nbytes))
- {
- salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
- walk.src.virt.addr, nbytes);
- return blkcipher_walk_done(desc, &walk, 0);
- }
-
while (walk.nbytes >= 64) {
salsa20_encrypt_bytes(ctx, walk.dst.virt.addr,
walk.src.virt.addr,
next prev parent reply other threads:[~2017-12-18 15:52 UTC|newest]
Thread overview: 150+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-18 15:47 [PATCH 4.4 000/115] 4.4.107-stable review Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 4.4 001/115] crypto: hmac - require that the underlying hash algorithm is unkeyed Greg Kroah-Hartman
2017-12-18 15:47 ` Greg Kroah-Hartman [this message]
2017-12-18 15:47 ` [PATCH 4.4 003/115] autofs: fix careless error in recent commit Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 4.4 004/115] tracing: Allocate mask_str buffer dynamically Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 4.4 005/115] USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 4.4 006/115] USB: core: prevent malicious bNumInterfaces overflow Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 4.4 007/115] usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 4.4 008/115] ceph: drop negative child dentries before try pruning inodes alias Greg Kroah-Hartman
2017-12-18 15:47 ` [PATCH 4.4 009/115] Bluetooth: btusb: driver to enable the usb-wakeup feature Greg Kroah-Hartman
2017-12-20 19:51 ` Brian Norris
2017-12-20 19:56 ` Brian Norris
2017-12-21 8:30 ` gregkh
2017-12-21 17:20 ` Brian Norris
2017-12-21 18:26 ` Guenter Roeck
2017-12-21 18:52 ` Ghorai, Sukumar
2017-12-21 18:58 ` Brian Norris
2017-12-21 19:00 ` Ghorai, Sukumar
2017-12-21 19:05 ` Ghorai, Sukumar
2017-12-21 19:10 ` Brian Norris
2017-12-21 19:23 ` Ghorai, Sukumar
2017-12-21 20:10 ` Guenter Roeck
2017-12-21 20:15 ` Ghorai, Sukumar
2017-12-21 20:04 ` Guenter Roeck
2017-12-21 20:46 ` gregkh
2017-12-21 20:50 ` gregkh
2017-12-21 21:39 ` Guenter Roeck
2017-12-22 7:48 ` gregkh
2017-12-22 17:37 ` Brian Norris
2017-12-23 9:18 ` gregkh
2017-12-23 15:53 ` Ghorai, Sukumar
2017-12-23 16:14 ` gregkh
2017-12-18 15:47 ` [PATCH 4.4 010/115] xhci: Dont add a virt_dev to the devs array before its fully allocated Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 011/115] sched/rt: Do not pull from current CPU if only one CPU to pull Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 012/115] dmaengine: dmatest: move callback wait queue to thread context Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 013/115] ext4: fix fdatasync(2) after fallocate(2) operation Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 014/115] ext4: fix crash when a directorys i_size is too small Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 015/115] KEYS: add missing permission check for request_key() destination Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 017/115] usb: phy: isp1301: Add OF device ID table Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 018/115] md-cluster: free md_cluster_info if node leave cluster Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 019/115] userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 020/115] userfaultfd: selftest: vm: allow to build in vm/ directory Greg Kroah-Hartman
2018-01-11 19:42 ` Ben Hutchings
2018-01-13 10:21 ` Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 021/115] net: initialize msg.msg_flags in recvfrom Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 022/115] net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 023/115] net: bcmgenet: correct MIB access of UniMAC RUNT counters Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 024/115] net: bcmgenet: reserved phy revisions must be checked first Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 025/115] net: bcmgenet: power down internal phy if open or resume fails Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 026/115] net: bcmgenet: Power up the internal PHY before probing the MII Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 027/115] NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 028/115] NFSD: fix nfsd_reset_versions for NFSv4 Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 029/115] Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 030/115] drm/omap: fix dmabuf mmap for dma_alloced buffers Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 031/115] netfilter: bridge: honor frag_max_size when refragmenting Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 032/115] writeback: fix memory leak in wb_queue_work() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 033/115] net: wimax/i2400m: fix NULL-deref at probe Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 034/115] dmaengine: Fix array index out of bounds warning in __get_unmap_pool() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 035/115] net: Resend IGMP memberships upon peer notification Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 036/115] mlxsw: reg: Fix SPVM max record count Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 037/115] mlxsw: reg: Fix SPVMLR " Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 038/115] intel_th: pci: Add Gemini Lake support Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 039/115] openrisc: fix issue handling 8 byte get_user calls Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 040/115] scsi: hpsa: update check for logical volume status Greg Kroah-Hartman
2018-01-19 0:29 ` Ben Hutchings
2018-01-19 7:51 ` Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 041/115] scsi: hpsa: limit outstanding rescans Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 042/115] fjes: Fix wrong netdevice feature flags Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 044/115] sched/deadline: Make sure the replenishment timer fires in the next period Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 045/115] sched/deadline: Throttle a constrained deadline task activated after the deadline Greg Kroah-Hartman
2018-01-19 1:00 ` Ben Hutchings
2018-01-19 7:53 ` Greg Kroah-Hartman
2018-01-19 12:16 ` Daniel Bristot de Oliveira
2018-01-19 12:40 ` Greg Kroah-Hartman
2018-01-19 13:13 ` Greg Kroah-Hartman
2018-01-22 17:16 ` [PATCH 4.4] sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks Daniel Bristot de Oliveira
2018-01-24 9:35 ` Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 046/115] sched/deadline: Use deadline instead of period when calculating overflow Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 047/115] mmc: mediatek: Fixed bug where clock frequency could be set wrong Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 048/115] drm/radeon: reinstate oland workaround for sclk Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 049/115] afs: Fix missing put_page() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 050/115] afs: Populate group ID from vnode status Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 051/115] afs: Adjust mode bits processing Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 052/115] afs: Flush outstanding writes when an fd is closed Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 053/115] afs: Migrate vlocation fields to 64-bit Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 054/115] afs: Prevent callback expiry timer overflow Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 055/115] afs: Fix the maths in afs_fs_store_data() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 056/115] afs: Populate and use client modification time Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 057/115] afs: Fix page leak in afs_write_begin() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 058/115] afs: Fix afs_kill_pages() Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 059/115] net/mlx4_core: Avoid delays during VF driver device shutdown Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 060/115] perf symbols: Fix symbols__fixup_end heuristic for corner cases Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 061/115] efi/esrt: Cleanup bad memory map log messages Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 062/115] NFSv4.1 respect servers max size in CREATE_SESSION Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 063/115] btrfs: add missing memset while reading compressed inline extents Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 064/115] target: Use system workqueue for ALUA transitions Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 065/115] target: fix ALUA transition timeout handling Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 066/115] target: fix race during implicit transition work flushes Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 067/115] sfc: dont warn on successful change of MAC Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 068/115] fbdev: controlfb: Add missing modes to fix out of bounds access Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 069/115] video: udlfb: Fix read EDID timeout Greg Kroah-Hartman
2017-12-18 15:48 ` [PATCH 4.4 070/115] video: fbdev: au1200fb: Release some resources if a memory allocation fails Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 071/115] video: fbdev: au1200fb: Return an error code " Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 072/115] rtc: pcf8563: fix output clock rate Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 073/115] dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 074/115] PCI/PME: Handle invalid data when reading Root Status Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 075/115] powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 076/115] netfilter: ipvs: Fix inappropriate output of procfs Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 077/115] powerpc/opal: Fix EBUSY bug in acquiring tokens Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 078/115] powerpc/ipic: Fix status get and status clear Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 079/115] platform/x86: sony-laptop: Fix error handling in sony_nc_setup_rfkill() Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 080/115] target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 081/115] iscsi-target: fix memory leak in lio_target_tiqn_addtpg() Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 082/115] target:fix condition return in core_pr_dump_initiator_port() Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 083/115] target/file: Do not return error for UNMAP if length is zero Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 084/115] arm-ccn: perf: Prevent module unload while PMU is in use Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 085/115] crypto: tcrypt - fix buffer lengths in test_aead_speed() Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 086/115] mm: Handle 0 flags in _calc_vm_trans() macro Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 087/115] clk: mediatek: add the option for determining PLL source clock Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 090/115] ppp: Destroy the mutex when cleanup Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 092/115] GFS2: Take inode off order_write list when setting jdata flag Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 093/115] bcache: explicitly destroy mutex while exiting Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 094/115] bcache: fix wrong cache_misses statistics Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 095/115] l2tp: cleanup l2tp_tunnel_delete calls Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 096/115] xfs: fix log block underflow during recovery cycle verification Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 097/115] xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 098/115] PCI: Detach driver before procfs & sysfs teardown on device remove Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 099/115] scsi: hpsa: cleanup sas_phy structures in sysfs when unloading Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 100/115] scsi: hpsa: destroy sas transport properties before scsi_host Greg Kroah-Hartman
2018-01-21 23:05 ` Ben Hutchings
2018-01-22 7:44 ` Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 101/115] powerpc/perf/hv-24x7: Fix incorrect comparison in memord Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 102/115] tty fix oops when rmmod 8250 Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 103/115] usb: musb: da8xx: fix babble condition handling Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 104/115] pinctrl: adi2: Fix Kconfig build problem Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 105/115] raid5: Set R5_Expanded on parity devices as well as data Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 106/115] scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 107/115] vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 108/115] scsi: sd: change manage_start_stop to bool in sysfs interface Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 109/115] scsi: sd: change allow_restart " Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 110/115] scsi: bfa: integer overflow in debugfs Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 111/115] udf: Avoid overflow when session starts at large offset Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 112/115] macvlan: Only deliver one copy of the frame to the macvlan interface Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 113/115] RDMA/cma: Avoid triggering undefined behavior Greg Kroah-Hartman
2017-12-18 15:49 ` [PATCH 4.4 114/115] IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop Greg Kroah-Hartman
2017-12-18 18:17 ` [PATCH 4.4 000/115] 4.4.107-stable review Nathan Chancellor
2017-12-19 7:34 ` Greg Kroah-Hartman
2017-12-18 20:26 ` Shuah Khan
2017-12-19 14:35 ` Guenter Roeck
2017-12-19 17:21 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171218152852.086079637@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ebiggers@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).