From: Herbert Xu <herbert@gondor.apana.org.au>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: "David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>,
syzkaller <syzkaller@googlegroups.com>,
Kostya Serebryany <kcc@google.com>,
Alexander Potapenko <glider@google.com>,
Sasha Levin <sasha.levin@oracle.com>,
Eric Dumazet <edumazet@google.com>
Subject: crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey path
Date: Wed, 13 Jan 2016 14:59:03 +0800 [thread overview]
Message-ID: <20160113065903.GA8169@gondor.apana.org.au> (raw)
In-Reply-To: <20160113065729.GA8123@gondor.apana.org.au>
This patch allows af_alg_release_parent to be called even for
nokey sockets.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 6566d2e..e7cb836 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -133,6 +133,12 @@ void af_alg_release_parent(struct sock *sk)
bool last;
sk = ask->parent;
+
+ if (ask->nokey_refcnt && !ask->refcnt) {
+ sock_put(sk);
+ return;
+ }
+
ask = alg_sk(sk);
lock_sock(sk);
@@ -268,8 +274,8 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
struct alg_sock *ask = alg_sk(sk);
const struct af_alg_type *type;
struct sock *sk2;
+ unsigned int nokey;
int err;
- bool nokey;
lock_sock(sk);
type = ask->type;
@@ -302,6 +308,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
sock_hold(sk);
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
+ alg_sk(sk2)->nokey_refcnt = nokey;
newsock->ops = type->ops;
newsock->state = SS_CONNECTED;
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index df82844..a2bfd78 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -31,6 +31,7 @@ struct alg_sock {
struct sock *parent;
unsigned int refcnt;
+ unsigned int nokey_refcnt;
const struct af_alg_type *type;
void *private;
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
next prev parent reply other threads:[~2016-01-13 6:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-12 18:31 crypto: use-after-free in hash_sock_destruct_common Dmitry Vyukov
2016-01-13 6:57 ` Herbert Xu
2016-01-13 6:59 ` Herbert Xu [this message]
2016-01-13 7:00 ` [PATCH 2/4] crypto: algif_hash - Remove custom release parent function Herbert Xu
2016-01-13 7:01 ` [PATCH 3/4] crypto: algif_skcipher " Herbert Xu
2016-01-13 7:03 ` [PATCH 4/4] crypto: af_alg - Forbid bind(2) when nokey child sockets are present Herbert Xu
[not found] ` <CACT4Y+YOiaC1px6SD2hTAGwSd4i8GsTm59uQ+ux1U8EzdoQfPA@mail.gmail.com>
2016-01-13 10:27 ` crypto: use-after-free in hash_sock_destruct_common Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160113065903.GA8169@gondor.apana.org.au \
--to=herbert@gondor.apana.org.au \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=glider@google.com \
--cc=kcc@google.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sasha.levin@oracle.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).