diff mbox series

crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS

Message ID 20210322050748.265604-1-ebiggers@kernel.org
State New
Headers show
Series crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS | expand

Commit Message

Eric Biggers March 22, 2021, 5:07 a.m. UTC
From: Eric Biggers <ebiggers@google.com>

crypto_stats_get() is a no-op when the kernel is compiled without
CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally
(as crypto_rng_reset() does) is wrong.

Fix this by moving the call to crypto_stats_get() to just before the
actual algorithm operation which might need it.  This makes it always
paired with crypto_stats_rng_seed().

Fixes: eed74b3eba9e ("crypto: rng - Fix a refcounting bug in crypto_rng_reset()")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
---
 crypto/rng.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

Comments

Dan Carpenter March 22, 2021, 5:45 a.m. UTC | #1
On Sun, Mar 21, 2021 at 10:07:48PM -0700, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@google.com>
> 
> crypto_stats_get() is a no-op when the kernel is compiled without
> CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally
> (as crypto_rng_reset() does) is wrong.
> 

Presumably the intention was that _get() and _put() should always pair.
It's really ugly and horrible that they don't. We could have
predicted bug like this would happen and will continue to happen until
the crypto_stats_get() is renamed.

regards,
dan carpenter
Eric Biggers March 22, 2021, 6 a.m. UTC | #2
On Mon, Mar 22, 2021 at 08:45:22AM +0300, Dan Carpenter wrote:
> On Sun, Mar 21, 2021 at 10:07:48PM -0700, Eric Biggers wrote:
> > From: Eric Biggers <ebiggers@google.com>
> > 
> > crypto_stats_get() is a no-op when the kernel is compiled without
> > CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally
> > (as crypto_rng_reset() does) is wrong.
> > 
> 
> Presumably the intention was that _get() and _put() should always pair.
> It's really ugly and horrible that they don't. We could have
> predicted bug like this would happen and will continue to happen until
> the crypto_stats_get() is renamed.
> 

Well, the crypto stats stuff has always been pretty broken, so I don't think
people have looked at it too closely.  Currently crypto_stats_get() pairs with
one of the functions that tallies the statistics, such as
crypto_stats_rng_seed() or crypto_stats_aead_encrypt().  What change are you
suggesting, exactly?  Maybe moving the conditional crypto_alg_put() into a new
function crypto_stats_put() and moving it into the callers?  Or do you think the
functions should just be renamed to something like crypto_stats_begin() and
crypto_stats_end_{rng_seed,aead_encrypt}()?

Another issue is that a lot of operations (such as the rng one in question here)
don't actually need the get/put at all because they are never asynchronous.  I
didn't aim to address that in my patch though...

- Eric
Dan Carpenter March 22, 2021, 7:33 a.m. UTC | #3
On Sun, Mar 21, 2021 at 11:00:09PM -0700, Eric Biggers wrote:
> On Mon, Mar 22, 2021 at 08:45:22AM +0300, Dan Carpenter wrote:
> > On Sun, Mar 21, 2021 at 10:07:48PM -0700, Eric Biggers wrote:
> > > From: Eric Biggers <ebiggers@google.com>
> > > 
> > > crypto_stats_get() is a no-op when the kernel is compiled without
> > > CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally
> > > (as crypto_rng_reset() does) is wrong.
> > > 
> > 
> > Presumably the intention was that _get() and _put() should always pair.
> > It's really ugly and horrible that they don't. We could have
> > predicted bug like this would happen and will continue to happen until
> > the crypto_stats_get() is renamed.
> > 
> 
> Well, the crypto stats stuff has always been pretty broken, so I don't think
> people have looked at it too closely.  Currently crypto_stats_get() pairs with
> one of the functions that tallies the statistics, such as
> crypto_stats_rng_seed() or crypto_stats_aead_encrypt().  What change are you
> suggesting, exactly?  Maybe moving the conditional crypto_alg_put() into a new
> function crypto_stats_put() and moving it into the callers?  Or do you think the
> functions should just be renamed to something like crypto_stats_begin() and
> crypto_stats_end_{rng_seed,aead_encrypt}()?

To be honest, I misread the crypto_alg_put() thinking that it was
crypto_*stats*_put().  My favourite fix would be to introduce a
crypto_stats_put() which is a mirror of crypto_stats_get() and ifdeffed
out if we don't have CONFIG_CRYPTO_STATS.

regards,
dan carpenter
Corentin Labbe March 22, 2021, 12:13 p.m. UTC | #4
Le Mon, Mar 22, 2021 at 10:33:01AM +0300, Dan Carpenter a écrit :
> On Sun, Mar 21, 2021 at 11:00:09PM -0700, Eric Biggers wrote:
> > On Mon, Mar 22, 2021 at 08:45:22AM +0300, Dan Carpenter wrote:
> > > On Sun, Mar 21, 2021 at 10:07:48PM -0700, Eric Biggers wrote:
> > > > From: Eric Biggers <ebiggers@google.com>
> > > > 
> > > > crypto_stats_get() is a no-op when the kernel is compiled without
> > > > CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally
> > > > (as crypto_rng_reset() does) is wrong.
> > > > 
> > > 
> > > Presumably the intention was that _get() and _put() should always pair.
> > > It's really ugly and horrible that they don't. We could have
> > > predicted bug like this would happen and will continue to happen until
> > > the crypto_stats_get() is renamed.
> > > 
> > 
> > Well, the crypto stats stuff has always been pretty broken, so I don't think
> > people have looked at it too closely.  Currently crypto_stats_get() pairs with
> > one of the functions that tallies the statistics, such as
> > crypto_stats_rng_seed() or crypto_stats_aead_encrypt().  What change are you
> > suggesting, exactly?  Maybe moving the conditional crypto_alg_put() into a new
> > function crypto_stats_put() and moving it into the callers?  Or do you think the
> > functions should just be renamed to something like crypto_stats_begin() and
> > crypto_stats_end_{rng_seed,aead_encrypt}()?
> 
> To be honest, I misread the crypto_alg_put() thinking that it was
> crypto_*stats*_put().  My favourite fix would be to introduce a
> crypto_stats_put() which is a mirror of crypto_stats_get() and ifdeffed
> out if we don't have CONFIG_CRYPTO_STATS.
> 

I agree it will be better.
I can work on adding crypto_stats_put() if you want.

Regards
Herbert Xu April 2, 2021, 9:03 a.m. UTC | #5
Eric Biggers <ebiggers@kernel.org> wrote:
> From: Eric Biggers <ebiggers@google.com>

> 

> crypto_stats_get() is a no-op when the kernel is compiled without

> CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally

> (as crypto_rng_reset() does) is wrong.

> 

> Fix this by moving the call to crypto_stats_get() to just before the

> actual algorithm operation which might need it.  This makes it always

> paired with crypto_stats_rng_seed().

> 

> Fixes: eed74b3eba9e ("crypto: rng - Fix a refcounting bug in crypto_rng_reset()")

> Cc: stable@vger.kernel.org

> Signed-off-by: Eric Biggers <ebiggers@google.com>

> ---

> crypto/rng.c | 10 +++-------

> 1 file changed, 3 insertions(+), 7 deletions(-)


Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff mbox series

Patch

diff --git a/crypto/rng.c b/crypto/rng.c
index a888d84b524a4..fea082b25fe4b 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -34,22 +34,18 @@  int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
 	u8 *buf = NULL;
 	int err;
 
-	crypto_stats_get(alg);
 	if (!seed && slen) {
 		buf = kmalloc(slen, GFP_KERNEL);
-		if (!buf) {
-			crypto_alg_put(alg);
+		if (!buf)
 			return -ENOMEM;
-		}
 
 		err = get_random_bytes_wait(buf, slen);
-		if (err) {
-			crypto_alg_put(alg);
+		if (err)
 			goto out;
-		}
 		seed = buf;
 	}
 
+	crypto_stats_get(alg);
 	err = crypto_rng_alg(tfm)->seed(tfm, seed, slen);
 	crypto_stats_rng_seed(alg, err);
 out: