Message ID | 20210322050748.265604-1-ebiggers@kernel.org |
---|---|
State | New |
Headers | show |
Series | crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS | expand |
On Sun, Mar 21, 2021 at 10:07:48PM -0700, Eric Biggers wrote: > From: Eric Biggers <ebiggers@google.com> > > crypto_stats_get() is a no-op when the kernel is compiled without > CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally > (as crypto_rng_reset() does) is wrong. > Presumably the intention was that _get() and _put() should always pair. It's really ugly and horrible that they don't. We could have predicted bug like this would happen and will continue to happen until the crypto_stats_get() is renamed. regards, dan carpenter
On Mon, Mar 22, 2021 at 08:45:22AM +0300, Dan Carpenter wrote: > On Sun, Mar 21, 2021 at 10:07:48PM -0700, Eric Biggers wrote: > > From: Eric Biggers <ebiggers@google.com> > > > > crypto_stats_get() is a no-op when the kernel is compiled without > > CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally > > (as crypto_rng_reset() does) is wrong. > > > > Presumably the intention was that _get() and _put() should always pair. > It's really ugly and horrible that they don't. We could have > predicted bug like this would happen and will continue to happen until > the crypto_stats_get() is renamed. > Well, the crypto stats stuff has always been pretty broken, so I don't think people have looked at it too closely. Currently crypto_stats_get() pairs with one of the functions that tallies the statistics, such as crypto_stats_rng_seed() or crypto_stats_aead_encrypt(). What change are you suggesting, exactly? Maybe moving the conditional crypto_alg_put() into a new function crypto_stats_put() and moving it into the callers? Or do you think the functions should just be renamed to something like crypto_stats_begin() and crypto_stats_end_{rng_seed,aead_encrypt}()? Another issue is that a lot of operations (such as the rng one in question here) don't actually need the get/put at all because they are never asynchronous. I didn't aim to address that in my patch though... - Eric
On Sun, Mar 21, 2021 at 11:00:09PM -0700, Eric Biggers wrote: > On Mon, Mar 22, 2021 at 08:45:22AM +0300, Dan Carpenter wrote: > > On Sun, Mar 21, 2021 at 10:07:48PM -0700, Eric Biggers wrote: > > > From: Eric Biggers <ebiggers@google.com> > > > > > > crypto_stats_get() is a no-op when the kernel is compiled without > > > CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally > > > (as crypto_rng_reset() does) is wrong. > > > > > > > Presumably the intention was that _get() and _put() should always pair. > > It's really ugly and horrible that they don't. We could have > > predicted bug like this would happen and will continue to happen until > > the crypto_stats_get() is renamed. > > > > Well, the crypto stats stuff has always been pretty broken, so I don't think > people have looked at it too closely. Currently crypto_stats_get() pairs with > one of the functions that tallies the statistics, such as > crypto_stats_rng_seed() or crypto_stats_aead_encrypt(). What change are you > suggesting, exactly? Maybe moving the conditional crypto_alg_put() into a new > function crypto_stats_put() and moving it into the callers? Or do you think the > functions should just be renamed to something like crypto_stats_begin() and > crypto_stats_end_{rng_seed,aead_encrypt}()? To be honest, I misread the crypto_alg_put() thinking that it was crypto_*stats*_put(). My favourite fix would be to introduce a crypto_stats_put() which is a mirror of crypto_stats_get() and ifdeffed out if we don't have CONFIG_CRYPTO_STATS. regards, dan carpenter
Le Mon, Mar 22, 2021 at 10:33:01AM +0300, Dan Carpenter a écrit : > On Sun, Mar 21, 2021 at 11:00:09PM -0700, Eric Biggers wrote: > > On Mon, Mar 22, 2021 at 08:45:22AM +0300, Dan Carpenter wrote: > > > On Sun, Mar 21, 2021 at 10:07:48PM -0700, Eric Biggers wrote: > > > > From: Eric Biggers <ebiggers@google.com> > > > > > > > > crypto_stats_get() is a no-op when the kernel is compiled without > > > > CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally > > > > (as crypto_rng_reset() does) is wrong. > > > > > > > > > > Presumably the intention was that _get() and _put() should always pair. > > > It's really ugly and horrible that they don't. We could have > > > predicted bug like this would happen and will continue to happen until > > > the crypto_stats_get() is renamed. > > > > > > > Well, the crypto stats stuff has always been pretty broken, so I don't think > > people have looked at it too closely. Currently crypto_stats_get() pairs with > > one of the functions that tallies the statistics, such as > > crypto_stats_rng_seed() or crypto_stats_aead_encrypt(). What change are you > > suggesting, exactly? Maybe moving the conditional crypto_alg_put() into a new > > function crypto_stats_put() and moving it into the callers? Or do you think the > > functions should just be renamed to something like crypto_stats_begin() and > > crypto_stats_end_{rng_seed,aead_encrypt}()? > > To be honest, I misread the crypto_alg_put() thinking that it was > crypto_*stats*_put(). My favourite fix would be to introduce a > crypto_stats_put() which is a mirror of crypto_stats_get() and ifdeffed > out if we don't have CONFIG_CRYPTO_STATS. > I agree it will be better. I can work on adding crypto_stats_put() if you want. Regards
Eric Biggers <ebiggers@kernel.org> wrote: > From: Eric Biggers <ebiggers@google.com> > > crypto_stats_get() is a no-op when the kernel is compiled without > CONFIG_CRYPTO_STATS, so pairing it with crypto_alg_put() unconditionally > (as crypto_rng_reset() does) is wrong. > > Fix this by moving the call to crypto_stats_get() to just before the > actual algorithm operation which might need it. This makes it always > paired with crypto_stats_rng_seed(). > > Fixes: eed74b3eba9e ("crypto: rng - Fix a refcounting bug in crypto_rng_reset()") > Cc: stable@vger.kernel.org > Signed-off-by: Eric Biggers <ebiggers@google.com> > --- > crypto/rng.c | 10 +++------- > 1 file changed, 3 insertions(+), 7 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
diff --git a/crypto/rng.c b/crypto/rng.c index a888d84b524a4..fea082b25fe4b 100644 --- a/crypto/rng.c +++ b/crypto/rng.c @@ -34,22 +34,18 @@ int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen) u8 *buf = NULL; int err; - crypto_stats_get(alg); if (!seed && slen) { buf = kmalloc(slen, GFP_KERNEL); - if (!buf) { - crypto_alg_put(alg); + if (!buf) return -ENOMEM; - } err = get_random_bytes_wait(buf, slen); - if (err) { - crypto_alg_put(alg); + if (err) goto out; - } seed = buf; } + crypto_stats_get(alg); err = crypto_rng_alg(tfm)->seed(tfm, seed, slen); crypto_stats_rng_seed(alg, err); out: