From patchwork Thu Feb 13 15:19:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg Kroah-Hartman X-Patchwork-Id: 231337 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CCA9C3B189 for ; Thu, 13 Feb 2020 15:58:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D5A482073C for ; Thu, 13 Feb 2020 15:58:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581609517; bh=JnJMKykcCMlxvmwUkHWNd/DN9s2hpkqaD2YmQKTtg9w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=2va1W/in+9cLExS6gynhFjgMJsCbbYZlR9OYRFWm6VWcwiK3P/BJZyILyRpZPCNhV dt2JE5fmgyH27I/X+hLTkPqsD8kc0baq/6LS+iyYXPuhSHoiSefziRwmVXBnUsjgsU SeLRlwYPs5/4nGOMGCZv3I9m1YFZXrdrl4g3qN2Q= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387419AbgBMPZI (ORCPT ); Thu, 13 Feb 2020 10:25:08 -0500 Received: from mail.kernel.org ([198.145.29.99]:40056 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728923AbgBMPZI (ORCPT ); Thu, 13 Feb 2020 10:25:08 -0500 Received: from localhost (unknown [104.132.1.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 690CE246B3; Thu, 13 Feb 2020 15:25:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581607507; bh=JnJMKykcCMlxvmwUkHWNd/DN9s2hpkqaD2YmQKTtg9w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bRNW1FHrupTet/G2yeIbuk3zQt/M0eiKSoGEu2u4ZLeqzPYKIBgAiE5pSivosUmsy JBxWdHfc6/KrI01ne0izj0vtsPfKWCmau77MDkLsQmU8LYaGhLLE1wfIySN2cYHojZ ZjlnM7zmqNvFFwHM/K2krGY1cccyCSOMuZxzd8FQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Herbert Xu Subject: [PATCH 4.14 066/173] crypto: api - Fix race condition in crypto_spawn_alg Date: Thu, 13 Feb 2020 07:19:29 -0800 Message-Id: <20200213151950.383288559@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200213151931.677980430@linuxfoundation.org> References: <20200213151931.677980430@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Herbert Xu commit 73669cc556462f4e50376538d77ee312142e8a8a upstream. The function crypto_spawn_alg is racy because it drops the lock before shooting the dying algorithm. The algorithm could disappear altogether before we shoot it. This patch fixes it by moving the shooting into the locked section. Fixes: 6bfd48096ff8 ("[CRYPTO] api: Added spawns") Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- crypto/algapi.c | 16 +++++----------- crypto/api.c | 3 +-- crypto/internal.h | 1 - 3 files changed, 6 insertions(+), 14 deletions(-) --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -662,22 +662,16 @@ EXPORT_SYMBOL_GPL(crypto_drop_spawn); static struct crypto_alg *crypto_spawn_alg(struct crypto_spawn *spawn) { struct crypto_alg *alg; - struct crypto_alg *alg2; down_read(&crypto_alg_sem); alg = spawn->alg; - alg2 = alg; - if (alg2) - alg2 = crypto_mod_get(alg2); - up_read(&crypto_alg_sem); - - if (!alg2) { - if (alg) - crypto_shoot_alg(alg); - return ERR_PTR(-EAGAIN); + if (alg && !crypto_mod_get(alg)) { + alg->cra_flags |= CRYPTO_ALG_DYING; + alg = NULL; } + up_read(&crypto_alg_sem); - return alg; + return alg ?: ERR_PTR(-EAGAIN); } struct crypto_tfm *crypto_spawn_tfm(struct crypto_spawn *spawn, u32 type, --- a/crypto/api.c +++ b/crypto/api.c @@ -339,13 +339,12 @@ static unsigned int crypto_ctxsize(struc return len; } -void crypto_shoot_alg(struct crypto_alg *alg) +static void crypto_shoot_alg(struct crypto_alg *alg) { down_write(&crypto_alg_sem); alg->cra_flags |= CRYPTO_ALG_DYING; up_write(&crypto_alg_sem); } -EXPORT_SYMBOL_GPL(crypto_shoot_alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask) --- a/crypto/internal.h +++ b/crypto/internal.h @@ -84,7 +84,6 @@ void crypto_alg_tested(const char *name, void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list, struct crypto_alg *nalg); void crypto_remove_final(struct list_head *list); -void crypto_shoot_alg(struct crypto_alg *alg); struct crypto_tfm *__crypto_alloc_tfm(struct crypto_alg *alg, u32 type, u32 mask); void *crypto_create_tfm(struct crypto_alg *alg,