unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../crypto
History
Eric Biggers 7545b6c208 crypto: chacha20poly1305 - fix atomic sleep when using async algorithm 
Clear the CRYPTO_TFM_REQ_MAY_SLEEP flag when the chacha20poly1305
operation is being continued from an async completion callback, since
sleeping may not be allowed in that context.

This is basically the same bug that was recently fixed in the xts and
lrw templates.  But, it's always been broken in chacha20poly1305 too.
This was found using syzkaller in combination with the updated crypto
self-tests which actually test the MAY_SLEEP flag now.

Reproducer:

    python -c 'import socket; socket.socket(socket.AF_ALG, 5, 0).bind(
    	       ("aead", "rfc7539(cryptd(chacha20-generic),poly1305-generic)"))'

Kernel output:

    BUG: sleeping function called from invalid context at include/crypto/algapi.h:426
    in_atomic(): 1, irqs_disabled(): 0, pid: 1001, name: kworker/2:2
    [...]
    CPU: 2 PID: 1001 Comm: kworker/2:2 Not tainted 5.2.0-rc2 #5
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-20181126_142135-anatol 04/01/2014
    Workqueue: crypto cryptd_queue_worker
    Call Trace:
     __dump_stack lib/dump_stack.c:77 [inline]
     dump_stack+0x4d/0x6a lib/dump_stack.c:113
     ___might_sleep kernel/sched/core.c:6138 [inline]
     ___might_sleep.cold.19+0x8e/0x9f kernel/sched/core.c:6095
     crypto_yield include/crypto/algapi.h:426 [inline]
     crypto_hash_walk_done+0xd6/0x100 crypto/ahash.c:113
     shash_ahash_update+0x41/0x60 crypto/shash.c:251
     shash_async_update+0xd/0x10 crypto/shash.c:260
     crypto_ahash_update include/crypto/hash.h:539 [inline]
     poly_setkey+0xf6/0x130 crypto/chacha20poly1305.c:337
     poly_init+0x51/0x60 crypto/chacha20poly1305.c:364
     async_done_continue crypto/chacha20poly1305.c:78 [inline]
     poly_genkey_done+0x15/0x30 crypto/chacha20poly1305.c:369
     cryptd_skcipher_complete+0x29/0x70 crypto/cryptd.c:279
     cryptd_skcipher_decrypt+0xcd/0x110 crypto/cryptd.c:339
     cryptd_queue_worker+0x70/0xa0 crypto/cryptd.c:184
     process_one_work+0x1ed/0x420 kernel/workqueue.c:2269
     worker_thread+0x3e/0x3a0 kernel/workqueue.c:2415
     kthread+0x11f/0x140 kernel/kthread.c:255
     ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Fixes: 71ebc4d1b2 ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
Cc: <stable@vger.kernel.org> # v4.2+
Cc: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-06-06 14:44:16 +08:00
..
asymmetric_keys crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
async_tx
842.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
ablkcipher.c crypto: skcipher - remove remnants of internal IV generators 2018-12-23 11:52:45 +08:00
acompress.c
adiantum.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
aead.c crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails 2019-01-18 18:40:24 +08:00
aegis.h crypto: aegis - Cleanup license mess 2019-01-25 18:41:51 +08:00
aegis128.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
aegis128l.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
aegis256.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
aes_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
aes_ti.c
af_alg.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-03-05 09:09:55 -08:00
ahash.c crypto: ahash - fix another early termination in hash walk 2019-02-08 15:30:08 +08:00
akcipher.c crypto: akcipher - default implementations for request callbacks 2019-04-18 22:15:01 +08:00
algapi.c crypto: algapi - remove crypto_tfm_in_queue() 2019-05-30 15:28:41 +08:00
algboss.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
algif_aead.c
algif_hash.c
algif_rng.c
algif_skcipher.c
ansi_cprng.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
anubis.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
api.c
arc4.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
authenc.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
authencesn.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
blkcipher.c crypto: skcipher - remove remnants of internal IV generators 2018-12-23 11:52:45 +08:00
blowfish_common.c
blowfish_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
camellia_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
cast5_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
cast6_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
cast_common.c
cbc.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
ccm.c crypto: ccm - fix incompatibility between "ccm" and "ccm_base" 2019-04-19 13:53:13 +08:00
cfb.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
chacha20poly1305.c crypto: chacha20poly1305 - fix atomic sleep when using async algorithm 2019-06-06 14:44:16 +08:00
chacha_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
cipher.c
cmac.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
compress.c
crc32_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
crc32c_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
crct10dif_common.c
crct10dif_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
cryptd.c crypto: hash - remove CRYPTO_ALG_TYPE_DIGEST 2019-05-30 15:28:41 +08:00
crypto_engine.c
crypto_null.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
crypto_user_base.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
crypto_user_stat.c crypto: stat - remove unused mutex 2019-01-18 18:43:43 +08:00
ctr.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
cts.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
deflate.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
des_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
dh.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
dh_helper.c
drbg.c crypto: drbg - add FIPS 140-2 CTRNG for noise source 2019-05-23 14:01:06 +08:00
ecb.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
ecc.c crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecc.h crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecc_curve_defs.h crypto: ecc - make ecc into separate module 2019-04-18 22:15:02 +08:00
ecdh.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
ecdh_helper.c
echainiv.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
ecrdsa.c crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_defs.h crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_params.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
ecrdsa_pub_key.asn1 crypto: ecrdsa - add EC-RDSA (GOST 34.10) algorithm 2019-04-18 22:15:02 +08:00
fcrypt.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
fips.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
gcm.c crypto: gcm - fix incompatibility between "gcm" and "gcm_base" 2019-04-19 13:53:13 +08:00
gf128mul.c
ghash-generic.c crypto: ghash - fix unaligned memory access in ghash_setkey() 2019-06-06 14:38:57 +08:00
hash_info.c
hmac.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
internal.h
jitterentropy-kcapi.c crypto: jitter - update implementation to 2.1.2 2019-06-06 14:38:57 +08:00
jitterentropy.c crypto: jitter - update implementation to 2.1.2 2019-06-06 14:38:57 +08:00
Kconfig crypto: xxhash - Implement xxhash support 2019-06-06 14:38:57 +08:00
keywrap.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
khazad.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
kpp.c
lrw.c crypto: lrw - use correct alignmask 2019-06-06 14:38:57 +08:00
lz4.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
lz4hc.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
lzo-rle.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
lzo.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
Makefile crypto: xxhash - Implement xxhash support 2019-06-06 14:38:57 +08:00
md4.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
md5.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
memneq.c
michael_mic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
morus640.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
morus1280.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
nhpoly1305.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
ofb.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
pcbc.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
pcrypt.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
poly1305_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
proc.c
ripemd.h
rmd128.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
rmd160.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
rmd256.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
rmd320.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
rng.c crypto: user - fix use_after_free of struct xxx_request 2018-12-07 14:15:00 +08:00
rsa-pkcs1pad.c crypto: akcipher - new verify API for public key algorithms 2019-04-18 22:15:02 +08:00
rsa.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
rsa_helper.c
rsaprivkey.asn1
rsapubkey.asn1
salsa20_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
scatterwalk.c
scompress.c crypto: scompress - initialize per-CPU variables on each CPU 2019-04-18 22:15:04 +08:00
seed.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
seqiv.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
serpent_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
sha1_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
sha3_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
sha256_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
sha512_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
shash.c crypto: shash - remove shash_desc::flags 2019-04-25 15:38:12 +08:00
simd.c crypto: simd - convert to use crypto_simd_usable() 2019-03-22 20:57:27 +08:00
skcipher.c crypto: skcipher - don't WARN on unprocessed data after slow walk step 2019-04-08 14:42:55 +08:00
sm3_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
sm4_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
streebog_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
tcrypt.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
tcrypt.h
tea.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
testmgr.c crypto: xxhash - Implement xxhash support 2019-06-06 14:38:57 +08:00
testmgr.h crypto: xxhash - Implement xxhash support 2019-06-06 14:38:57 +08:00
tgr192.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
twofish_common.c
twofish_generic.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
vmac.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
wp512.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
xcbc.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00
xor.c
xts.c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-05-06 20:15:06 -07:00
xxhash_generic.c crypto: xxhash - Implement xxhash support 2019-06-06 14:38:57 +08:00
zstd.c crypto: run initcalls for generic implementations earlier 2019-04-18 22:15:03 +08:00