Received: by 10.223.176.5 with SMTP id f5csp807038wra;
        Sat, 3 Feb 2018 10:43:51 -0800 (PST)
X-Google-Smtp-Source: AH8x226+cE7TUB+mJVpwDsrd/62VSUzDUrRwrXvw9jbqAZ1WYj1DOAEBqprj5ZcYVcyqzlwVOrEh
X-Received: by 10.101.64.74 with SMTP id h10mr33247107pgp.200.1517683431321;
        Sat, 03 Feb 2018 10:43:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517683431; cv=none;
        d=google.com; s=arc-20160816;
        b=x/ZS8q9B30WLNVufFhxJSS8TuTxzPBvETwRl7fjVUek9j+TMJ0x2yCR8IVCiVN5fOd
         9BsAo25ZTZq81pJ+Vm9cXOjKdmOH9po6/GmBHSWCcdhnOJfC+f2wmPnfzhsYV5+1Zzum
         w0+xd6BLqnHf9j4Im6n/G3J0PzZ2FQk649LYLdK3RFN6ENOUMGrQ1fpOtb/SnZ2Qy1pC
         zq6LuMKSFIALoBYXOl9ft38LT6XUhF8HcFxztUbSD5QTwYNQ/j94QJ/3es+JwP5dZejX
         v6jNOGflfx6UxXvfJExtX2p6iNi5dOfUf45sgFwC39p00LErnDKXyhh/uBKdQlGnGQB6
         NCVQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :spamdiagnosticmetadata:spamdiagnosticoutput:content-language
         :accept-language:in-reply-to:references:message-id:date:thread-index
         :thread-topic:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=o7QiXmz5UPHfDhkI25LFPSPHYAf69GVKDUr0bi9/uxk=;
        b=S0haSvGUC89ibkPq2kBA+rYGIFQK5H6WVtDpGrZ/UBxEkjbGTp6HzGGpShJufruaX6
         PaCkJsS67lXq/lzBTRPbaD5WD6tsrmVtiatwDbxLsTy4T962OwWlSKq69L5Tea8i306u
         9O5urHrIZvjLoFbonejZf9f/M5kBP4eIuuYsp4JLo6f+FqsrVIZUbjJY1Q6igwN6htHT
         EolVj9q0LxW4Hgn16BgmZ7FC7tzOKPHijA9IIh0Sz+ohhu4QUhUQG4rSDvIcAqUVpIr/
         UC8Ae8zOiM0L7lMj3jcJ/ywj5sAX4j+kjBYtNyuRTL7x6pUaX20ujEYtEzzPbxgYK9b6
         vbTg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=L/U7gf7W;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t18-v6si1840026plo.493.2018.02.03.10.43.37;
        Sat, 03 Feb 2018 10:43:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=L/U7gf7W;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755056AbeBCSms (ORCPT <rfc822;epopevad@gmail.com> + 99 others);
        Sat, 3 Feb 2018 13:42:48 -0500
Received: from mail-dm3nam03on0129.outbound.protection.outlook.com ([104.47.41.129]:34880
        "EHLO NAM03-DM3-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1753210AbeBCSDQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 3 Feb 2018 13:03:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=o7QiXmz5UPHfDhkI25LFPSPHYAf69GVKDUr0bi9/uxk=;
 b=L/U7gf7WpPgA0NZN9TvCX8rB54ptFk+xHHK5NhQG5TjkTJrnitA4vA6VIHkaxM5kZgyzArSGXyyU0x1r+4UIXrXwZWcyJXpf18KfJQOJf9yEX7AU0XQrJq/vLSrCjiU4V3GiCSSDNQ2OQBuQujHctR7nd+zWdxVcY81yYiUK01s=
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com (52.132.20.161) by
 BL0PR2101MB1092.namprd21.prod.outlook.com (52.132.24.26) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.485.4; Sat, 3 Feb 2018 18:01:28 +0000
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com
 ([fe80::a8da:b5d9:d710:9bf9]) by BL0PR2101MB1027.namprd21.prod.outlook.com
 ([fe80::a8da:b5d9:d710:9bf9%3]) with mapi id 15.20.0485.006; Sat, 3 Feb 2018
 18:01:28 +0000
From:   Sasha Levin <Alexander.Levin@microsoft.com>
To:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
CC:     Jonathan Cameron <Jonathan.Cameron@huawei.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL for 4.14 052/110] crypto: af_alg - Fix race around
 ctx->rcvused by making it atomic_t
Thread-Topic: [PATCH AUTOSEL for 4.14 052/110] crypto: af_alg - Fix race
 around ctx->rcvused by making it atomic_t
Thread-Index: AQHTnRjusGeI4srxw06zlGsKSuUfhg==
Date:   Sat, 3 Feb 2018 18:00:53 +0000
Message-ID: <20180203180015.29073-52-alexander.levin@microsoft.com>
References: <20180203180015.29073-1-alexander.levin@microsoft.com>
In-Reply-To: <20180203180015.29073-1-alexander.levin@microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [52.168.54.252]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;BL0PR2101MB1092;7:XxKOimlBHrU/8yiuyxR8pGfxyEx9E0rploA+8DoKAMLXizmT5gH/h9+CkGKqsQwM3gAmxBTId1p9scJQs/c/wDF18kzrPTBZf+XHMT2mZRm3G46jTjECVyjeYLg3WuuXLSkKUBOi3FaNzTvitsaK+VZL4wtS2ms2dQr91Igz9rnYhUjrfMLqD+kurGIMA/q+dWnwXn6+ERgDKEfYA7s+/pfouIs7Cy1c+EG9xiQZeCWeb4/deO2svGRM3VCXhO04
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 2149492a-7a02-4455-3415-08d56b3025d6
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(48565401081)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7193020);SRVR:BL0PR2101MB1092;
x-ms-traffictypediagnostic: BL0PR2101MB1092:
x-microsoft-antispam-prvs: <BL0PR2101MB109245A0588E46A5437838C2FBF80@BL0PR2101MB1092.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(50582790962513);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(61425038)(6040501)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(3231101)(2400082)(944501161)(6055026)(61426038)(61427038)(6041288)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011);SRVR:BL0PR2101MB1092;BCL:0;PCL:0;RULEID:;SRVR:BL0PR2101MB1092;
x-forefront-prvs: 05724A8921
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(39860400002)(39380400002)(376002)(346002)(396003)(366004)(189003)(199004)(3280700002)(14454004)(3660700001)(105586002)(3846002)(6666003)(22452003)(6116002)(99286004)(305945005)(7736002)(2950100002)(66066001)(478600001)(54906003)(110136005)(68736007)(316002)(86362001)(106356001)(186003)(26005)(6506007)(76176011)(6346003)(10090500001)(575784001)(102836004)(6436002)(4326008)(8936002)(2501003)(53936002)(86612001)(2900100001)(6486002)(2906002)(6512007)(25786009)(97736004)(72206003)(1076002)(107886003)(36756003)(5660300001)(5250100002)(8676002)(81156014)(81166006)(10290500003)(22906009)(217873001);DIR:OUT;SFP:1102;SCL:1;SRVR:BL0PR2101MB1092;H:BL0PR2101MB1027.namprd21.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate
 permitted sender hosts)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Alexander.Levin@microsoft.com; 
x-microsoft-antispam-message-info: na9tyIfJ3KpGhnjJ1ahPcM6GxtUq649OcQU4w27mOAjGWtMLuE9N8PbZLLHvUzIAPSPrQWPLFkNmdyPcHrgFhw==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2149492a-7a02-4455-3415-08d56b3025d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2018 18:00:53.4253
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB1092
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jonathan Cameron <Jonathan.Cameron@huawei.com>

[ Upstream commit af955bf15d2c27496b0269b1f05c26f758c68314 ]

This variable was increased and decreased without any protection.
Result was an occasional misscount and negative wrap around resulting
in false resource allocation failures.

Fixes: 7d2c3f54e6f6 ("crypto: af_alg - remove locking in async callback")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 crypto/af_alg.c         | 4 ++--
 crypto/algif_aead.c     | 2 +-
 crypto/algif_skcipher.c | 2 +-
 include/crypto/if_alg.h | 5 +++--
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 53b7fa4cf4ab..4e4640bb82b9 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -693,7 +693,7 @@ void af_alg_free_areq_sgls(struct af_alg_async_req *are=
q)
 	unsigned int i;
=20
 	list_for_each_entry_safe(rsgl, tmp, &areq->rsgl_list, list) {
-		ctx->rcvused -=3D rsgl->sg_num_bytes;
+		atomic_sub(rsgl->sg_num_bytes, &ctx->rcvused);
 		af_alg_free_sg(&rsgl->sgl);
 		list_del(&rsgl->list);
 		if (rsgl !=3D &areq->first_rsgl)
@@ -1192,7 +1192,7 @@ int af_alg_get_rsgl(struct sock *sk, struct msghdr *m=
sg, int flags,
=20
 		areq->last_rsgl =3D rsgl;
 		len +=3D err;
-		ctx->rcvused +=3D err;
+		atomic_add(err, &ctx->rcvused);
 		rsgl->sg_num_bytes =3D err;
 		iov_iter_advance(&msg->msg_iter, err);
 	}
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 782cb8fec323..f138af18b500 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -571,7 +571,7 @@ static int aead_accept_parent_nokey(void *private, stru=
ct sock *sk)
 	INIT_LIST_HEAD(&ctx->tsgl_list);
 	ctx->len =3D len;
 	ctx->used =3D 0;
-	ctx->rcvused =3D 0;
+	atomic_set(&ctx->rcvused, 0);
 	ctx->more =3D 0;
 	ctx->merge =3D 0;
 	ctx->enc =3D 0;
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 7a3e663d54d5..90bc4e0f0785 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -391,7 +391,7 @@ static int skcipher_accept_parent_nokey(void *private, =
struct sock *sk)
 	INIT_LIST_HEAD(&ctx->tsgl_list);
 	ctx->len =3D len;
 	ctx->used =3D 0;
-	ctx->rcvused =3D 0;
+	atomic_set(&ctx->rcvused, 0);
 	ctx->more =3D 0;
 	ctx->merge =3D 0;
 	ctx->enc =3D 0;
diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h
index aeec003a566b..ac0eae8372ab 100644
--- a/include/crypto/if_alg.h
+++ b/include/crypto/if_alg.h
@@ -18,6 +18,7 @@
 #include <linux/if_alg.h>
 #include <linux/scatterlist.h>
 #include <linux/types.h>
+#include <linux/atomic.h>
 #include <net/sock.h>
=20
 #include <crypto/aead.h>
@@ -155,7 +156,7 @@ struct af_alg_ctx {
 	struct af_alg_completion completion;
=20
 	size_t used;
-	size_t rcvused;
+	atomic_t rcvused;
=20
 	bool more;
 	bool merge;
@@ -228,7 +229,7 @@ static inline int af_alg_rcvbuf(struct sock *sk)
 	struct af_alg_ctx *ctx =3D ask->private;
=20
 	return max_t(int, max_t(int, sk->sk_rcvbuf & PAGE_MASK, PAGE_SIZE) -
-			  ctx->rcvused, 0);
+		     atomic_read(&ctx->rcvused), 0);
 }
=20
 /**
--=20
2.11.0